Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

McAfee Firewall Turning Off Automatically

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 14th, 2012, 11:54 pm

Have an Acer Iconia W-500 (Windows Tablet with AMD C-60 processor) running Windows 7. Have McAfee Anti-Virus installed and have been running with no issues for several months. In the last 3 weeks have gotten notices that McAfee Firewall is turned off. When I try to turn it back on, it immediately turns back off. Internet Explorer has been a bit slow during the same period.

Have run a full virus scan with McAfee and AVG (free) and no viruses or spyware detected. The McAfee site suggested running Stinger. I did and it also didn't find any problems. Tried running Malwarebytes Anti-Malware but gets 30 minutes into the scan and then I get either the Windows Blue Screen or a reboot.

I'm out of ideas and greatly appreciate your help!
DDS and Attach logs pasted below.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Matt at 21:21:48 on 2012-12-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1642.655 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Acer\Device Control\ADevCtrl.exe
C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\HIDMon\HIDMON.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Acer\Device Control\AdWmiSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\Acer Ring.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Matt\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/#
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20121212225453.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE4
mRun: [ADevCtrl] "c:\program files\acer\device control\ADevCtrl.exe" Start_Run
mRun: [AcerRingLauncher] c:\program files\acer\touchapplicationsuite\acer ring\AcerRingLauncher.exe
mRun: [BackupManagerTray] "c:\program files\nti\acer backup manager\BackupManagerTray.exe" -h -k
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Power Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [xLaunchHIDMon] c:\program files\hidmon\HIDMon.exe
mRun: [AutoScreenRotationBlocker] "c:\program files\acer\auto screen rotation blocker\AutoScreenRotationBlocker.exe" Start_Run
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{86D1DD67-6DD2-491B-AA0F-4D59C1EF83BD} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{86D1DD67-6DD2-491B-AA0F-4D59C1EF83BD}\65562796A7F6E602D494649443531303C4029334132402355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{86D1DD67-6DD2-491B-AA0F-4D59C1EF83BD}\D616372307F62747 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-10-29 64832]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565352]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-7-17 210136]
R1 BST;Bosch Sensortec BMA150 Driver;c:\windows\system32\drivers\bma150.sys [2012-2-7 15936]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2012-10-29 54776]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-2-7 176128]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-12-29 85664]
R2 DsiDeviceControlService;Dritek Device Control Service;c:\program files\acer\device control\DeviceCtrlSvc.exe [2012-2-7 66128]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2012-2-7 346704]
R2 ePowerSvc;ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2012-3-24 739944]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2011-1-17 29696]
R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2012-2-7 244624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-14 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-14 676936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-10-29 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-10-29 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-10-29 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-10-29 167344]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2010-11-20 7680]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-7 100880]
R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\ax88772b.sys [2012-7-13 91136]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-12-29 25248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-10-29 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-10-29 362640]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-2-7 197224]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-10-29 37504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-12-29 35488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 297632]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 97952]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-12-29 147616]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-12-29 60064]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-12-29 263968]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-12-29 466080]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-10-29 60480]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-29 146872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-14 40776]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-10-29 65488]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-10-29 92192]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-12 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-12 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-12 27136]
S4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-10-29 167784]
S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-10-29 167784]
.
=============== Created Last 30 ================
.
2012-12-15 02:16:36 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9c19bc40-e49a-4e8f-b768-80f3b4677942}\mpengine.dll
2012-12-14 23:28:31 -------- dc----w- c:\users\matt\appdata\local\Avg2013
2012-12-14 22:03:12 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-14 22:03:11 -------- dc----w- c:\users\matt\appdata\roaming\Malwarebytes
2012-12-14 22:02:34 -------- dc----w- c:\programdata\Malwarebytes
2012-12-14 22:02:27 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-12-14 22:02:26 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-14 21:35:54 14664 -c--a-w- c:\windows\stinger.sys
2012-12-14 21:34:49 -------- dc----w- c:\program files\stinger
2012-12-14 02:23:00 -------- dc----w- c:\users\matt\appdata\roaming\DriverCure
2012-12-14 02:22:59 -------- dc----w- c:\users\matt\appdata\roaming\SpeedyPC Software
2012-12-14 02:22:31 -------- dc----w- c:\programdata\SpeedyPC Software
2012-12-13 17:48:04 -------- dc----w- c:\users\matt\appdata\roaming\TuneUp Software
2012-12-13 17:39:48 -------- dc-h--w- c:\programdata\Common Files
2012-12-13 17:39:48 -------- dc----w- c:\users\matt\appdata\local\MFAData
2012-12-13 17:39:48 -------- dc----w- c:\programdata\MFAData
2012-12-13 04:34:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 04:32:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 04:32:23 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 04:32:19 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 04:32:15 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-02 01:22:33 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-02 01:22:31 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-02 01:22:31 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-02 01:22:30 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-02 01:22:30 1039360 ----a-w- c:\windows\system32\lsasrv.dll
.
==================== Find3M ====================
.
2012-12-13 04:40:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 04:40:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 04:40:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 04:40:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 04:40:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 04:40:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 04:40:25 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-12-13 04:40:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 04:40:25 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-13 04:40:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-13 04:40:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-13 04:40:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-12-02 01:24:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-11-14 00:31:46 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 00:31:46 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 00:31:46 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 00:31:46 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 00:31:46 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 00:31:45 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 00:31:45 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 00:31:45 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 00:22:51 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 00:22:51 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 00:22:51 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 00:22:51 2560 ----a-w- c:\windows\system32\drivers\en-us\wdf01000.sys.mui
2012-11-14 00:22:02 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 00:22:02 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 00:22:02 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 00:22:02 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 00:22:02 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 00:22:02 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 00:22:02 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 00:20:52 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 00:19:07 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 00:19:07 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-09 12:56:16 60480 -c--a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 12:53:32 210136 -c--a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 12:53:22 167344 -c--a-w- c:\windows\system32\mfevtps.exe
2012-11-09 12:52:22 9648 -c--a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 12:52:12 92192 -c--a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 12:51:12 565352 -c--a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 12:50:20 362640 -c--a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 12:50:00 65488 -c--a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 12:49:40 234824 -c--a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 12:49:10 132912 -c--a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-30 03:23:32 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 03:23:32 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-30 02:53:55 246804 -c--a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-10-12 20:44:29 821736 -c--a-w- c:\windows\system32\npDeployJava1.dll
2012-10-12 20:44:29 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-09-25 05:16:36 93672 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 21:23:01.81 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2012 5:20:36 AM
System Uptime: 12/14/2012 8:55:31 PM (1 hours ago)
.
Motherboard: acer | | WT1
Processor: AMD C-60 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 30 GiB total, 8.877 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 12/14/2012 5:24:59 PM - Removed AVG 2013
RP96: 12/14/2012 5:28:38 PM - Removed AVG 2013
.
==== Installed Programs ======================
.
Acer Auto Screen Rotation Blocker
Acer Backup Manager
Acer Crystal Eye Webcam
Acer Device Control
Acer ePower Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Touch Application Suite
Acer Updater
Acer VCM
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Amazon Kindle
AMD APP SDK Runtime
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Ancient Hearts and Spades
Articulate Storyline
Atheros Bluetooth Suite
Atheros Outlook Addin 2010
ATI Catalyst Install Manager
AX88772B Windows 7 Drivers
Backup Manager V3
Bookworm Adventures
Bounce Symphony
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
clear.fi
clear.fi Client
D3DX10
Dora's Carnival Adventure
Farm Frenzy
Galerie de photos Windows Live
Galería fotográfica de Windows Live
HIDMon
Identity Card
InstallRoot 3.15.1
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Online Backup
McAfee Total Protection
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.0
MSVCRT
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Shared C Run-time for x86
SocialJogger
System Requirements Lab CYRI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
USBKBTool 1.0.3.6
Virtual Earth 3D (Beta)
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/14/2012 9:23:00 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/14/2012 8:56:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/14/2012 8:55:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc043f828, 0xc0000185, 0x07db3860, 0x87f059cc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121412-29702-01.
12/14/2012 5:34:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/14/2012 5:08:23 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/14/2012 5:08:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0440be0, 0xc0000185, 0x15357860, 0x8817c9cc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121412-27315-01.
12/14/2012 4:31:04 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/14/2012 4:29:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc043faa8, 0xc0000185, 0x579d0860, 0x87f559cc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121412-31730-01.
12/14/2012 3:32:45 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
12/14/2012 2:55:11 PM, Error: AX88772B [17] -
12/13/2012 8:10:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
.
==== End Of File ===========================
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm
Advertisement
Register to Remove

Re: McAfee Firewall Turning Off Automatically

Unread postby pgmigg » December 15th, 2012, 12:34 am

Hello mattsmart1,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 15th, 2012, 12:54 am

Thanks for taking the time to provide assistance!
I do have administrator rights and will comply with the others as you request.
Standing by for additional instructions.
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby pgmigg » December 15th, 2012, 1:10 am

Hello mattsmart1,

Step 1.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then,
Please tell me how do use this computer? Pure home use, log in to work and also home use, shool or what?

Step 2.
Security Check
Please download Security Check ... by screen317. Save it to your Desktop.
Alternate download site: Link 2
  1. Right click SecurityCheck.exe and select " Run as administrator... " , then follow the onscreen instructions inside of the black box. The program will add a number of progress lines as it performs the scans.
  2. Wait until the program tells you it has copied the information to checkup.txt and a Notepad document also should open automatically with all the information in it.
  3. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Step 3.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the codecheck.txt log file
  3. Answer for my question related to type of using of your computer.
  4. Contents of checkup.txt report after Security Check run
  5. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 16th, 2012, 1:16 pm

CodeCheck Scan results (only 2 lines of text):

Codecheck Version 1.0

12016
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 16th, 2012, 1:24 pm

One note - McAfee Firewall was back on when I booted up the computer this morning. Appears to still be on.

Security Check results below:

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 57% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 16th, 2012, 1:35 pm

No problems executing your instructions. Very clear and detailed.
Regarding use of my tablet - personal/home use only. Mostly use Outlook for personal schedule/tasks and internet browsing.
As mentioned above, Firewall is back on this morning.
Any thought to running these three utilities again when I encounter the problem?
Will wait for additional instructions before doing anything further.

Results of TDSSKiller scan (no objects found):

11:24:56.0521 5576 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:24:57.0363 5576 ============================================================
11:24:57.0363 5576 Current date / time: 2012/12/16 11:24:57.0363
11:24:57.0363 5576 SystemInfo:
11:24:57.0363 5576
11:24:57.0363 5576 OS Version: 6.1.7601 ServicePack: 1.0
11:24:57.0363 5576 Product type: Workstation
11:24:57.0363 5576 ComputerName: MATTTABLET
11:24:57.0363 5576 UserName: Matt
11:24:57.0363 5576 Windows directory: C:\Windows
11:24:57.0363 5576 System windows directory: C:\Windows
11:24:57.0363 5576 Processor architecture: Intel x86
11:24:57.0363 5576 Number of processors: 2
11:24:57.0363 5576 Page size: 0x1000
11:24:57.0363 5576 Boot type: Normal boot
11:24:57.0363 5576 ============================================================
11:24:59.0516 5576 Drive \Device\Harddisk0\DR0 - Size: 0x7745D6000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:24:59.0532 5576 Drive \Device\Harddisk1\DR1 - Size: 0x76E480000 (29.72 Gb), SectorSize: 0x200, Cylinders: 0xF28, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:24:59.0532 5576 ============================================================
11:24:59.0532 5576 \Device\Harddisk0\DR0:
11:24:59.0532 5576 MBR partitions:
11:24:59.0532 5576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:24:59.0532 5576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3B706B0
11:24:59.0532 5576 \Device\Harddisk1\DR1:
11:24:59.0532 5576 MBR partitions:
11:24:59.0532 5576 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B70400
11:24:59.0532 5576 ============================================================
11:24:59.0547 5576 C: <-> \Device\Harddisk0\DR0\Partition2
11:24:59.0547 5576 ============================================================
11:24:59.0547 5576 Initialize success
11:24:59.0547 5576 ============================================================
11:25:50.0918 1296 ============================================================
11:25:50.0918 1296 Scan started
11:25:50.0918 1296 Mode: Manual;
11:25:50.0918 1296 ============================================================
11:25:51.0137 1296 ================ Scan system memory ========================
11:25:51.0137 1296 System memory - ok
11:25:51.0137 1296 ================ Scan services =============================
11:25:51.0277 1296 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:25:51.0293 1296 1394ohci - ok
11:25:51.0308 1296 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:25:51.0324 1296 ACPI - ok
11:25:51.0339 1296 [ 79D6B28027C398B728CE7CD0570248B0 ] acpials C:\Windows\system32\DRIVERS\acpials.sys
11:25:51.0339 1296 acpials - ok
11:25:51.0355 1296 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:25:51.0355 1296 AcpiPmi - ok
11:25:51.0371 1296 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:25:51.0371 1296 AdobeARMservice - ok
11:25:51.0417 1296 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:25:51.0433 1296 adp94xx - ok
11:25:51.0464 1296 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:25:51.0480 1296 adpahci - ok
11:25:51.0495 1296 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:25:51.0511 1296 adpu320 - ok
11:25:51.0527 1296 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:25:51.0527 1296 AeLookupSvc - ok
11:25:51.0558 1296 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
11:25:51.0573 1296 AFD - ok
11:25:51.0589 1296 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:25:51.0589 1296 agp440 - ok
11:25:51.0605 1296 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:25:51.0620 1296 aic78xx - ok
11:25:51.0636 1296 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:25:51.0636 1296 ALG - ok
11:25:51.0651 1296 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
11:25:51.0667 1296 aliide - ok
11:25:51.0683 1296 [ D16B67B26A1096EDF8B57D03513ECFA7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:25:51.0683 1296 AMD External Events Utility - ok
11:25:51.0698 1296 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:25:51.0698 1296 amdagp - ok
11:25:51.0729 1296 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
11:25:51.0729 1296 amdide - ok
11:25:51.0745 1296 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:25:51.0745 1296 AmdK8 - ok
11:25:52.0026 1296 [ AEAE5ECBEAA0107D36C0B94EF341ABC7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:25:52.0244 1296 amdkmdag - ok
11:25:52.0275 1296 [ 60643C3ABE28015269A62EB3DD4A49F4 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:25:52.0291 1296 amdkmdap - ok
11:25:52.0291 1296 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:25:52.0307 1296 AmdPPM - ok
11:25:52.0322 1296 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:25:52.0322 1296 amdsata - ok
11:25:52.0353 1296 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:25:52.0353 1296 amdsbs - ok
11:25:52.0369 1296 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:25:52.0385 1296 amdxata - ok
11:25:52.0400 1296 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
11:25:52.0400 1296 AppID - ok
11:25:52.0416 1296 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:25:52.0416 1296 AppIDSvc - ok
11:25:52.0431 1296 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
11:25:52.0447 1296 Appinfo - ok
11:25:52.0463 1296 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
11:25:52.0463 1296 arc - ok
11:25:52.0494 1296 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:25:52.0494 1296 arcsas - ok
11:25:52.0509 1296 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:25:52.0525 1296 AsyncMac - ok
11:25:52.0541 1296 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
11:25:52.0541 1296 atapi - ok
11:25:52.0556 1296 [ 20652199A661FC985215773012AB3974 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
11:25:52.0556 1296 AthBTPort - ok
11:25:52.0587 1296 [ 8F53BB0F14E56A71856FFCDB92546FF0 ] AtherosSvc C:\Program Files\Bluetooth Suite\adminservice.exe
11:25:52.0587 1296 AtherosSvc - ok
11:25:52.0697 1296 [ 274C792DBE80437452F6FC110E4DA742 ] athr C:\Windows\system32\DRIVERS\athr.sys
11:25:52.0759 1296 athr - ok
11:25:52.0790 1296 [ 45FE74599FBA4070E7C7DAC928896474 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
11:25:52.0806 1296 AtiHDAudioService - ok
11:25:52.0837 1296 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:25:52.0837 1296 AudioEndpointBuilder - ok
11:25:52.0868 1296 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:25:52.0884 1296 Audiosrv - ok
11:25:52.0899 1296 [ BECE92B918748A3E842F06254252CBE0 ] AX88772B C:\Windows\system32\DRIVERS\ax88772b.sys
11:25:52.0899 1296 AX88772B - ok
11:25:52.0915 1296 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:25:52.0931 1296 AxInstSV - ok
11:25:52.0962 1296 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
11:25:52.0977 1296 b06bdrv - ok
11:25:53.0024 1296 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:25:53.0040 1296 b57nd60x - ok
11:25:53.0055 1296 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:25:53.0071 1296 BDESVC - ok
11:25:53.0087 1296 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:25:53.0087 1296 Beep - ok
11:25:53.0118 1296 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
11:25:53.0118 1296 BFE - ok
11:25:53.0149 1296 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
11:25:53.0165 1296 BITS - ok
11:25:53.0180 1296 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:25:53.0196 1296 blbdrive - ok
11:25:53.0211 1296 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:25:53.0211 1296 bowser - ok
11:25:53.0227 1296 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:25:53.0243 1296 BrFiltLo - ok
11:25:53.0258 1296 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:25:53.0258 1296 BrFiltUp - ok
11:25:53.0274 1296 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
11:25:53.0274 1296 Browser - ok
11:25:53.0305 1296 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:25:53.0321 1296 Brserid - ok
11:25:53.0336 1296 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:25:53.0336 1296 BrSerWdm - ok
11:25:53.0352 1296 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:25:53.0367 1296 BrUsbMdm - ok
11:25:53.0383 1296 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:25:53.0383 1296 BrUsbSer - ok
11:25:53.0399 1296 [ 664E7861A289E1BBF75BE2D6B02BE40F ] BST C:\Windows\system32\DRIVERS\bma150.sys
11:25:53.0399 1296 BST - ok
11:25:53.0430 1296 [ A4B7ABBD0CE43D40C809C4E3467568C2 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
11:25:53.0445 1296 BTATH_A2DP - ok
11:25:53.0461 1296 [ 4D67C6735EA1EBBD3B2D8691893A62B8 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
11:25:53.0477 1296 btath_avdt - ok
11:25:53.0492 1296 [ C32FB5FDE56302258C2A44A57116979F ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
11:25:53.0492 1296 BTATH_BUS - ok
11:25:53.0523 1296 [ F7A1B8334EF7D99EA9D894D995553D3E ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:25:53.0523 1296 BTATH_HCRP - ok
11:25:53.0539 1296 [ B0EE9045FF2EB7519C93B63FAA0A2570 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:25:53.0539 1296 BTATH_LWFLT - ok
11:25:53.0570 1296 [ 92A08096BF01937847063D43CDB72F2A ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
11:25:53.0586 1296 BTATH_RCP - ok
11:25:53.0633 1296 [ 02ACB84EE0902A297A7321BEFE9D3A42 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
11:25:53.0648 1296 BtFilter - ok
11:25:53.0664 1296 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
11:25:53.0664 1296 BthEnum - ok
11:25:53.0679 1296 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:25:53.0679 1296 BTHMODEM - ok
11:25:53.0711 1296 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:25:53.0711 1296 BthPan - ok
11:25:53.0742 1296 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
11:25:53.0757 1296 BTHPORT - ok
11:25:53.0773 1296 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:25:53.0773 1296 bthserv - ok
11:25:53.0789 1296 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
11:25:53.0789 1296 BTHUSB - ok
11:25:53.0804 1296 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:25:53.0820 1296 cdfs - ok
11:25:53.0835 1296 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:25:53.0835 1296 cdrom - ok
11:25:53.0851 1296 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
11:25:53.0851 1296 CertPropSvc - ok
11:25:53.0882 1296 [ 67B20DA4727F54AEA29FDDAD810C898D ] cfwids C:\Windows\system32\drivers\cfwids.sys
11:25:53.0882 1296 cfwids - ok
11:25:53.0898 1296 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
11:25:53.0898 1296 circlass - ok
11:25:53.0929 1296 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:25:53.0929 1296 CLFS - ok
11:25:53.0960 1296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:25:53.0960 1296 clr_optimization_v2.0.50727_32 - ok
11:25:53.0991 1296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:25:54.0007 1296 clr_optimization_v4.0.30319_32 - ok
11:25:54.0023 1296 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:25:54.0023 1296 CmBatt - ok
11:25:54.0038 1296 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:25:54.0038 1296 cmdide - ok
11:25:54.0069 1296 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
11:25:54.0069 1296 CNG - ok
11:25:54.0101 1296 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:25:54.0101 1296 Compbatt - ok
11:25:54.0116 1296 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:25:54.0116 1296 CompositeBus - ok
11:25:54.0147 1296 COMSysApp - ok
11:25:54.0163 1296 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:25:54.0163 1296 crcdisk - ok
11:25:54.0194 1296 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:25:54.0194 1296 CryptSvc - ok
11:25:54.0225 1296 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:25:54.0241 1296 DcomLaunch - ok
11:25:54.0272 1296 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:25:54.0272 1296 defragsvc - ok
11:25:54.0288 1296 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:25:54.0288 1296 DfsC - ok
11:25:54.0319 1296 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:25:54.0319 1296 Dhcp - ok
11:25:54.0335 1296 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:25:54.0335 1296 discache - ok
11:25:54.0350 1296 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
11:25:54.0366 1296 Disk - ok
11:25:54.0381 1296 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:25:54.0506 1296 Dnscache - ok
11:25:54.0537 1296 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
11:25:54.0537 1296 dot3svc - ok
11:25:54.0553 1296 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
11:25:54.0569 1296 DPS - ok
11:25:54.0584 1296 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:25:54.0584 1296 drmkaud - ok
11:25:54.0615 1296 [ F160BB4D95A030CBE324ADF632CB6BDC ] DsiDeviceControlService C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe
11:25:54.0615 1296 DsiDeviceControlService - ok
11:25:54.0631 1296 [ 3083EFB8BAFEF49CC7C73ACA9EBDF185 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
11:25:54.0647 1296 DsiWMIService - ok
11:25:54.0662 1296 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:25:54.0678 1296 DXGKrnl - ok
11:25:54.0693 1296 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:25:54.0709 1296 EapHost - ok
11:25:54.0818 1296 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
11:25:54.0896 1296 ebdrv - ok
11:25:54.0912 1296 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
11:25:54.0927 1296 EFS - ok
11:25:54.0943 1296 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:25:54.0959 1296 ehRecvr - ok
11:25:54.0974 1296 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:25:54.0974 1296 ehSched - ok
11:25:55.0005 1296 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:25:55.0037 1296 elxstor - ok
11:25:55.0068 1296 [ F47D15467B3093E77A43808142E2CC2A ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
11:25:55.0068 1296 ePowerSvc - ok
11:25:55.0083 1296 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:25:55.0099 1296 ErrDev - ok
11:25:55.0130 1296 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:25:55.0130 1296 EventSystem - ok
11:25:55.0161 1296 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:25:55.0161 1296 exfat - ok
11:25:55.0177 1296 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:25:55.0193 1296 fastfat - ok
11:25:55.0208 1296 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
11:25:55.0224 1296 Fax - ok
11:25:55.0239 1296 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
11:25:55.0239 1296 fdc - ok
11:25:55.0255 1296 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:25:55.0271 1296 fdPHost - ok
11:25:55.0286 1296 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:25:55.0286 1296 FDResPub - ok
11:25:55.0302 1296 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:25:55.0302 1296 FileInfo - ok
11:25:55.0317 1296 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:25:55.0317 1296 Filetrace - ok
11:25:55.0333 1296 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:25:55.0349 1296 flpydisk - ok
11:25:55.0364 1296 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:25:55.0364 1296 FltMgr - ok
11:25:55.0395 1296 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
11:25:55.0411 1296 FontCache - ok
11:25:55.0427 1296 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:25:55.0442 1296 FontCache3.0.0.0 - ok
11:25:55.0458 1296 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:25:55.0458 1296 FsDepends - ok
11:25:55.0473 1296 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:25:55.0645 1296 Fs_Rec - ok
11:25:55.0661 1296 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:25:55.0676 1296 fvevol - ok
11:25:55.0692 1296 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:25:55.0707 1296 gagp30kx - ok
11:25:55.0723 1296 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
11:25:55.0739 1296 GamesAppService - ok
11:25:55.0754 1296 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
11:25:55.0770 1296 gpsvc - ok
11:25:55.0785 1296 [ 84E58FEA8B1A7537696A20C59CB9B0C9 ] GREGService C:\Program Files\Acer\Registration\GREGsvc.exe
11:25:55.0785 1296 GREGService - ok
11:25:55.0817 1296 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:25:55.0817 1296 hcw85cir - ok
11:25:55.0832 1296 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:25:55.0848 1296 HdAudAddService - ok
11:25:55.0863 1296 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:25:55.0879 1296 HDAudBus - ok
11:25:55.0895 1296 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:25:55.0895 1296 HidBatt - ok
11:25:55.0910 1296 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:25:55.0910 1296 HidBth - ok
11:25:55.0941 1296 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
11:25:55.0941 1296 HidIr - ok
11:25:55.0957 1296 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
11:25:55.0973 1296 hidserv - ok
11:25:55.0988 1296 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:25:55.0988 1296 HidUsb - ok
11:25:56.0004 1296 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
11:25:56.0019 1296 HipShieldK - ok
11:25:56.0035 1296 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:25:56.0035 1296 hkmsvc - ok
11:25:56.0066 1296 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:25:56.0082 1296 HomeGroupListener - ok
11:25:56.0129 1296 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:25:56.0129 1296 HomeGroupProvider - ok
11:25:56.0160 1296 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:25:56.0175 1296 HpSAMD - ok
11:25:56.0222 1296 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:25:56.0238 1296 HTTP - ok
11:25:56.0269 1296 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:25:56.0285 1296 hwpolicy - ok
11:25:56.0316 1296 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:25:56.0316 1296 i8042prt - ok
11:25:56.0347 1296 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:25:56.0363 1296 iaStorV - ok
11:25:56.0394 1296 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:25:56.0409 1296 idsvc - ok
11:25:56.0441 1296 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:25:56.0441 1296 iirsp - ok
11:25:56.0472 1296 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
11:25:56.0487 1296 IKEEXT - ok
11:25:56.0643 1296 [ 0859200F021BA9C30B270D8397555605 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:25:56.0753 1296 IntcAzAudAddService - ok
11:25:56.0768 1296 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
11:25:56.0784 1296 intelide - ok
11:25:56.0799 1296 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:25:56.0815 1296 intelppm - ok
11:25:56.0831 1296 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:25:56.0831 1296 IPBusEnum - ok
11:25:56.0846 1296 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:25:56.0846 1296 IpFilterDriver - ok
11:25:56.0877 1296 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:25:56.0893 1296 iphlpsvc - ok
11:25:56.0909 1296 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:25:56.0909 1296 IPMIDRV - ok
11:25:56.0924 1296 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:25:56.0924 1296 IPNAT - ok
11:25:56.0940 1296 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:25:56.0955 1296 IRENUM - ok
11:25:56.0971 1296 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:25:56.0971 1296 isapnp - ok
11:25:57.0002 1296 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:25:57.0002 1296 iScsiPrt - ok
11:25:57.0018 1296 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:25:57.0033 1296 kbdclass - ok
11:25:57.0049 1296 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:25:57.0049 1296 kbdhid - ok
11:25:57.0065 1296 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
11:25:57.0065 1296 KeyIso - ok
11:25:57.0080 1296 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:25:57.0080 1296 KSecDD - ok
11:25:57.0096 1296 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:25:57.0111 1296 KSecPkg - ok
11:25:57.0127 1296 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:25:57.0158 1296 KtmRm - ok
11:25:57.0189 1296 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
11:25:57.0189 1296 LanmanServer - ok
11:25:57.0221 1296 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:25:57.0221 1296 LanmanWorkstation - ok
11:25:57.0252 1296 [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:25:57.0252 1296 Live Updater Service - ok
11:25:57.0283 1296 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:25:57.0283 1296 lltdio - ok
11:25:57.0314 1296 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:25:57.0330 1296 lltdsvc - ok
11:25:57.0361 1296 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:25:57.0361 1296 lmhosts - ok
11:25:57.0392 1296 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:25:57.0392 1296 LSI_FC - ok
11:25:57.0423 1296 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:25:57.0423 1296 LSI_SAS - ok
11:25:57.0439 1296 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:25:57.0439 1296 LSI_SAS2 - ok
11:25:57.0470 1296 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:25:57.0470 1296 LSI_SCSI - ok
11:25:57.0486 1296 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:25:57.0486 1296 luafv - ok
11:25:57.0501 1296 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:25:57.0517 1296 MBAMProtector - ok
11:25:57.0548 1296 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:25:57.0548 1296 MBAMScheduler - ok
11:25:57.0595 1296 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:25:57.0611 1296 MBAMService - ok
11:25:57.0642 1296 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
11:25:57.0642 1296 MBAMSwissArmy - ok
11:25:57.0657 1296 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
11:25:57.0673 1296 McMPFSvc - ok
11:25:57.0689 1296 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
11:25:57.0689 1296 mcmscsvc - ok
11:25:57.0704 1296 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
11:25:57.0720 1296 McNaiAnn - ok
11:25:57.0735 1296 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
11:25:57.0751 1296 McNASvc - ok
11:25:57.0767 1296 [ C7DA06C9A9AEEFBE37AAC281EA6385D5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
11:25:57.0782 1296 McODS - ok
11:25:57.0798 1296 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
11:25:57.0798 1296 McProxy - ok
11:25:57.0829 1296 [ E2E5B3BE663570089F352D311B3D335F ] McPvDrv C:\Windows\system32\drivers\McPvDrv.sys
11:25:57.0829 1296 McPvDrv - ok
11:25:57.0860 1296 [ 6C2D89C52DA8592C57FB0DC7BAB36FF7 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:25:57.0876 1296 McShield - ok
11:25:57.0891 1296 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:25:58.0016 1296 Mcx2Svc - ok
11:25:58.0047 1296 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
11:25:58.0063 1296 megasas - ok
11:25:58.0079 1296 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:25:58.0094 1296 MegaSR - ok
11:25:58.0110 1296 [ BA3004F4C0A0CD19DB9C2C0AB3A84EFE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
11:25:58.0125 1296 mfeapfk - ok
11:25:58.0141 1296 [ 39C20B7D9AC19BFE616CA09DD3A240AF ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
11:25:58.0157 1296 mfeavfk - ok
11:25:58.0172 1296 mfeavfk01 - ok
11:25:58.0203 1296 [ E3470DECDA0A4015A0CA00ED645F2EBE ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
11:25:58.0203 1296 mfebopk - ok
11:25:58.0219 1296 [ 4E13EA496E202BCB4FCC342D96FAF83A ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
11:25:58.0235 1296 mfefire - ok
11:25:58.0266 1296 [ C8AC8147E02ED8795E1FD946165BACCF ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
11:25:58.0281 1296 mfefirek - ok
11:25:58.0313 1296 [ 7AAF92954D8D2801B17A1163C60ABFE9 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
11:25:58.0328 1296 mfehidk - ok
11:25:58.0359 1296 [ 62D55D882D58A1250348F324BC0AFC06 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
11:25:58.0359 1296 mferkdet - ok
11:25:58.0375 1296 [ 82B7415D5A8FB24D3F6736400F5E1600 ] mfevtp C:\Windows\system32\mfevtps.exe
11:25:58.0391 1296 mfevtp - ok
11:25:58.0406 1296 [ 15F92BCD5CB189F5CC7D2F2381F179AC ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
11:25:58.0422 1296 mfewfpk - ok
11:25:58.0453 1296 Microsoft SharePoint Workspace Audit Service - ok
11:25:58.0484 1296 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:25:58.0484 1296 MMCSS - ok
11:25:58.0500 1296 [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe
11:25:58.0500 1296 MOBKbackup - ok
11:25:58.0515 1296 [ E896775837A8BCE436348DF460522394 ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys
11:25:58.0531 1296 MOBKFilter - ok
11:25:58.0547 1296 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:25:58.0547 1296 Modem - ok
11:25:58.0562 1296 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:25:58.0562 1296 monitor - ok
11:25:58.0578 1296 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:25:58.0593 1296 mouclass - ok
11:25:58.0609 1296 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:25:58.0625 1296 mouhid - ok
11:25:58.0656 1296 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:25:58.0656 1296 mountmgr - ok
11:25:58.0671 1296 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
11:25:58.0687 1296 mpio - ok
11:25:58.0703 1296 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:25:58.0703 1296 mpsdrv - ok
11:25:58.0734 1296 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:25:58.0749 1296 MpsSvc - ok
11:25:58.0765 1296 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:25:58.0781 1296 MRxDAV - ok
11:25:58.0796 1296 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:25:58.0796 1296 mrxsmb - ok
11:25:58.0812 1296 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:25:58.0827 1296 mrxsmb10 - ok
11:25:58.0843 1296 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:25:58.0843 1296 mrxsmb20 - ok
11:25:58.0859 1296 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
11:25:58.0859 1296 msahci - ok
11:25:58.0890 1296 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:25:58.0890 1296 msdsm - ok
11:25:58.0905 1296 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:25:58.0921 1296 MSDTC - ok
11:25:58.0952 1296 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:25:58.0952 1296 Msfs - ok
11:25:58.0968 1296 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:25:58.0968 1296 mshidkmdf - ok
11:25:58.0999 1296 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:25:58.0999 1296 msisadrv - ok
11:25:59.0015 1296 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:25:59.0046 1296 MSiSCSI - ok
11:25:59.0061 1296 msiserver - ok
11:25:59.0077 1296 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
11:25:59.0077 1296 MSK80Service - ok
11:25:59.0093 1296 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:25:59.0093 1296 MSKSSRV - ok
11:25:59.0108 1296 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:25:59.0108 1296 MSPCLOCK - ok
11:25:59.0124 1296 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:25:59.0139 1296 MSPQM - ok
11:25:59.0171 1296 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:25:59.0171 1296 MsRPC - ok
11:25:59.0202 1296 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:25:59.0202 1296 mssmbios - ok
11:25:59.0217 1296 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:25:59.0233 1296 MSTEE - ok
11:25:59.0249 1296 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:25:59.0249 1296 MTConfig - ok
11:25:59.0264 1296 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:25:59.0264 1296 Mup - ok
11:25:59.0295 1296 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
11:25:59.0311 1296 napagent - ok
11:25:59.0327 1296 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:25:59.0342 1296 NativeWifiP - ok
11:25:59.0358 1296 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:25:59.0373 1296 NDIS - ok
11:25:59.0405 1296 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:25:59.0405 1296 NdisCap - ok
11:25:59.0420 1296 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:25:59.0436 1296 NdisTapi - ok
11:25:59.0451 1296 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:25:59.0451 1296 Ndisuio - ok
11:25:59.0467 1296 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:25:59.0467 1296 NdisWan - ok
11:25:59.0498 1296 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:25:59.0498 1296 NDProxy - ok
11:25:59.0514 1296 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:25:59.0514 1296 NetBIOS - ok
11:25:59.0529 1296 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:25:59.0545 1296 NetBT - ok
11:25:59.0561 1296 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
11:25:59.0561 1296 Netlogon - ok
11:25:59.0576 1296 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:25:59.0592 1296 Netman - ok
11:25:59.0623 1296 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:25:59.0639 1296 netprofm - ok
11:25:59.0654 1296 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:25:59.0654 1296 NetTcpPortSharing - ok
11:25:59.0670 1296 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:25:59.0685 1296 nfrd960 - ok
11:25:59.0701 1296 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
11:25:59.0717 1296 NlaSvc - ok
11:25:59.0732 1296 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:25:59.0748 1296 Npfs - ok
11:25:59.0763 1296 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:25:59.0763 1296 nsi - ok
11:25:59.0779 1296 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:25:59.0779 1296 nsiproxy - ok
11:25:59.0826 1296 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:25:59.0857 1296 Ntfs - ok
11:25:59.0873 1296 [ DFEA13592106CFA2EA654232F22804A1 ] NTI IScheduleSvc C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
11:25:59.0888 1296 NTI IScheduleSvc - ok
11:25:59.0904 1296 [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
11:25:59.0904 1296 NTIDrvr - ok
11:25:59.0919 1296 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:25:59.0919 1296 Null - ok
11:25:59.0935 1296 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:25:59.0951 1296 nvraid - ok
11:25:59.0966 1296 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:25:59.0982 1296 nvstor - ok
11:26:00.0013 1296 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:26:00.0013 1296 nv_agp - ok
11:26:00.0029 1296 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:26:00.0029 1296 ohci1394 - ok
11:26:00.0060 1296 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:26:00.0075 1296 ose - ok
11:26:00.0169 1296 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:26:00.0247 1296 osppsvc - ok
11:26:00.0294 1296 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:26:00.0294 1296 p2pimsvc - ok
11:26:00.0325 1296 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
11:26:00.0341 1296 p2psvc - ok
11:26:00.0356 1296 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
11:26:00.0356 1296 Parport - ok
11:26:00.0372 1296 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:26:00.0372 1296 partmgr - ok
11:26:00.0387 1296 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:26:00.0403 1296 Parvdm - ok
11:26:00.0419 1296 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:26:00.0434 1296 PcaSvc - ok
11:26:00.0450 1296 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
11:26:00.0450 1296 pci - ok
11:26:00.0465 1296 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
11:26:00.0481 1296 pciide - ok
11:26:00.0497 1296 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:26:00.0528 1296 pcmcia - ok
11:26:00.0543 1296 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:26:00.0543 1296 pcw - ok
11:26:00.0575 1296 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:26:00.0590 1296 PEAUTH - ok
11:26:01.0089 1296 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
11:26:01.0121 1296 pla - ok
11:26:01.0136 1296 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:26:01.0152 1296 PlugPlay - ok
11:26:01.0167 1296 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:26:01.0183 1296 PNRPAutoReg - ok
11:26:01.0199 1296 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:26:01.0199 1296 PNRPsvc - ok
11:26:01.0230 1296 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:26:01.0370 1296 PolicyAgent - ok
11:26:01.0386 1296 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
11:26:01.0401 1296 Power - ok
11:26:01.0417 1296 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:26:01.0433 1296 PptpMiniport - ok
11:26:01.0448 1296 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
11:26:01.0448 1296 Processor - ok
11:26:01.0464 1296 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
11:26:01.0479 1296 ProfSvc - ok
11:26:01.0495 1296 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:26:01.0495 1296 ProtectedStorage - ok
11:26:01.0511 1296 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:26:01.0526 1296 Psched - ok
11:26:01.0589 1296 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:26:01.0635 1296 ql2300 - ok
11:26:01.0667 1296 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:26:01.0667 1296 ql40xx - ok
11:26:01.0682 1296 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:26:01.0698 1296 QWAVE - ok
11:26:01.0713 1296 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:26:01.0729 1296 QWAVEdrv - ok
11:26:01.0745 1296 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:26:01.0745 1296 RasAcd - ok
11:26:01.0760 1296 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:26:01.0760 1296 RasAgileVpn - ok
11:26:01.0776 1296 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:26:01.0791 1296 RasAuto - ok
11:26:01.0807 1296 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:26:01.0807 1296 Rasl2tp - ok
11:26:01.0823 1296 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
11:26:01.0838 1296 RasMan - ok
11:26:01.0869 1296 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:26:01.0869 1296 RasPppoe - ok
11:26:01.0885 1296 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:26:01.0885 1296 RasSstp - ok
11:26:01.0916 1296 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:26:01.0916 1296 rdbss - ok
11:26:01.0932 1296 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:26:01.0932 1296 rdpbus - ok
11:26:01.0947 1296 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:26:01.0963 1296 RDPCDD - ok
11:26:01.0994 1296 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:26:01.0994 1296 RDPENCDD - ok
11:26:02.0025 1296 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:26:02.0025 1296 RDPREFMP - ok
11:26:02.0041 1296 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:26:02.0057 1296 RdpVideoMiniport - ok
11:26:02.0072 1296 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:26:02.0072 1296 RDPWD - ok
11:26:02.0103 1296 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:26:02.0103 1296 rdyboost - ok
11:26:02.0119 1296 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:26:02.0135 1296 RemoteAccess - ok
11:26:02.0150 1296 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:26:02.0166 1296 RemoteRegistry - ok
11:26:02.0181 1296 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:26:02.0181 1296 RFCOMM - ok
11:26:02.0197 1296 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:26:02.0213 1296 RpcEptMapper - ok
11:26:02.0228 1296 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:26:02.0228 1296 RpcLocator - ok
11:26:02.0259 1296 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
11:26:02.0259 1296 RpcSs - ok
11:26:02.0275 1296 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:26:02.0291 1296 rspndr - ok
11:26:02.0306 1296 [ 247B0A8164069CD4FE6F3094C581B13B ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:26:02.0322 1296 RSUSBSTOR - ok
11:26:02.0337 1296 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
11:26:02.0353 1296 RS_Service - ok
11:26:02.0353 1296 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
11:26:02.0369 1296 SamSs - ok
11:26:02.0400 1296 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:26:02.0400 1296 sbp2port - ok
11:26:02.0415 1296 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:26:02.0431 1296 SCardSvr - ok
11:26:02.0447 1296 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:26:02.0447 1296 scfilter - ok
11:26:02.0478 1296 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
11:26:02.0493 1296 Schedule - ok
11:26:02.0509 1296 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:26:02.0525 1296 SCPolicySvc - ok
11:26:02.0540 1296 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:26:02.0556 1296 SDRSVC - ok
11:26:02.0571 1296 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:26:02.0571 1296 secdrv - ok
11:26:02.0587 1296 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:26:02.0603 1296 seclogon - ok
11:26:02.0618 1296 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
11:26:02.0634 1296 SENS - ok
11:26:02.0634 1296 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:26:02.0649 1296 SensrSvc - ok
11:26:02.0665 1296 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:26:02.0665 1296 Serenum - ok
11:26:02.0696 1296 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
11:26:02.0696 1296 Serial - ok
11:26:02.0712 1296 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:26:02.0712 1296 sermouse - ok
11:26:02.0759 1296 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
11:26:02.0774 1296 SessionEnv - ok
11:26:02.0790 1296 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:26:02.0790 1296 sffdisk - ok
11:26:02.0805 1296 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:26:02.0805 1296 sffp_mmc - ok
11:26:02.0821 1296 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:26:02.0837 1296 sffp_sd - ok
11:26:02.0852 1296 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:26:02.0852 1296 sfloppy - ok
11:26:02.0883 1296 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:26:02.0883 1296 SharedAccess - ok
11:26:02.0915 1296 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:26:02.0930 1296 ShellHWDetection - ok
11:26:02.0946 1296 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:26:02.0946 1296 sisagp - ok
11:26:02.0977 1296 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:26:02.0977 1296 SiSRaid2 - ok
11:26:02.0993 1296 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:26:02.0993 1296 SiSRaid4 - ok
11:26:03.0008 1296 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:26:03.0024 1296 Smb - ok
11:26:03.0055 1296 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:26:03.0071 1296 SNMPTRAP - ok
11:26:03.0086 1296 [ BEC896D3C6BB1FA7626D87B46B8394DF ] SnxUsbDockingKB2267Srv C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
11:26:03.0086 1296 SnxUsbDockingKB2267Srv - ok
11:26:03.0102 1296 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:26:03.0102 1296 spldr - ok
11:26:03.0117 1296 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
11:26:03.0133 1296 Spooler - ok
11:26:03.0211 1296 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
11:26:03.0273 1296 sppsvc - ok
11:26:03.0289 1296 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:26:03.0305 1296 sppuinotify - ok
11:26:03.0320 1296 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:26:03.0320 1296 srv - ok
11:26:03.0351 1296 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:26:03.0351 1296 srv2 - ok
11:26:03.0367 1296 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:26:03.0398 1296 srvnet - ok
11:26:03.0414 1296 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:26:03.0429 1296 SSDPSRV - ok
11:26:03.0445 1296 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:26:03.0445 1296 SstpSvc - ok
11:26:03.0461 1296 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:26:03.0461 1296 stexstor - ok
11:26:03.0492 1296 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
11:26:03.0507 1296 StiSvc - ok
11:26:03.0523 1296 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
11:26:03.0539 1296 swenum - ok
11:26:03.0554 1296 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:26:03.0570 1296 swprv - ok
11:26:03.0601 1296 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
11:26:03.0632 1296 SysMain - ok
11:26:03.0648 1296 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:26:03.0663 1296 TabletInputService - ok
11:26:03.0679 1296 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
11:26:03.0695 1296 TapiSrv - ok
11:26:03.0710 1296 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:26:03.0726 1296 TBS - ok
11:26:03.0757 1296 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:26:03.0788 1296 Tcpip - ok
11:26:03.0819 1296 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:26:03.0851 1296 TCPIP6 - ok
11:26:03.0866 1296 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:26:03.0866 1296 tcpipreg - ok
11:26:03.0897 1296 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:26:03.0897 1296 TDPIPE - ok
11:26:03.0913 1296 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:26:03.0929 1296 TDTCP - ok
11:26:03.0944 1296 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:26:03.0944 1296 tdx - ok
11:26:03.0960 1296 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:26:03.0960 1296 TermDD - ok
11:26:03.0991 1296 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
11:26:04.0007 1296 TermService - ok
11:26:04.0022 1296 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:26:04.0038 1296 Themes - ok
11:26:04.0053 1296 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:26:04.0053 1296 THREADORDER - ok
11:26:04.0069 1296 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:26:04.0085 1296 TrkWks - ok
11:26:04.0100 1296 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:26:04.0100 1296 TrustedInstaller - ok
11:26:04.0131 1296 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:26:04.0131 1296 tssecsrv - ok
11:26:04.0147 1296 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:26:04.0163 1296 TsUsbFlt - ok
11:26:04.0178 1296 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:26:04.0178 1296 TsUsbGD - ok
11:26:04.0194 1296 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:26:04.0209 1296 tunnel - ok
11:26:04.0225 1296 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:26:04.0225 1296 uagp35 - ok
11:26:04.0241 1296 [ D79C0B9BB011218B93705CBF77FA3E5E ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
11:26:04.0256 1296 UBHelper - ok
11:26:04.0272 1296 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:26:04.0272 1296 udfs - ok
11:26:04.0303 1296 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:26:04.0319 1296 UI0Detect - ok
11:26:04.0334 1296 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:26:04.0350 1296 uliagpkx - ok
11:26:04.0365 1296 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:26:04.0365 1296 umbus - ok
11:26:04.0381 1296 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:26:04.0381 1296 UmPass - ok
11:26:04.0412 1296 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:26:04.0428 1296 upnphost - ok
11:26:04.0443 1296 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:26:04.0443 1296 usbccgp - ok
11:26:04.0459 1296 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:26:04.0475 1296 usbcir - ok
11:26:04.0490 1296 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:26:04.0490 1296 usbehci - ok
11:26:04.0521 1296 [ 08369F1FDD7C0D4287373D253D64D75E ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:26:04.0521 1296 usbfilter - ok
11:26:04.0537 1296 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:26:04.0553 1296 usbhub - ok
11:26:04.0568 1296 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:26:04.0568 1296 usbohci - ok
11:26:04.0584 1296 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:26:04.0599 1296 usbprint - ok
11:26:04.0615 1296 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:26:04.0615 1296 USBSTOR - ok
11:26:04.0631 1296 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:26:04.0646 1296 usbuhci - ok
11:26:04.0662 1296 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:26:04.0662 1296 usbvideo - ok
11:26:04.0677 1296 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:26:04.0709 1296 UxSms - ok
11:26:04.0724 1296 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
11:26:04.0724 1296 VaultSvc - ok
11:26:04.0740 1296 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:26:04.0740 1296 vdrvroot - ok
11:26:04.0771 1296 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
11:26:04.0787 1296 vds - ok
11:26:04.0802 1296 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:26:04.0802 1296 vga - ok
11:26:04.0818 1296 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:26:04.0833 1296 VgaSave - ok
11:26:04.0849 1296 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:26:04.0865 1296 vhdmp - ok
11:26:04.0880 1296 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:26:04.0880 1296 viaagp - ok
11:26:04.0896 1296 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
11:26:04.0911 1296 ViaC7 - ok
11:26:04.0927 1296 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
11:26:04.0927 1296 viaide - ok
11:26:04.0943 1296 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:26:04.0943 1296 volmgr - ok
11:26:04.0974 1296 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:26:04.0974 1296 volmgrx - ok
11:26:05.0005 1296 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:26:05.0005 1296 volsnap - ok
11:26:05.0036 1296 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:26:05.0036 1296 vsmraid - ok
11:26:05.0083 1296 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
11:26:05.0114 1296 VSS - ok
11:26:05.0130 1296 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:26:05.0130 1296 vwifibus - ok
11:26:05.0145 1296 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:26:05.0145 1296 vwififlt - ok
11:26:05.0161 1296 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:26:05.0177 1296 vwifimp - ok
11:26:05.0192 1296 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:26:05.0208 1296 W32Time - ok
11:26:05.0223 1296 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:26:05.0239 1296 WacomPen - ok
11:26:05.0255 1296 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:26:05.0255 1296 WANARP - ok
11:26:05.0270 1296 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:26:05.0286 1296 Wanarpv6 - ok
11:26:05.0317 1296 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:26:05.0348 1296 WatAdminSvc - ok
11:26:05.0395 1296 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
11:26:05.0411 1296 wbengine - ok
11:26:05.0442 1296 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:26:05.0442 1296 WbioSrvc - ok
11:26:05.0473 1296 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:26:05.0489 1296 wcncsvc - ok
11:26:05.0504 1296 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:26:05.0504 1296 WcsPlugInService - ok
11:26:05.0520 1296 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
11:26:05.0535 1296 Wd - ok
11:26:05.0551 1296 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:26:05.0567 1296 Wdf01000 - ok
11:26:05.0582 1296 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:26:05.0598 1296 WdiServiceHost - ok
11:26:05.0613 1296 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:26:05.0613 1296 WdiSystemHost - ok
11:26:05.0645 1296 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
11:26:05.0660 1296 WebClient - ok
11:26:05.0676 1296 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:26:05.0691 1296 Wecsvc - ok
11:26:05.0707 1296 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:26:05.0707 1296 wercplsupport - ok
11:26:05.0723 1296 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:26:05.0738 1296 WerSvc - ok
11:26:05.0754 1296 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:26:05.0754 1296 WfpLwf - ok
11:26:05.0785 1296 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:26:05.0785 1296 WIMMount - ok
11:26:05.0816 1296 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:26:05.0847 1296 WinDefend - ok
11:26:05.0863 1296 WinHttpAutoProxySvc - ok
11:26:05.0910 1296 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:26:05.0925 1296 Winmgmt - ok
11:26:05.0957 1296 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
11:26:05.0988 1296 WinRM - ok
11:26:06.0019 1296 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:26:06.0019 1296 WinUsb - ok
11:26:06.0050 1296 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:26:06.0081 1296 Wlansvc - ok
11:26:06.0097 1296 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:26:06.0113 1296 wlcrasvc - ok
11:26:06.0191 1296 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:26:06.0237 1296 wlidsvc - ok
11:26:06.0253 1296 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:26:06.0269 1296 WmiAcpi - ok
11:26:06.0284 1296 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:26:06.0300 1296 wmiApSrv - ok
11:26:06.0331 1296 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:26:06.0347 1296 WMPNetworkSvc - ok
11:26:06.0362 1296 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:26:06.0378 1296 WPCSvc - ok
11:26:06.0393 1296 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:26:06.0393 1296 WPDBusEnum - ok
11:26:06.0409 1296 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:26:06.0425 1296 ws2ifsl - ok
11:26:06.0440 1296 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
11:26:06.0440 1296 wscsvc - ok
11:26:06.0456 1296 WSearch - ok
11:26:06.0534 1296 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:26:06.0565 1296 wuauserv - ok
11:26:06.0581 1296 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:26:06.0596 1296 WudfPf - ok
11:26:06.0612 1296 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:26:06.0627 1296 WUDFRd - ok
11:26:06.0643 1296 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:26:06.0643 1296 wudfsvc - ok
11:26:06.0674 1296 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:26:06.0690 1296 WwanSvc - ok
11:26:06.0752 1296 ================ Scan global ===============================
11:26:06.0768 1296 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:26:06.0924 1296 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
11:26:06.0939 1296 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
11:26:06.0955 1296 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:26:06.0986 1296 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:26:07.0002 1296 [Global] - ok
11:26:07.0002 1296 ================ Scan MBR ==================================
11:26:07.0002 1296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:26:07.0220 1296 \Device\Harddisk0\DR0 - ok
11:26:07.0236 1296 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
11:26:07.0267 1296 \Device\Harddisk1\DR1 - ok
11:26:07.0267 1296 ================ Scan VBR ==================================
11:26:07.0267 1296 [ E1F668C6A6DB4F313034DB9EEACA41E6 ] \Device\Harddisk0\DR0\Partition1
11:26:07.0267 1296 \Device\Harddisk0\DR0\Partition1 - ok
11:26:07.0283 1296 [ 23BE2A19046E23F48D8FADC93EA86273 ] \Device\Harddisk0\DR0\Partition2
11:26:07.0298 1296 \Device\Harddisk0\DR0\Partition2 - ok
11:26:07.0314 1296 [ D87DCB1D523B7861A27458D8A1888101 ] \Device\Harddisk1\DR1\Partition1
11:26:07.0314 1296 \Device\Harddisk1\DR1\Partition1 - ok
11:26:07.0314 1296 ============================================================
11:26:07.0314 1296 Scan finished
11:26:07.0314 1296 ============================================================
11:26:07.0361 4056 Detected object count: 0
11:26:07.0361 4056 Actual detected object count: 0
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby pgmigg » December 16th, 2012, 9:16 pm

Hello mattsmart1,
One note - McAfee Firewall was back on when I booted up the computer this morning. Appears to still be on.
Good job! :) It is nice to hear such news...
Any thought to running these three utilities again when I encounter the problem?
No. My task here - to make your computer malware free and I try to find symptoms of any kind of infections.

The fact that your McAfee Firewall was back on I cannot connect to runs of three different scanners. But I would like to note, that every type of defense programs should be installed and run in one example. Please look, you have McAfee Firewall and Windows 7 Firewall - both of them can interfere with each other. The Windows 7 Firewall is strong enough and I can recommend you leave it alone.

Let continue out treatment...

Step 1.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

Step 2.
OTL - Run a Special Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents
    
  5. Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins)...
  6. When finished it will produce two logs:
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  7. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file
  3. Contents of a Extras.txt log file

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 16th, 2012, 11:34 pm

Results of OTL scan (OTL.log):

OTL logfile created on: 12/16/2012 8:25:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 58.69% Memory free
2.09 Gb Paging File | 0.81 Gb Available in Paging File | 38.55% Paging File free
Paging file location(s): C:\pagefile.sys 500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.72 Gb Total Space | 8.88 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive D: | 29.71 Gb Total Space | 19.23 Gb Free Space | 64.74% Space Free | Partition Type: FAT32

Computer Name: MATTTABLET | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/16 20:22:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe
PRC - [2012/12/12 22:41:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/11/09 06:48:10 | 000,203,400 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/12 11:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/09/10 20:08:30 | 000,513,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/12/29 13:54:36 | 000,870,048 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\BtvStack.exe
PRC - [2011/12/29 13:51:06 | 000,695,456 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe
PRC - [2011/12/29 13:50:30 | 000,085,664 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/08/02 13:00:04 | 000,715,368 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2011/08/02 13:00:02 | 000,739,944 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2011/08/02 12:59:58 | 000,469,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2011/07/13 20:13:32 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/05/26 00:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2011/05/24 21:26:46 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/05/24 09:03:56 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/05/24 09:03:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/05/12 00:04:12 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/11 21:38:12 | 000,116,304 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe
PRC - [2011/04/11 05:00:37 | 000,241,232 | ---- | M] () -- C:\Program Files\Acer\Device Control\ADevCtrl.exe
PRC - [2011/04/11 05:00:37 | 000,107,600 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Device Control\AdWmiSvc.exe
PRC - [2011/04/11 05:00:37 | 000,066,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe
PRC - [2011/04/09 22:32:08 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/09 22:31:50 | 000,377,664 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/03/30 00:10:08 | 003,594,624 | ---- | M] (Acer) -- C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\Acer Ring.exe
PRC - [2011/02/11 06:49:46 | 000,332,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2011/02/11 06:49:44 | 001,070,160 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2011/02/11 06:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2011/02/11 03:53:18 | 000,114,688 | ---- | M] () -- C:\Program Files\HIDMon\HIDMON.exe
PRC - [2011/02/04 03:12:38 | 000,086,016 | ---- | M] () -- C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
PRC - [2011/01/18 00:52:56 | 001,530,472 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/11/20 15:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 15:29:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/04/13 19:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 12:42:40 | 012,549,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\474914b7c8b9b5056943488991a57edc\System.Windows.Forms.ni.dll
MOD - [2012/11/15 12:42:21 | 001,595,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll
MOD - [2012/11/15 12:42:16 | 014,694,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ce4a51998cc869afd39f6c01fa1801ff\PresentationFramework.ni.dll
MOD - [2012/11/15 12:41:36 | 012,678,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ea10f3231995d893967a191b9d19805\PresentationCore.ni.dll
MOD - [2012/11/15 12:41:04 | 003,379,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\10dca0c97b8703d895d026e645b6a1bc\WindowsBase.ni.dll
MOD - [2012/11/15 12:40:56 | 000,240,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bcafb3d47862dd66058f7707674a6f5b\WindowsFormsIntegration.ni.dll
MOD - [2012/11/15 12:38:18 | 002,299,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\112c4cef4284c5c518cc513d211dfb8f\System.Core.ni.dll
MOD - [2012/11/15 12:36:03 | 011,959,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a865d59ff4afed0781473f36b4380e49\System.Web.ni.dll
MOD - [2012/11/15 07:45:18 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll
MOD - [2012/11/15 07:44:30 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b0c89de727ba3d9160a77cc47638f759\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 07:20:53 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll
MOD - [2012/11/13 20:37:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/13 20:32:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/13 20:29:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/13 18:52:42 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/10 17:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/10 17:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/10 17:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/05/25 01:50:44 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/04/11 05:00:37 | 000,241,232 | ---- | M] () -- C:\Program Files\Acer\Device Control\ADevCtrl.exe
MOD - [2011/04/11 05:00:37 | 000,057,424 | ---- | M] () -- C:\Program Files\Acer\Device Control\BrandDetection.dll
MOD - [2011/04/09 22:32:40 | 000,465,640 | ---- | M] () -- C:\Program Files\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011/04/09 22:32:22 | 001,081,664 | ---- | M] () -- C:\Program Files\NTI\Acer Backup Manager\ACE.dll
MOD - [2011/03/22 12:17:54 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/11 03:53:18 | 000,114,688 | ---- | M] () -- C:\Program Files\HIDMon\HIDMON.exe
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/11/16 21:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/11/09 06:48:10 | 000,203,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/05/30 16:23:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/29 13:50:30 | 000,085,664 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/08/02 13:00:02 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/05/26 00:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/24 09:03:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/04/11 05:00:37 | 000,066,128 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe -- (DsiDeviceControlService)
SRV - [2011/04/09 22:32:08 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/11 06:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/04 03:12:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe -- (SnxUsbDockingKB2267Srv)
SRV - [2010/12/27 22:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/13 19:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2012/12/12 22:41:52 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/12/12 22:41:52 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/11/09 06:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/11/09 06:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/11/09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/11/09 06:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/11/09 06:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/11/09 06:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/11/09 06:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/11/09 06:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/14 15:26:32 | 000,064,832 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2012/08/23 08:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/07/13 01:51:38 | 000,091,136 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ax88772b.sys -- (AX88772B)
DRV - [2012/04/20 15:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2011/12/29 14:00:00 | 000,466,080 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/12/29 13:59:12 | 000,263,968 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/12/29 13:59:00 | 000,060,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/12/29 13:58:24 | 000,147,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/12/29 13:58:12 | 000,035,488 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/12/29 13:57:54 | 000,025,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011/12/29 13:57:42 | 000,097,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_avdt.sys -- (btath_avdt)
DRV - [2011/12/29 13:57:24 | 000,297,632 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/11/30 04:28:22 | 002,227,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/24 10:25:50 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/05/24 08:25:22 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/30 00:46:38 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/01/10 06:59:36 | 000,015,936 | ---- | M] (Bosch Sensortec GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\bma150.sys -- (BST)
DRV - [2010/12/16 10:06:46 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/29 02:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/04/13 19:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3005540169-2879669657-3892385541-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-3005540169-2879669657-3892385541-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/#
IE - HKU\S-1-5-21-3005540169-2879669657-3892385541-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3005540169-2879669657-3892385541-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/11/04 14:58:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/12/16 17:51:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/11/23 22:51:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20121212225453.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AcerRingLauncher] C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\AcerRingLauncher.exe (Acer)
O4 - HKLM..\Run: [ADevCtrl] C:\Program Files\Acer\Device Control\ADevCtrl.exe ()
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AutoScreenRotationBlocker] C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe (Dritek System Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [xLaunchHIDMon] C:\Program Files\HIDMon\HIDMON.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86D1DD67-6DD2-491B-AA0F-4D59C1EF83BD}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 11:07:19 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2012/12/14 17:28:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Avg2013
[2012/12/14 17:26:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/14 16:03:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2012/12/14 16:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/14 16:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/14 16:02:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/12/14 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/14 15:35:54 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/12/14 15:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/12/13 20:23:00 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\DriverCure
[2012/12/13 20:22:59 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SpeedyPC Software
[2012/12/13 20:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/12/13 11:48:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2012/12/13 11:39:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/12/13 11:39:48 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\MFAData
[2012/12/13 11:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/12/12 22:41:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/12 22:41:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012/12/12 22:41:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/12 22:41:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/12/12 22:41:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/12/12 22:41:18 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbGD.sys
[2012/12/12 22:41:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/12/12 22:41:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/12/12 22:41:15 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012/12/12 22:41:14 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/12/12 22:41:14 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/12/12 22:41:14 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012/12/12 22:41:14 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012/12/12 22:41:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012/12/12 22:41:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012/12/12 22:41:13 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/12/12 22:39:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/12 22:39:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/12 22:39:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/12 22:39:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/12 22:39:48 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/12 22:39:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/12 22:39:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/12 22:39:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/12 22:34:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/12 22:33:38 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/12/12 22:33:36 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/12/12 22:33:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 22:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 22:33:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 22:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 22:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 22:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 22:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 22:33:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 22:33:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 22:33:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 22:33:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 22:33:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 22:33:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 22:33:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 22:33:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 22:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 22:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 22:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 22:33:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 22:33:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 22:33:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 22:33:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 22:33:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 22:33:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 22:33:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 22:33:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 22:33:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 22:33:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 22:32:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/12 22:32:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/12 22:32:19 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/12 22:32:15 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/01 19:22:30 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/11/30 09:50:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\SG Test

========== Files - Modified Within 30 Days ==========

[2012/12/16 17:42:36 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/16 17:42:36 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/16 17:42:12 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012/12/16 11:09:59 | 000,016,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 11:09:59 | 000,016,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 11:07:26 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2012/12/16 11:06:40 | 000,856,731 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2012/12/16 11:05:39 | 000,013,824 | ---- | M] () -- C:\Users\Matt\Desktop\codecheck.exe
[2012/12/16 11:02:11 | 860,827,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/14 16:02:49 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/14 15:35:54 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/12/13 20:24:55 | 000,002,484 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/12/13 20:24:55 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Migration and Sync Wizard.lnk
[2012/12/13 20:24:54 | 000,001,403 | ---- | M] () -- C:\Users\Matt\Desktop\Install Windows.lnk
[2012/12/13 20:24:32 | 000,001,109 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/12/13 12:29:00 | 000,001,270 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/13 07:12:14 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/12/12 22:44:52 | 000,430,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/12 22:42:14 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/12 22:41:52 | 002,739,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/12/12 22:41:52 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/12/12 22:41:52 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/12/12 22:41:52 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012/12/12 22:41:52 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012/12/12 22:41:52 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012/12/12 22:41:52 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/12/12 22:41:52 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012/12/12 22:41:52 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/12/12 22:41:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/12/12 22:41:52 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012/12/12 22:41:52 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012/12/12 22:41:52 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/12 22:41:52 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/12/12 22:41:52 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/12 22:41:52 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
[2012/12/12 22:41:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/12/12 22:41:00 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/12/12 22:41:00 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 22:41:00 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 22:41:00 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 22:41:00 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 22:41:00 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 22:41:00 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 22:41:00 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 22:41:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 22:40:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 22:40:59 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 22:40:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 22:40:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 22:40:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 22:40:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 22:40:38 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/12 22:40:25 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/12 22:40:25 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/12 22:40:25 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/12 22:40:25 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/12 22:40:25 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/12 22:40:25 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/12 22:40:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/12 22:40:25 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/12 22:39:29 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/12 22:39:29 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/12 22:39:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/01 19:24:31 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/11/17 22:29:51 | 000,000,017 | ---- | M] () -- C:\Users\Matt\AppData\Local\resmon.resmoncfg

========== Files Created - No Company Name ==========

[2012/12/16 11:06:12 | 000,856,731 | ---- | C] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2012/12/16 11:05:39 | 000,013,824 | ---- | C] () -- C:\Users\Matt\Desktop\codecheck.exe
[2012/12/14 16:02:49 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/02 20:45:58 | 009,811,852 | ---- | C] () -- C:\Users\Matt\Desktop\IITSEC2012ProgramGuide.pdf
[2012/11/17 22:29:51 | 000,000,017 | ---- | C] () -- C:\Users\Matt\AppData\Local\resmon.resmoncfg
[2012/10/29 20:10:12 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/29 11:16:08 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2012/07/05 10:05:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/24 05:19:51 | 000,001,220 | ---- | C] () -- C:\Windows\SYSTEMCD.dat
[2012/03/24 05:19:51 | 000,000,620 | ---- | C] () -- C:\Windows\LPCD.dat
[2012/03/24 05:19:51 | 000,000,476 | ---- | C] () -- C:\Windows\RCD.dat
[2012/03/24 05:19:51 | 000,000,066 | ---- | C] () -- C:\Windows\NAPP.dat
[2012/02/07 12:09:44 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2012/02/07 12:09:44 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2012/02/07 12:09:44 | 000,029,494 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2012/02/07 12:09:44 | 000,002,084 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2012/02/07 12:09:44 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012/02/07 12:09:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2012/02/07 12:09:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2012/02/07 12:09:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012/02/07 12:09:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012/02/07 12:09:44 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2012/02/07 12:09:44 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012/02/07 12:09:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/07 11:43:46 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/02/07 11:43:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/12/29 13:02:56 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/05/25 01:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/02 21:43:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Acer
[2012/06/21 10:45:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DoD-PKE
[2012/12/13 20:23:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DriverCure
[2012/08/09 09:34:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FPMI
[2012/08/28 21:42:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\KeePass
[2012/05/31 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PowerCinema
[2012/12/13 20:22:59 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SpeedyPC Software
[2012/06/02 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TouchBrowser
[2012/12/13 11:48:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2012/06/02 16:29:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 15:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/02/07 11:47:57 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 15:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/12/16 11:02:11 | 860,827,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/16 11:02:14 | 524,288,000 | -HS- | M] () -- C:\pagefile.sys
[2012/12/16 11:35:46 | 000,139,158 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_16.12.2012_11.24.56_log.txt

< MD5 for: AGP440.SYS >
[2009/07/13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2011/07/13 20:17:23 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/07/13 20:17:23 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/07/13 20:17:23 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/07/13 20:17:23 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 15:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 15:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 15:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

< MD5 for: NVRAID.SYS >
[2010/11/20 15:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 15:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011/07/13 20:17:23 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011/07/13 20:17:23 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/07/13 20:17:23 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011/07/13 20:17:23 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011/07/13 20:17:23 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/07/13 20:17:23 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/07/13 20:17:23 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/07/13 20:17:23 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 15:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/20 15:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 15:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/11/09 06:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\cfwids.sys
[2012/12/01 19:24:30 | 000,369,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys
[2012/12/01 19:24:30 | 000,136,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/11/09 06:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeapfk.sys
[2012/11/09 06:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeavfk.sys
[2012/11/09 06:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfebopk.sys
[2012/11/09 06:52:22 | 000,009,648 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeclnk.sys
[2012/11/09 06:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfefirek.sys
[2012/11/09 06:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfehidk.sys
[2012/11/09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mferkdet.sys
[2012/11/09 06:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfewfpk.sys
[2012/12/12 22:41:52 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpvideominiport.sys
[2012/11/13 18:31:45 | 001,293,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2012/11/13 18:31:45 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpipreg.sys
[2012/12/12 22:41:52 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\TsUsbFlt.sys
[2012/11/13 18:22:51 | 000,526,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Wdf01000.sys
[2012/11/13 18:22:51 | 000,047,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WdfLdr.sys
[2012/11/13 18:22:02 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFPf.sys
[2012/11/13 18:22:02 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFRd.sys

< %PROGRAMFILES%\*. >
[2012/03/24 05:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2012/11/04 14:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Games
[2012/10/29 21:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/02/07 12:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\AMD APP
[2012/03/24 04:27:26 | 000,000,000 | ---D | M] -- C:\Program Files\ASIX Electronics Corporation
[2012/02/07 12:06:08 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2012/02/07 12:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2012/05/30 16:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Barnes & Noble
[2012/11/04 14:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Bluetooth Suite
[2012/12/14 07:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/03/24 04:57:22 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2012/08/07 09:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\DoD-PKE
[2010/11/20 18:47:12 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/11/04 14:58:37 | 000,000,000 | ---D | M] -- C:\Program Files\HIDMon
[2012/10/29 20:11:58 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/12/12 22:43:28 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/11/08 20:25:34 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/11/04 14:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2012/12/14 16:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/29 11:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2012/12/12 22:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2012/11/04 14:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Online Backup
[2012/10/29 21:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2012/10/29 21:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\McAfeeMOBK
[2012/10/29 20:28:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012/05/30 20:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2010/11/20 18:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2012/05/30 20:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/11/04 14:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/05/30 20:38:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/05/30 20:38:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2012/05/30 20:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2012/11/04 14:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Touch Pack for Windows 7
[2012/05/30 20:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2012/02/07 12:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft XNA
[2012/05/30 16:31:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/05/30 20:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/05/30 21:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2012/02/07 20:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\NTI
[2012/06/21 10:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
[2012/05/31 04:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\Preload
[2012/02/07 12:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/13 22:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/11/04 14:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\SocialJogger
[2012/12/14 16:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\stinger
[2012/11/04 14:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2012/02/07 12:10:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2009/07/13 22:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/11/04 14:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\USBKBTool
[2012/11/04 14:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Earth 3D
[2012/03/24 04:52:34 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent Games
[2010/11/20 18:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/30 15:55:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/03/24 05:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/11/20 18:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/11/04 14:59:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 22:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/11/20 18:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2010/11/20 15:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012/11/04 14:59:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-12-15 02:16:49

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >

< >
[2009/07/13 22:53:46 | 000,032,582 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/13 22:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< End of report >
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 16th, 2012, 11:38 pm

Very clear instructions again and had no problems running the scan.
Contents of the Extras.txt file:

OTL Extras logfile created on: 12/16/2012 8:25:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 58.69% Memory free
2.09 Gb Paging File | 0.81 Gb Available in Paging File | 38.55% Paging File free
Paging file location(s): C:\pagefile.sys 500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.72 Gb Total Space | 8.88 Gb Free Space | 29.86% Space Free | Partition Type: NTFS
Drive D: | 29.71 Gb Total Space | 19.23 Gb Free Space | 64.74% Space Free | Partition Type: FAT32

Computer Name: MATTTABLET | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6EF3C6-FED6-45BD-BB21-19AB850E1F6C}" = lport=138 | protocol=17 | dir=in | app=system |
"{0EE99154-B1C3-416D-9FAC-0C8AD94AA018}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18115EBD-DBBD-4383-A3D9-B186104359DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F014886-A19B-45B3-B26F-F56036C543C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{293F8A73-7690-41E8-942E-B8896AAE8E91}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{308E386D-D006-423D-9C1C-7071146CBA00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40587D3C-B248-4419-B4F1-8C885820559C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42989ABA-4616-4C1C-9862-11CC3FD4CFB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{54751FE9-92FB-4FBE-B27D-AD5DC7CD693E}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B967A06-B387-48DD-91DB-07DB6CC7C1D5}" = rport=138 | protocol=17 | dir=out | app=system |
"{6221FF99-1F8B-4FDB-B0F9-41679AE15B34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{647DF4DF-5CE5-4664-A4EC-5AD22272D5C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6ED1C824-44E2-426D-BEC4-4245DBDCEDC0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{76944A16-21CC-4459-8549-35F92FB0FBD1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A235F8C5-1A75-4328-8656-DDE0C0702632}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2B21B86-B113-4C6C-BB33-22E691279061}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3A49EF0-C5AD-43CF-AC9E-284FC4613CA4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4CF02BF-C11C-4179-873A-99C4B3787F7F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE14CE1F-9FFA-44FE-BBB7-09CE96E4320B}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFDC2987-6BB5-425B-9605-084E87BE9047}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC41F616-A06F-4FCB-8A50-A9A783FB88DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1B4CCC5-6DB5-400B-93A1-854908F6B17E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB8EDE89-D4AD-4421-A46A-C2FAEE450F3B}" = lport=445 | protocol=6 | dir=in | app=system |
"{F16F2949-2CE5-4FDC-A2DB-D155A946ACFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0590A102-83B4-415B-9DAF-0BB88A4F9845}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10F13369-69B0-417E-A64F-1E8101199F1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1171715F-F34C-487B-9DD2-4955E5FC2B2F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2EF34501-1E89-4BD4-89D7-F76EAAF7CC4A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{2F5974FC-80E2-4C6B-A9B7-D60B1B8781BF}" = protocol=6 | dir=out | app=system |
"{2FB40AA0-5337-47B0-9958-615230F70E7B}" = dir=in | app=c:\program files\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{337AEE22-FF87-4945-8352-52F38FD2C667}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{38491526-75F8-48BA-9399-3B2EAE966F86}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{38F572E1-C15C-498A-A4AC-772269FCD4C2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{3951D34A-525E-4FAC-8742-BE16206BA809}" = dir=in | app=c:\program files\acer\clear.fi\mvp\clear.fi.exe |
"{3CC88A61-5408-467B-B39D-D39357B1C0A0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{5269E9A7-4E5D-4542-8511-FF293A084B0A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{542B4028-A37D-4505-B632-D3945A94A6C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5765981C-A1CC-49AC-A963-FCC9B9C4FC80}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{58DDF36A-FEEF-4BEB-B37D-70DCA9872CE8}" = dir=in | app=c:\program files\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{68B0C915-0E7F-4CD2-804F-D6A53720812A}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{697E90D2-E634-47E0-9F15-A6C41A68980D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{76D15CEA-382A-432D-B342-8D2794CF0C47}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{790FDB95-36C4-44BC-81DE-DB865BAEF359}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7AE159DA-F524-4302-8D82-6D32D2EDC406}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{7F1E05EB-0592-4D62-9106-89F5396BBED2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87B7EB33-0168-4DEC-BCFB-080338599CE4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{8AAE5FCF-2F2B-40B3-98D1-DE194670A690}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B8D7328-F182-49A5-B01F-DFAC0A97F3B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A19C53A-8695-4DAE-A42B-BD218EF037D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A57B3DF-6D7A-428B-A35E-41BC55E156C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{A62E56FC-BE24-4A6B-A2AC-B0C7079ADEFA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{AA446315-F0B4-4886-83EA-2CE07365A3D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC8F9E64-4DE8-4D8A-893E-D48D7D8FFAD7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AD062C43-433A-4249-9EE3-F969E763FF2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6F602CB-EA2B-4416-A304-6F7A3EF48938}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{B77F3CDB-F0AF-4DA9-B66E-2294626B5F32}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BF931637-DA7D-4146-998F-8472E25E1DF9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{C3143C34-81C6-4978-A6FE-2442995B67E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2D1D808-087B-4F52-A225-E561DF86CCFE}" = dir=in | app=c:\program files\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{D3466E09-34F5-408D-BF64-5E67827BB79C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D720D4A8-7BDC-4949-AC64-ACE3196E8BC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E0ACBEC3-B602-4982-8163-E4FF48F6BC72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1D9C533-B543-4A4B-89F7-7E9E6C252F06}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F3468C2F-8C27-4482-A2A8-FAD86B7B2D99}" = dir=in | app=c:\program files\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{F408E723-4B15-470D-A744-887FD94E9333}" = dir=in | app=c:\program files\acer\clear.fi\mvp\clear.fiagent.exe |
"{F98E9079-1974-4E84-A577-82AECB0BB688}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB84EC13-A851-437B-81B0-7B0DB6956D0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{0405D5EE-76D3-457F-A50F-6CF75D2392D7}" = InstallRoot 3.15.1
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Atheros Bluetooth Suite
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C8528F-630F-1BDF-5208-0E1E665EAEC7}" = Catalyst Control Center InstallProxy
"{122B1825-3F1E-F7AA-157C-033A5286339B}" = Catalyst Control Center Localization All
"{1398F892-730D-C334-E7F1-5584F73F3D9F}" = CCC Help Hungarian
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C572D82-7E38-4A13-932A-D651AA95E1E9}" = Acer Touch Application Suite
"{1E5E3218-7E21-CA40-5C99-1C3F08C18C85}" = AMD Media Foundation Decoders
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2312197F-544A-0DE9-7E78-2D7BD9C755DE}" = CCC Help Chinese Traditional
"{24B8FFCE-EECA-FF6B-5958-AC3913C5DC7D}" = ATI Catalyst Install Manager
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{386AEEC9-0994-0491-E3A8-ECCEB98B693C}" = CCC Help Czech
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A961DEF-D492-D159-05E7-AFEBD23B1443}" = CCC Help Thai
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4686B678-6E39-CBB0-D2AD-753768D9482C}" = Catalyst Control Center Graphics Previews Common
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FEB120F-8FAE-C079-F90E-69DDDFE5F24A}" = CCC Help Portuguese
"{5327C3B7-A2BD-DFF9-9AAA-6B25C205A11B}" = CCC Help Finnish
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{56757C8E-7CD5-70F7-7F70-DED7C0290F17}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62056544-7C76-36A4-72A2-EE64F1C659E6}" = CCC Help French
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = SocialJogger
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{7166D240-F1EE-4044-B0F3-F6AB1AF8AE72}" = HIDMon
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7893F1F4-1A7A-7761-A15B-16248A91F14A}" = CCC Help Polish
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8356465E-39A3-B863-E66D-79BC03B37879}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85905B8F-7C26-A6E2-6FE4-AA891ADF474A}" = CCC Help Danish
"{87CEDA87-B520-0F6C-0435-186697E523AB}" = ccc-utility
"{89EA0D8A-5115-CB48-4B5A-91F8A2A07CB4}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A2BDD89-D2A9-70F1-0F9F-5511B4035F4E}" = CCC Help Italian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987FD645-B12E-BCE0-723F-D99EAB70EE0B}" = AMD VISION Engine Control Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D67169F-A1FD-18D3-C503-69E0B6E7BD09}" = CCC Help Spanish
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A54C3171-046D-9C8F-EEBA-D78A5927156A}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1958B6-C964-BAE1-259C-DB4239BCEEFC}" = CCC Help German
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B51B7CE6-1BFF-1E08-FAE3-75AD36B9A399}" = CCC Help Japanese
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0B83E1B-9DDD-B169-BFA9-DF46CAB9D528}" = CCC Help Chinese Standard
"{D20EB399-E879-EB25-F5B2-1CBCBE8B27AB}" = CCC Help Turkish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCFECF64-F0E9-4DAA-8E5E-261DA7A00E10}" = Articulate Storyline
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA188C57-85BA-0AB4-D11B-2892B79EDF4D}" = CCC Help Dutch
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDCF6C26-F42B-EEE7-C42F-C5DD7509C1EA}" = CCC Help Norwegian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2207310-FE8E-CB9D-C44C-3042F966CDAD}" = CCC Help Greek
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"ADevCtrl" = Acer Device Control
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AutoScreenRotationBlocker" = Acer Auto Screen Rotation Blocker
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = SocialJogger
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee Total Protection
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"USBKBTool" = USBKBTool 1.0.3.6
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-30a2f793-3901-4441-b045-92832000d54f" = Farm Frenzy
"WTA-43f82363-1481-4946-8211-1af77c076af4" = Ancient Hearts and Spades
"WTA-b7907c0d-44af-48e0-8ff9-1f66821b0ad9" = Bounce Symphony
"WTA-d49054c6-3419-4d9c-b7a0-933789f88e49" = Bookworm Adventures
"WTA-e67641d2-1077-4c9f-a7a6-bbe1518c5720" = Dora's Carnival Adventure

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3005540169-2879669657-3892385541-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2D857E8472D5CE6389E3ABD8FDE97BC8130D96A3" = Atheros Outlook Addin 2010
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2012 10:09:23 AM | Computer Name = MattTablet | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\NTI\acer
backup manager\OutlookMsgNet64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/21/2012 10:09:42 AM | Computer Name = MattTablet | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/21/2012 10:10:28 AM | Computer Name = MattTablet | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\ASIX Electronics
Corporation\AX88772B Windows 7 Drivers\64-bit\DPInst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/21/2012 8:14:05 PM | Computer Name = MattTablet | Source = WinMgmt | ID = 10
Description =

Error - 11/21/2012 8:15:58 PM | Computer Name = MattTablet | Source = VSS | ID = 8194
Description =

Error - 11/22/2012 2:14:49 PM | Computer Name = MattTablet | Source = WinMgmt | ID = 10
Description =

Error - 11/22/2012 2:16:57 PM | Computer Name = MattTablet | Source = VSS | ID = 8194
Description =

Error - 11/23/2012 6:58:58 PM | Computer Name = MattTablet | Source = WinMgmt | ID = 10
Description =

Error - 11/23/2012 7:01:21 PM | Computer Name = MattTablet | Source = VSS | ID = 8194
Description =

Error - 11/24/2012 1:42:32 AM | Computer Name = MattTablet | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x507284ba Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting
process id: 0x1cb0 Faulting application start time: 0x01cdc9fda2739393 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: bd453544-35f9-11e2-a298-f3520354654a

[ System Events ]
Error - 12/14/2012 11:23:00 PM | Computer Name = MattTablet | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 12/14/2012 11:59:03 PM | Computer Name = MattTablet | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 12/14/2012 11:59:26 PM | Computer Name = MattTablet | Source = DCOM | ID = 10010
Description =

Error - 12/15/2012 12:46:17 AM | Computer Name = MattTablet | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 12/15/2012 12:52:45 AM | Computer Name = MattTablet | Source = DCOM | ID = 10010
Description =

Error - 12/16/2012 1:02:43 PM | Computer Name = MattTablet | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 12/16/2012 2:13:32 PM | Computer Name = MattTablet | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/16/2012 2:13:43 PM | Computer Name = MattTablet | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 12/16/2012 7:42:10 PM | Computer Name = MattTablet | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/16/2012 7:42:21 PM | Computer Name = MattTablet | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 16th, 2012, 11:46 pm

I don't normally run with both McAfee firewall and Windows Defender on. Only turned Windows Defender on when I couldn't get McAfee to stay on. Have no problem only running 1. I won't change the status on either one at this point until you tell me to do so.
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby pgmigg » December 17th, 2012, 1:46 am

Hello mattsmart1,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 17th, 2012, 7:23 pm

Just finished running OTL (Step 1). Asked to reboot and I okay'ed. On restart got the following "winlogon.exe - Application Error" message. Message text is: "The instruction at 0x777bd6c9 referenced memory at 0x01d6fe88. The memory could not be used. Click on OK to terminate the program."

I clicked OK.

Also, before bootup finished got a "Security Warning" stating "The publisher could not be verified. Are you sure you want to run this software? Name: C:\Users\Matt\Downloads\OTL.exe Publisher: Unknown Publisher. Recognized the location and file so clicked Run.

Will paste text of notepad file in separate reply.
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 17th, 2012, 7:26 pm

Copy of OTL log file below.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 903253712 bytes
->Temporary Internet Files folder emptied: 45262692 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 581 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 466892052 bytes
RecycleBin emptied: 4096 bytes

Total Files Cleaned = 1,350.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Matt
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm

Re: McAfee Firewall Turning Off Automatically

Unread postby mattsmart1 » December 17th, 2012, 10:04 pm

Content of ESET Log (only 2 lines of text) below.
Note I turned McAfee Real Time Scan back on after the ESET scan. Attempted to turn the Firewall back on but immediately shut back off after I pressed the On button. Also turned Windows Firewall back on.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
mattsmart1
Active Member
 
Posts: 12
Joined: December 14th, 2012, 11:41 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware