Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows blocked by white screen after startup


  • This topic is locked This topic is locked
10 replies to this topic

#1 cyclop

cyclop

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 22 March 2012 - 02:55 PM

After startup, my monitor just turn white with this sentence on it "please wait while the connection is being established".
I ran malwarebyte antimalware(mbam) in safe mode with command prompt and the screen turn to normal again. But i think the malware is still in my laptop since i cannot turn on my firewall.

I hope anyone can help me with this.

I already ran DDS and GMER for anyone to take a look of my problem

Thanks in advance.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by owne at 8:31:47 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2638 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\vds.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SndVol.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.us.b00kmarks.com/landing_t.php?guid={81579A36-1E08-4740-BFB7-C3BCEC09CE8A}
uDefault_Search_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={81579A36-1E08-4740-BFB7-C3BCEC09CE8A}&f=iea
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google
uInternet Settings,ProxyServer = http=127.0.0.1:59838
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uWinlogon: Userinit=C:\Users\owne\AppData\Roaming\k8rdift659c.exe,C:\WINDOWS\System32\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111223184853.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-system: DisableTaskMgr = 0
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{068353B0-C7D0-4C5D-81DB-3FF6F01C0C48} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{068353B0-C7D0-4C5D-81DB-3FF6F01C0C48}\036324930303 : DhcpNameServer = 122.255.99.236 122.255.99.228
TCP: Interfaces\{068353B0-C7D0-4C5D-81DB-3FF6F01C0C48}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{068353B0-C7D0-4C5D-81DB-3FF6F01C0C48}\3616364757373757072756D656 : DhcpNameServer = 122.255.99.228 122.255.99.236
TCP: Interfaces\{068353B0-C7D0-4C5D-81DB-3FF6F01C0C48}\55E696B4C4D2D494345445 : DhcpNameServer = 202.188.1.5 202.188.0.133
TCP: Interfaces\{F746F5D1-1FDB-4128-8086-47C55D671503} : DhcpNameServer = 143.167.252.110 143.167.2.110
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111223184853.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Dell DataSafe Online REG_SZ C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe ]
mRun-x64: [FATrayAlert REG_SZ C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe ]
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owne\AppData\Roaming\Mozilla\Firefox\Profiles\fbu3jrhk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://malaysia.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59838
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-connections-per-server - 8
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-4 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-1-4 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-1-4 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-4 689472]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-4 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-18 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-4 2533400]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 Gun;Gun;\??\C:\Windows\system32\Gun64.sys --> C:\Windows\system32\Gun64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-4 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-1-4 220528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-2 2428552]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
.
=============== Created Last 30 ================
.
2012-03-14 03:02:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 03:02:31 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 03:02:31 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 22:47:52 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 22:47:49 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 22:47:49 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 22:45:50 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 22:45:50 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 22:45:50 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 22:45:39 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 22:45:39 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 22:45:39 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 22:45:39 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 17:30:06 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-03-13 17:29:40 -------- d-----w- C:\Users\owne\AppData\Roaming\uTorrent
2012-03-13 08:55:30 -------- d-----w- C:\Users\owne\AppData\Roaming\Ocziycm
2012-03-13 08:55:30 -------- d-----w- C:\Users\owne\AppData\Roaming\Ensopya
2012-03-13 08:30:35 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-03-13 08:29:27 -------- d-----w- C:\Users\owne\AppData\Roaming\BitTorrent
2012-03-08 00:02:55 -------- d-----w- C:\Users\owne\AppData\Roaming\SUPERAntiSpyware.com
2012-03-08 00:02:38 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-08 00:02:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-07 20:17:59 -------- d-----w- C:\Users\owne\AppData\Roaming\McAfee
2012-03-02 23:21:29 -------- d-----w- C:\ProgramData\Windows
2012-03-02 13:56:35 -------- d-----w- C:\Users\owne\AppData\Local\Chromium
.
==================== Find3M ====================
.
2012-02-22 13:27:03 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 8:39:51.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 27 March 2012 - 01:03 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If you did not set this proxy or is not required (check with your Internet Provider) remove it.
uInternet Settings,ProxyServer = http=127.0.0.1:59838

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:59838 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 cyclop

cyclop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 27 March 2012 - 07:46 PM

Hello nasdaq.

log from tdskiller,

00:40:19.0082 0360 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:40:19.0245 0360 ============================================================
00:40:19.0245 0360 Current date / time: 2012/03/28 00:40:19.0245
00:40:19.0245 0360 SystemInfo:
00:40:19.0245 0360
00:40:19.0245 0360 OS Version: 6.1.7601 ServicePack: 1.0
00:40:19.0245 0360 Product type: Workstation
00:40:19.0245 0360 ComputerName: CYCLOP-PC
00:40:19.0246 0360 UserName: owne
00:40:19.0246 0360 Windows directory: C:\Windows
00:40:19.0246 0360 System windows directory: C:\Windows
00:40:19.0246 0360 Running under WOW64
00:40:19.0246 0360 Processor architecture: Intel x64
00:40:19.0246 0360 Number of processors: 4
00:40:19.0246 0360 Page size: 0x1000
00:40:19.0246 0360 Boot type: Normal boot
00:40:19.0246 0360 ============================================================
00:40:19.0873 0360 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:40:19.0879 0360 \Device\Harddisk0\DR0:
00:40:19.0879 0360 MBR used
00:40:19.0879 0360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
00:40:19.0879 0360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x1CD4C863
00:40:19.0895 0360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EACC800, BlocksNum 0x1B8B9000
00:40:19.0977 0360 Initialize success
00:40:19.0977 0360 ============================================================
00:40:42.0618 5056 ============================================================
00:40:42.0618 5056 Scan started
00:40:42.0618 5056 Mode: Manual;
00:40:42.0618 5056 ============================================================
00:40:42.0949 5056 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:40:42.0994 5056 !SASCORE - ok
00:40:43.0074 5056 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:40:43.0113 5056 1394ohci - ok
00:40:43.0146 5056 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:40:43.0148 5056 ACPI - ok
00:40:43.0175 5056 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:40:43.0212 5056 AcpiPmi - ok
00:40:43.0266 5056 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:40:43.0308 5056 AdobeARMservice - ok
00:40:43.0351 5056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:40:43.0364 5056 adp94xx - ok
00:40:43.0399 5056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:40:43.0411 5056 adpahci - ok
00:40:43.0426 5056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:40:43.0434 5056 adpu320 - ok
00:40:43.0461 5056 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:40:43.0462 5056 AeLookupSvc - ok
00:40:43.0477 5056 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:40:43.0514 5056 AERTFilters - ok
00:40:43.0563 5056 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:40:43.0606 5056 AFD - ok
00:40:43.0637 5056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:40:43.0642 5056 agp440 - ok
00:40:43.0657 5056 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:40:43.0661 5056 ALG - ok
00:40:43.0679 5056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:40:43.0684 5056 aliide - ok
00:40:43.0716 5056 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
00:40:43.0752 5056 AMD External Events Utility - ok
00:40:43.0795 5056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:40:43.0799 5056 amdide - ok
00:40:43.0817 5056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:40:43.0821 5056 AmdK8 - ok
00:40:43.0940 5056 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
00:40:44.0122 5056 amdkmdag - ok
00:40:44.0145 5056 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
00:40:44.0183 5056 amdkmdap - ok
00:40:44.0204 5056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:40:44.0208 5056 AmdPPM - ok
00:40:44.0239 5056 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:40:44.0278 5056 amdsata - ok
00:40:44.0303 5056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:40:44.0311 5056 amdsbs - ok
00:40:44.0333 5056 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:40:44.0372 5056 amdxata - ok
00:40:44.0396 5056 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:40:44.0432 5056 AppID - ok
00:40:44.0463 5056 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:40:44.0468 5056 AppIDSvc - ok
00:40:44.0507 5056 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:40:44.0536 5056 Appinfo - ok
00:40:44.0555 5056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:40:44.0560 5056 arc - ok
00:40:44.0575 5056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:40:44.0581 5056 arcsas - ok
00:40:44.0627 5056 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:40:44.0665 5056 aspnet_state - ok
00:40:44.0695 5056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:40:44.0700 5056 AsyncMac - ok
00:40:44.0733 5056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:40:44.0737 5056 atapi - ok
00:40:44.0774 5056 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
00:40:44.0812 5056 AtiHdmiService - ok
00:40:44.0842 5056 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:40:44.0875 5056 AudioEndpointBuilder - ok
00:40:44.0891 5056 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:40:44.0895 5056 AudioSrv - ok
00:40:44.0920 5056 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:40:44.0949 5056 AxInstSV - ok
00:40:44.0972 5056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:40:44.0983 5056 b06bdrv - ok
00:40:45.0010 5056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:40:45.0018 5056 b57nd60a - ok
00:40:45.0042 5056 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:40:45.0047 5056 BDESVC - ok
00:40:45.0062 5056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:40:45.0067 5056 Beep - ok
00:40:45.0096 5056 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
00:40:45.0161 5056 BITS - ok
00:40:45.0183 5056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:40:45.0189 5056 blbdrive - ok
00:40:45.0218 5056 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:40:45.0255 5056 bowser - ok
00:40:45.0277 5056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:40:45.0283 5056 BrFiltLo - ok
00:40:45.0299 5056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:40:45.0304 5056 BrFiltUp - ok
00:40:45.0337 5056 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:40:45.0369 5056 Browser - ok
00:40:45.0397 5056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:40:45.0406 5056 Brserid - ok
00:40:45.0427 5056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:40:45.0433 5056 BrSerWdm - ok
00:40:45.0451 5056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:40:45.0455 5056 BrUsbMdm - ok
00:40:45.0470 5056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:40:45.0473 5056 BrUsbSer - ok
00:40:45.0496 5056 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:40:45.0501 5056 BthEnum - ok
00:40:45.0518 5056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:40:45.0523 5056 BTHMODEM - ok
00:40:45.0551 5056 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:40:45.0553 5056 BthPan - ok
00:40:45.0575 5056 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:40:45.0612 5056 BTHPORT - ok
00:40:45.0649 5056 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:40:45.0652 5056 bthserv - ok
00:40:45.0667 5056 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:40:45.0703 5056 BTHUSB - ok
00:40:45.0717 5056 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
00:40:45.0755 5056 btusbflt - ok
00:40:45.0769 5056 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
00:40:45.0808 5056 btwaudio - ok
00:40:45.0819 5056 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
00:40:45.0858 5056 btwavdt - ok
00:40:45.0923 5056 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
00:40:45.0970 5056 btwdins - ok
00:40:45.0990 5056 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:40:46.0028 5056 btwl2cap - ok
00:40:46.0041 5056 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
00:40:46.0079 5056 btwrchid - ok
00:40:46.0082 5056 catchme - ok
00:40:46.0104 5056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:40:46.0109 5056 cdfs - ok
00:40:46.0140 5056 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:40:46.0178 5056 cdrom - ok
00:40:46.0205 5056 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:40:46.0235 5056 CertPropSvc - ok
00:40:46.0261 5056 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
00:40:46.0302 5056 cfwids - ok
00:40:46.0333 5056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:40:46.0337 5056 circlass - ok
00:40:46.0363 5056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:40:46.0375 5056 CLFS - ok
00:40:46.0417 5056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:40:46.0424 5056 clr_optimization_v2.0.50727_32 - ok
00:40:46.0447 5056 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:40:46.0453 5056 clr_optimization_v2.0.50727_64 - ok
00:40:46.0486 5056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:40:46.0548 5056 clr_optimization_v4.0.30319_32 - ok
00:40:46.0567 5056 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:40:46.0619 5056 clr_optimization_v4.0.30319_64 - ok
00:40:46.0634 5056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:40:46.0639 5056 CmBatt - ok
00:40:46.0670 5056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:40:46.0674 5056 cmdide - ok
00:40:46.0709 5056 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:40:46.0745 5056 CNG - ok
00:40:46.0756 5056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:40:46.0761 5056 Compbatt - ok
00:40:46.0777 5056 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:40:46.0815 5056 CompositeBus - ok
00:40:46.0824 5056 COMSysApp - ok
00:40:46.0844 5056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:40:46.0848 5056 crcdisk - ok
00:40:46.0883 5056 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:40:46.0913 5056 CryptSvc - ok
00:40:46.0940 5056 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
00:40:46.0978 5056 CtClsFlt - ok
00:40:47.0018 5056 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:40:47.0028 5056 DcomLaunch - ok
00:40:47.0058 5056 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:40:47.0070 5056 defragsvc - ok
00:40:47.0094 5056 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:40:47.0130 5056 DfsC - ok
00:40:47.0167 5056 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:40:47.0202 5056 Dhcp - ok
00:40:47.0220 5056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:40:47.0225 5056 discache - ok
00:40:47.0244 5056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:40:47.0249 5056 Disk - ok
00:40:47.0280 5056 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:40:47.0313 5056 Dnscache - ok
00:40:47.0384 5056 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
00:40:47.0423 5056 DockLoginService - ok
00:40:47.0459 5056 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:40:47.0494 5056 dot3svc - ok
00:40:47.0522 5056 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:40:47.0556 5056 DPS - ok
00:40:47.0587 5056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:40:47.0592 5056 drmkaud - ok
00:40:47.0623 5056 dtsoftbus01 (9f98d7afa293947a0dfc6ffd4671fe70) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:40:47.0625 5056 dtsoftbus01 - ok
00:40:47.0668 5056 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:40:47.0745 5056 DXGKrnl - ok
00:40:47.0783 5056 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:40:47.0791 5056 EapHost - ok
00:40:47.0865 5056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:40:47.0949 5056 ebdrv - ok
00:40:47.0984 5056 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:40:48.0025 5056 EFS - ok
00:40:48.0085 5056 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:40:48.0143 5056 ehRecvr - ok
00:40:48.0172 5056 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:40:48.0177 5056 ehSched - ok
00:40:48.0205 5056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:40:48.0216 5056 elxstor - ok
00:40:48.0247 5056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:40:48.0252 5056 ErrDev - ok
00:40:48.0280 5056 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:40:48.0287 5056 EventSystem - ok
00:40:48.0361 5056 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:40:48.0400 5056 EvtEng - ok
00:40:48.0409 5056 ewusbnet - ok
00:40:48.0420 5056 ew_hwusbdev - ok
00:40:48.0441 5056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:40:48.0448 5056 exfat - ok
00:40:48.0477 5056 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
00:40:48.0520 5056 FACAP - ok
00:40:48.0582 5056 FAService (69ce05be48cd9fb80b108be872be3a74) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
00:40:48.0741 5056 FAService - ok
00:40:48.0765 5056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:40:48.0770 5056 fastfat - ok
00:40:48.0810 5056 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:40:48.0851 5056 Fax - ok
00:40:48.0872 5056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:40:48.0876 5056 fdc - ok
00:40:48.0899 5056 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:40:48.0906 5056 fdPHost - ok
00:40:48.0922 5056 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:40:48.0928 5056 FDResPub - ok
00:40:48.0939 5056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:40:48.0942 5056 FileInfo - ok
00:40:48.0960 5056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:40:48.0968 5056 Filetrace - ok
00:40:48.0986 5056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:40:48.0991 5056 flpydisk - ok
00:40:49.0009 5056 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:40:49.0040 5056 FltMgr - ok
00:40:49.0084 5056 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:40:49.0121 5056 FontCache - ok
00:40:49.0174 5056 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:40:49.0216 5056 FontCache3.0.0.0 - ok
00:40:49.0228 5056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:40:49.0232 5056 FsDepends - ok
00:40:49.0246 5056 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:40:49.0249 5056 Fs_Rec - ok
00:40:49.0270 5056 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:40:49.0309 5056 fvevol - ok
00:40:49.0327 5056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:40:49.0332 5056 gagp30kx - ok
00:40:49.0416 5056 GGSAFERDriver - ok
00:40:49.0483 5056 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
00:40:49.0528 5056 GoToAssist - ok
00:40:49.0570 5056 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:40:49.0627 5056 gpsvc - ok
00:40:49.0655 5056 Gun (4f7e0a173348a60e003d3c5f51c5808e) C:\Windows\system32\Gun64.sys
00:40:49.0696 5056 Gun - ok
00:40:49.0746 5056 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:40:49.0747 5056 gupdate - ok
00:40:49.0753 5056 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:40:49.0754 5056 gupdatem - ok
00:40:49.0778 5056 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:40:49.0779 5056 gusvc - ok
00:40:49.0812 5056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:40:49.0817 5056 hcw85cir - ok
00:40:49.0845 5056 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:40:49.0846 5056 HDAudBus - ok
00:40:49.0864 5056 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:40:49.0902 5056 HECIx64 - ok
00:40:49.0920 5056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:40:49.0925 5056 HidBatt - ok
00:40:49.0941 5056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:40:49.0946 5056 HidBth - ok
00:40:49.0963 5056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:40:49.0967 5056 HidIr - ok
00:40:49.0998 5056 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:40:50.0004 5056 hidserv - ok
00:40:50.0026 5056 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:40:50.0064 5056 HidUsb - ok
00:40:50.0087 5056 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:40:50.0120 5056 hkmsvc - ok
00:40:50.0149 5056 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:40:50.0185 5056 HomeGroupListener - ok
00:40:50.0209 5056 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:40:50.0242 5056 HomeGroupProvider - ok
00:40:50.0266 5056 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:40:50.0307 5056 HpSAMD - ok
00:40:50.0347 5056 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:40:50.0405 5056 HTTP - ok
00:40:50.0415 5056 huawei_enumerator - ok
00:40:50.0427 5056 hwdatacard - ok
00:40:50.0454 5056 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:40:50.0483 5056 hwpolicy - ok
00:40:50.0513 5056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:40:50.0520 5056 i8042prt - ok
00:40:50.0551 5056 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
00:40:50.0555 5056 iaStor - ok
00:40:50.0584 5056 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:40:50.0630 5056 iaStorV - ok
00:40:50.0691 5056 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:40:50.0751 5056 idsvc - ok
00:40:50.0776 5056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:40:50.0782 5056 iirsp - ok
00:40:50.0814 5056 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:40:50.0867 5056 IKEEXT - ok
00:40:50.0891 5056 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
00:40:50.0930 5056 Impcd - ok
00:40:50.0990 5056 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
00:40:51.0106 5056 IntcAzAudAddService - ok
00:40:51.0127 5056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:40:51.0131 5056 intelide - ok
00:40:51.0141 5056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:40:51.0143 5056 intelppm - ok
00:40:51.0162 5056 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:40:51.0171 5056 IPBusEnum - ok
00:40:51.0203 5056 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:40:51.0239 5056 IpFilterDriver - ok
00:40:51.0263 5056 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:40:51.0301 5056 IPMIDRV - ok
00:40:51.0325 5056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:40:51.0333 5056 IPNAT - ok
00:40:51.0355 5056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:40:51.0359 5056 IRENUM - ok
00:40:51.0382 5056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:40:51.0386 5056 isapnp - ok
00:40:51.0415 5056 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:40:51.0458 5056 iScsiPrt - ok
00:40:51.0487 5056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:40:51.0493 5056 kbdclass - ok
00:40:51.0515 5056 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:40:51.0552 5056 kbdhid - ok
00:40:51.0573 5056 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:40:51.0578 5056 KeyIso - ok
00:40:51.0594 5056 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:40:51.0625 5056 KSecDD - ok
00:40:51.0649 5056 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:40:51.0689 5056 KSecPkg - ok
00:40:51.0708 5056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:40:51.0712 5056 ksthunk - ok
00:40:51.0744 5056 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:40:51.0772 5056 KtmRm - ok
00:40:51.0791 5056 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:40:51.0829 5056 L1C - ok
00:40:51.0856 5056 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:40:51.0899 5056 LanmanServer - ok
00:40:51.0930 5056 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:40:51.0974 5056 LanmanWorkstation - ok
00:40:51.0987 5056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:40:51.0992 5056 lltdio - ok
00:40:52.0019 5056 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:40:52.0037 5056 lltdsvc - ok
00:40:52.0063 5056 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:40:52.0073 5056 lmhosts - ok
00:40:52.0118 5056 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:40:52.0184 5056 LMS - ok
00:40:52.0210 5056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:40:52.0216 5056 LSI_FC - ok
00:40:52.0233 5056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:40:52.0238 5056 LSI_SAS - ok
00:40:52.0263 5056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:40:52.0267 5056 LSI_SAS2 - ok
00:40:52.0286 5056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:40:52.0292 5056 LSI_SCSI - ok
00:40:52.0319 5056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:40:52.0323 5056 luafv - ok
00:40:52.0352 5056 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
00:40:52.0392 5056 ManyCam - ok
00:40:52.0417 5056 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:40:52.0454 5056 MBAMProtector - ok
00:40:52.0488 5056 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:40:52.0539 5056 MBAMService - ok
00:40:52.0592 5056 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:40:52.0634 5056 McAfee SiteAdvisor Service - ok
00:40:52.0671 5056 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
00:40:52.0672 5056 McAWFwk - ok
00:40:52.0711 5056 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
00:40:52.0713 5056 McComponentHostService - ok
00:40:52.0741 5056 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:40:52.0743 5056 McMPFSvc - ok
00:40:52.0754 5056 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:40:52.0756 5056 mcmscsvc - ok
00:40:52.0763 5056 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:40:52.0764 5056 McNaiAnn - ok
00:40:52.0770 5056 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:40:52.0771 5056 McNASvc - ok
00:40:52.0788 5056 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\mcafee\VirusScan\mcods.exe
00:40:52.0828 5056 McODS - ok
00:40:52.0838 5056 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:40:52.0840 5056 McOobeSv - ok
00:40:52.0845 5056 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:40:52.0847 5056 McProxy - ok
00:40:52.0871 5056 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
00:40:52.0873 5056 McShield - ok
00:40:52.0920 5056 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:40:52.0956 5056 Mcx2Svc - ok
00:40:52.0985 5056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:40:52.0991 5056 megasas - ok
00:40:53.0012 5056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:40:53.0022 5056 MegaSR - ok
00:40:53.0053 5056 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
00:40:53.0090 5056 mfeapfk - ok
00:40:53.0123 5056 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
00:40:53.0166 5056 mfeavfk - ok
00:40:53.0195 5056 mfeavfk01 - ok
00:40:53.0242 5056 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
00:40:53.0243 5056 mfefire - ok
00:40:53.0279 5056 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
00:40:53.0326 5056 mfefirek - ok
00:40:53.0357 5056 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
00:40:53.0405 5056 mfehidk - ok
00:40:53.0437 5056 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
00:40:53.0475 5056 mfenlfk - ok
00:40:53.0496 5056 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
00:40:53.0536 5056 mferkdet - ok
00:40:53.0558 5056 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe
00:40:53.0599 5056 mfevtp - ok
00:40:53.0613 5056 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
00:40:53.0657 5056 mfewfpk - ok
00:40:53.0674 5056 Microsoft SharePoint Workspace Audit Service - ok
00:40:53.0700 5056 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:40:53.0706 5056 MMCSS - ok
00:40:53.0731 5056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:40:53.0735 5056 Modem - ok
00:40:53.0756 5056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:40:53.0757 5056 monitor - ok
00:40:53.0785 5056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:40:53.0791 5056 mouclass - ok
00:40:53.0810 5056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:40:53.0815 5056 mouhid - ok
00:40:53.0846 5056 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:40:53.0886 5056 mountmgr - ok
00:40:53.0914 5056 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:40:53.0957 5056 mpio - ok
00:40:53.0976 5056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:40:53.0982 5056 mpsdrv - ok
00:40:54.0016 5056 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:40:54.0060 5056 MRxDAV - ok
00:40:54.0086 5056 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:40:54.0123 5056 mrxsmb - ok
00:40:54.0151 5056 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:40:54.0193 5056 mrxsmb10 - ok
00:40:54.0205 5056 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:40:54.0241 5056 mrxsmb20 - ok
00:40:54.0264 5056 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:40:54.0305 5056 msahci - ok
00:40:54.0325 5056 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:40:54.0369 5056 msdsm - ok
00:40:54.0399 5056 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:40:54.0408 5056 MSDTC - ok
00:40:54.0423 5056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:40:54.0428 5056 Msfs - ok
00:40:54.0443 5056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:40:54.0448 5056 mshidkmdf - ok
00:40:54.0460 5056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:40:54.0463 5056 msisadrv - ok
00:40:54.0494 5056 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:40:54.0503 5056 MSiSCSI - ok
00:40:54.0511 5056 msiserver - ok
00:40:54.0572 5056 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:40:54.0574 5056 MSK80Service - ok
00:40:54.0597 5056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:40:54.0603 5056 MSKSSRV - ok
00:40:54.0623 5056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:40:54.0630 5056 MSPCLOCK - ok
00:40:54.0652 5056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:40:54.0656 5056 MSPQM - ok
00:40:54.0685 5056 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:40:54.0718 5056 MsRPC - ok
00:40:54.0752 5056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:40:54.0753 5056 mssmbios - ok
00:40:54.0772 5056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:40:54.0776 5056 MSTEE - ok
00:40:54.0792 5056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:40:54.0796 5056 MTConfig - ok
00:40:54.0819 5056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:40:54.0825 5056 Mup - ok
00:40:54.0871 5056 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:40:54.0916 5056 MyWiFiDHCPDNS - ok
00:40:54.0949 5056 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:40:54.0999 5056 napagent - ok
00:40:55.0032 5056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:40:55.0042 5056 NativeWifiP - ok
00:40:55.0087 5056 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:40:55.0092 5056 NDIS - ok
00:40:55.0116 5056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:40:55.0123 5056 NdisCap - ok
00:40:55.0142 5056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:40:55.0146 5056 NdisTapi - ok
00:40:55.0172 5056 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:40:55.0212 5056 Ndisuio - ok
00:40:55.0233 5056 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:40:55.0271 5056 NdisWan - ok
00:40:55.0292 5056 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:40:55.0328 5056 NDProxy - ok
00:40:55.0353 5056 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
00:40:55.0384 5056 Net Driver HPZ12 - ok
00:40:55.0399 5056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:40:55.0404 5056 NetBIOS - ok
00:40:55.0434 5056 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:40:55.0473 5056 NetBT - ok
00:40:55.0500 5056 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:40:55.0503 5056 Netlogon - ok
00:40:55.0538 5056 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:40:55.0560 5056 Netman - ok
00:40:55.0617 5056 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:40:55.0665 5056 NetMsmqActivator - ok
00:40:55.0670 5056 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:40:55.0672 5056 NetPipeActivator - ok
00:40:55.0700 5056 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:40:55.0708 5056 netprofm - ok
00:40:55.0718 5056 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:40:55.0720 5056 NetTcpActivator - ok
00:40:55.0733 5056 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:40:55.0735 5056 NetTcpPortSharing - ok
00:40:55.0869 5056 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
00:40:56.0088 5056 NETw5s64 - ok
00:40:56.0138 5056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:40:56.0143 5056 nfrd960 - ok
00:40:56.0177 5056 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:40:56.0185 5056 NlaSvc - ok
00:40:56.0285 5056 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
00:40:56.0428 5056 NOBU - ok
00:40:56.0447 5056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:40:56.0450 5056 Npfs - ok
00:40:56.0474 5056 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:40:56.0483 5056 nsi - ok
00:40:56.0501 5056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:40:56.0505 5056 nsiproxy - ok
00:40:56.0561 5056 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:40:56.0658 5056 Ntfs - ok
00:40:56.0679 5056 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:40:56.0685 5056 Null - ok
00:40:56.0710 5056 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:40:56.0753 5056 nvraid - ok
00:40:56.0774 5056 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:40:56.0816 5056 nvstor - ok
00:40:56.0850 5056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:40:56.0858 5056 nv_agp - ok
00:40:56.0889 5056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:40:56.0897 5056 ohci1394 - ok
00:40:56.0939 5056 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:40:56.0984 5056 ose - ok
00:40:57.0104 5056 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:40:57.0265 5056 osppsvc - ok
00:40:57.0299 5056 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:40:57.0325 5056 p2pimsvc - ok
00:40:57.0353 5056 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:40:57.0383 5056 p2psvc - ok
00:40:57.0409 5056 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:40:57.0414 5056 Parport - ok
00:40:57.0446 5056 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:40:57.0487 5056 partmgr - ok
00:40:57.0500 5056 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:40:57.0512 5056 PcaSvc - ok
00:40:57.0549 5056 PcdrNdisuio - ok
00:40:57.0600 5056 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
00:40:57.0657 5056 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
00:40:57.0676 5056 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:40:57.0678 5056 pci - ok
00:40:57.0701 5056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:40:57.0706 5056 pciide - ok
00:40:57.0725 5056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:40:57.0733 5056 pcmcia - ok
00:40:57.0763 5056 pcouffin (899e41a057038cb5be892fe428bdc576) C:\Windows\system32\Drivers\pcouffin.sys
00:40:57.0801 5056 pcouffin - ok
00:40:57.0813 5056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:40:57.0817 5056 pcw - ok
00:40:57.0843 5056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:40:57.0868 5056 PEAUTH - ok
00:40:57.0896 5056 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:40:57.0904 5056 PerfHost - ok
00:40:57.0962 5056 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:40:58.0044 5056 pla - ok
00:40:58.0078 5056 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:40:58.0133 5056 PlugPlay - ok
00:40:58.0165 5056 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
00:40:58.0199 5056 Pml Driver HPZ12 - ok
00:40:58.0209 5056 PnkBstrA - ok
00:40:58.0233 5056 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:40:58.0242 5056 PNRPAutoReg - ok
00:40:58.0264 5056 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:40:58.0271 5056 PNRPsvc - ok
00:40:58.0302 5056 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:40:58.0339 5056 PolicyAgent - ok
00:40:58.0374 5056 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:40:58.0397 5056 Power - ok
00:40:58.0420 5056 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:40:58.0458 5056 PptpMiniport - ok
00:40:58.0487 5056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:40:58.0492 5056 Processor - ok
00:40:58.0520 5056 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:40:58.0565 5056 ProfSvc - ok
00:40:58.0594 5056 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:40:58.0598 5056 ProtectedStorage - ok
00:40:58.0633 5056 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:40:58.0671 5056 Psched - ok
00:40:58.0695 5056 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:40:58.0735 5056 PxHlpa64 - ok
00:40:58.0780 5056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:40:58.0814 5056 ql2300 - ok
00:40:58.0839 5056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:40:58.0843 5056 ql40xx - ok
00:40:58.0879 5056 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:40:58.0898 5056 QWAVE - ok
00:40:58.0922 5056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:40:58.0928 5056 QWAVEdrv - ok
00:40:58.0953 5056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:40:58.0958 5056 RasAcd - ok
00:40:58.0985 5056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:40:58.0989 5056 RasAgileVpn - ok
00:40:59.0011 5056 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:40:59.0023 5056 RasAuto - ok
00:40:59.0046 5056 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:40:59.0083 5056 Rasl2tp - ok
00:40:59.0108 5056 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:40:59.0159 5056 RasMan - ok
00:40:59.0178 5056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:40:59.0185 5056 RasPppoe - ok
00:40:59.0198 5056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:40:59.0202 5056 RasSstp - ok
00:40:59.0231 5056 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:40:59.0274 5056 rdbss - ok
00:40:59.0294 5056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:40:59.0299 5056 rdpbus - ok
00:40:59.0321 5056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:40:59.0326 5056 RDPCDD - ok
00:40:59.0340 5056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:40:59.0343 5056 RDPENCDD - ok
00:40:59.0357 5056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:40:59.0359 5056 RDPREFMP - ok
00:40:59.0385 5056 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:40:59.0423 5056 RDPWD - ok
00:40:59.0450 5056 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:40:59.0490 5056 rdyboost - ok
00:40:59.0570 5056 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:40:59.0615 5056 RegSrvc - ok
00:40:59.0661 5056 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:40:59.0672 5056 RemoteAccess - ok
00:40:59.0699 5056 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:40:59.0716 5056 RemoteRegistry - ok
00:40:59.0753 5056 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:40:59.0760 5056 RFCOMM - ok
00:40:59.0787 5056 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:40:59.0800 5056 RpcEptMapper - ok
00:40:59.0821 5056 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:40:59.0831 5056 RpcLocator - ok
00:40:59.0896 5056 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:40:59.0907 5056 RpcSs - ok
00:40:59.0959 5056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:40:59.0965 5056 rspndr - ok
00:41:00.0001 5056 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
00:41:00.0043 5056 RSUSBSTOR - ok
00:41:00.0070 5056 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:41:00.0076 5056 SamSs - ok
00:41:00.0117 5056 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:41:00.0158 5056 SASDIFSV - ok
00:41:00.0168 5056 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:41:00.0206 5056 SASKUTIL - ok
00:41:00.0238 5056 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:41:00.0279 5056 sbp2port - ok
00:41:00.0309 5056 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:41:00.0321 5056 SCardSvr - ok
00:41:00.0349 5056 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:41:00.0390 5056 scfilter - ok
00:41:00.0433 5056 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:41:00.0502 5056 Schedule - ok
00:41:00.0535 5056 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:41:00.0537 5056 SCPolicySvc - ok
00:41:00.0567 5056 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:41:00.0609 5056 SDRSVC - ok
00:41:00.0638 5056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:41:00.0643 5056 secdrv - ok
00:41:00.0663 5056 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:41:00.0698 5056 seclogon - ok
00:41:00.0722 5056 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:41:00.0733 5056 SENS - ok
00:41:00.0744 5056 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:41:00.0754 5056 SensrSvc - ok
00:41:00.0771 5056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:41:00.0775 5056 Serenum - ok
00:41:00.0796 5056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:41:00.0801 5056 Serial - ok
00:41:00.0843 5056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:41:00.0848 5056 sermouse - ok
00:41:00.0893 5056 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:41:00.0936 5056 SessionEnv - ok
00:41:00.0969 5056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:41:00.0974 5056 sffdisk - ok
00:41:00.0988 5056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:41:00.0992 5056 sffp_mmc - ok
00:41:01.0003 5056 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:41:01.0040 5056 sffp_sd - ok
00:41:01.0072 5056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:41:01.0078 5056 sfloppy - ok
00:41:01.0152 5056 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
00:41:01.0224 5056 SftService - ok
00:41:01.0270 5056 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:41:01.0285 5056 SharedAccess - ok
00:41:01.0314 5056 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:41:01.0364 5056 ShellHWDetection - ok
00:41:01.0385 5056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:41:01.0391 5056 SiSRaid2 - ok
00:41:01.0407 5056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:41:01.0413 5056 SiSRaid4 - ok
00:41:01.0437 5056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:41:01.0445 5056 Smb - ok
00:41:01.0483 5056 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:41:01.0495 5056 SNMPTRAP - ok
00:41:01.0547 5056 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
00:41:01.0594 5056 speedfan - ok
00:41:01.0627 5056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:41:01.0632 5056 spldr - ok
00:41:01.0670 5056 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:41:01.0722 5056 Spooler - ok
00:41:01.0812 5056 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:41:01.0834 5056 sppsvc - ok
00:41:01.0861 5056 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:41:01.0873 5056 sppuinotify - ok
00:41:01.0913 5056 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:41:01.0957 5056 srv - ok
00:41:01.0993 5056 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:41:02.0053 5056 srv2 - ok
00:41:02.0080 5056 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:41:02.0121 5056 srvnet - ok
00:41:02.0141 5056 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:41:02.0155 5056 SSDPSRV - ok
00:41:02.0175 5056 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:41:02.0193 5056 SstpSvc - ok
00:41:02.0225 5056 Steam Client Service - ok
00:41:02.0247 5056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:41:02.0251 5056 stexstor - ok
00:41:02.0288 5056 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:41:02.0346 5056 stisvc - ok
00:41:02.0374 5056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:41:02.0380 5056 swenum - ok
00:41:02.0411 5056 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:41:02.0444 5056 swprv - ok
00:41:02.0472 5056 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
00:41:02.0516 5056 SynTP - ok
00:41:02.0573 5056 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:41:02.0630 5056 SysMain - ok
00:41:02.0649 5056 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:41:02.0691 5056 TabletInputService - ok
00:41:02.0713 5056 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:41:02.0757 5056 TapiSrv - ok
00:41:02.0787 5056 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:41:02.0805 5056 TBS - ok
00:41:02.0856 5056 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:41:02.0944 5056 Tcpip - ok
00:41:02.0987 5056 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:41:02.0997 5056 TCPIP6 - ok
00:41:03.0035 5056 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:41:03.0073 5056 tcpipreg - ok
00:41:03.0110 5056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:41:03.0117 5056 TDPIPE - ok
00:41:03.0145 5056 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:41:03.0184 5056 TDTCP - ok
00:41:03.0220 5056 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:41:03.0258 5056 tdx - ok
00:41:03.0291 5056 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:41:03.0323 5056 TermDD - ok
00:41:03.0363 5056 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:41:03.0418 5056 TermService - ok
00:41:03.0439 5056 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:41:03.0451 5056 Themes - ok
00:41:03.0477 5056 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:41:03.0483 5056 THREADORDER - ok
00:41:03.0514 5056 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:41:03.0533 5056 TrkWks - ok
00:41:03.0580 5056 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:41:03.0618 5056 TrustedInstaller - ok
00:41:03.0650 5056 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:41:03.0688 5056 tssecsrv - ok
00:41:03.0718 5056 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:41:03.0756 5056 TsUsbFlt - ok
00:41:03.0834 5056 TuneUp.UtilitiesSvc (94950e272ace7338c75f1fb2da6756d5) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
00:41:03.0873 5056 TuneUp.UtilitiesSvc - ok
00:41:03.0890 5056 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
00:41:03.0928 5056 TuneUpUtilitiesDrv - ok
00:41:03.0970 5056 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:41:04.0009 5056 tunnel - ok
00:41:04.0038 5056 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
00:41:04.0078 5056 TurboB - ok
00:41:04.0122 5056 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:41:04.0162 5056 TurboBoost - ok
00:41:04.0192 5056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:41:04.0197 5056 uagp35 - ok
00:41:04.0232 5056 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:41:04.0275 5056 udfs - ok
00:41:04.0313 5056 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:41:04.0325 5056 UI0Detect - ok
00:41:04.0355 5056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:41:04.0360 5056 uliagpkx - ok
00:41:04.0389 5056 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:41:04.0427 5056 umbus - ok
00:41:04.0444 5056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:41:04.0449 5056 UmPass - ok
00:41:04.0528 5056 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:41:04.0616 5056 UNS - ok
00:41:04.0638 5056 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:41:04.0665 5056 upnphost - ok
00:41:04.0694 5056 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:41:04.0733 5056 usbccgp - ok
00:41:04.0760 5056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:41:04.0766 5056 usbcir - ok
00:41:04.0795 5056 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:41:04.0833 5056 usbehci - ok
00:41:04.0855 5056 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:41:04.0907 5056 usbhub - ok
00:41:04.0925 5056 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:41:04.0963 5056 usbohci - ok
00:41:04.0985 5056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:41:04.0989 5056 usbprint - ok
00:41:05.0020 5056 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:41:05.0024 5056 usbscan - ok
00:41:05.0048 5056 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:41:05.0085 5056 USBSTOR - ok
00:41:05.0102 5056 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:41:05.0139 5056 usbuhci - ok
00:41:05.0171 5056 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:41:05.0210 5056 usbvideo - ok
00:41:05.0241 5056 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:41:05.0253 5056 UxSms - ok
00:41:05.0284 5056 UxTuneUp (1e3df5736bea0b3e7282ea171fa5656a) C:\Windows\System32\uxtuneup.dll
00:41:05.0328 5056 UxTuneUp - ok
00:41:05.0351 5056 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:41:05.0356 5056 VaultSvc - ok
00:41:05.0381 5056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:41:05.0388 5056 vdrvroot - ok
00:41:05.0423 5056 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:41:05.0468 5056 vds - ok
00:41:05.0489 5056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:41:05.0494 5056 vga - ok
00:41:05.0524 5056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:41:05.0532 5056 VgaSave - ok
00:41:05.0561 5056 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:41:05.0603 5056 vhdmp - ok
00:41:05.0640 5056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:41:05.0646 5056 viaide - ok
00:41:05.0661 5056 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:41:05.0701 5056 volmgr - ok
00:41:05.0734 5056 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:41:05.0782 5056 volmgrx - ok
00:41:05.0805 5056 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:41:05.0848 5056 volsnap - ok
00:41:05.0879 5056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:41:05.0887 5056 vsmraid - ok
00:41:05.0938 5056 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:41:06.0032 5056 VSS - ok
00:41:06.0055 5056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:41:06.0060 5056 vwifibus - ok
00:41:06.0092 5056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:41:06.0099 5056 vwififlt - ok
00:41:06.0116 5056 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:41:06.0122 5056 vwifimp - ok
00:41:06.0155 5056 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:41:06.0183 5056 W32Time - ok
00:41:06.0213 5056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:41:06.0219 5056 WacomPen - ok
00:41:06.0244 5056 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:41:06.0283 5056 WANARP - ok
00:41:06.0288 5056 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:41:06.0291 5056 Wanarpv6 - ok
00:41:06.0339 5056 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:41:06.0406 5056 WatAdminSvc - ok
00:41:06.0445 5056 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:41:06.0532 5056 wbengine - ok
00:41:06.0551 5056 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:41:06.0577 5056 WbioSrvc - ok
00:41:06.0606 5056 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:41:06.0655 5056 wcncsvc - ok
00:41:06.0672 5056 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:41:06.0681 5056 WcsPlugInService - ok
00:41:06.0706 5056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:41:06.0711 5056 Wd - ok
00:41:06.0743 5056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:41:06.0768 5056 Wdf01000 - ok
00:41:06.0784 5056 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:41:06.0797 5056 WdiServiceHost - ok
00:41:06.0803 5056 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:41:06.0810 5056 WdiSystemHost - ok
00:41:06.0856 5056 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:41:06.0904 5056 WebClient - ok
00:41:06.0988 5056 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:41:07.0013 5056 Wecsvc - ok
00:41:07.0030 5056 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:41:07.0048 5056 wercplsupport - ok
00:41:07.0061 5056 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:41:07.0075 5056 WerSvc - ok
00:41:07.0095 5056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:41:07.0100 5056 WfpLwf - ok
00:41:07.0132 5056 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
00:41:07.0171 5056 WimFltr - ok
00:41:07.0197 5056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:41:07.0202 5056 WIMMount - ok
00:41:07.0257 5056 WinFLdrv (0ae97898030bc89d64be429a88c33a7f) C:\Windows\syswow64\WinFLdrv.sys
00:41:07.0265 5056 Suspicious file (Hidden): C:\Windows\syswow64\WinFLdrv.sys. md5: 0ae97898030bc89d64be429a88c33a7f
00:41:07.0268 5056 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
00:41:07.0268 5056 WinFLdrv - detected HiddenFile.Multi.Generic (1)
00:41:07.0274 5056 WinHttpAutoProxySvc - ok
00:41:07.0320 5056 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:41:07.0326 5056 Winmgmt - ok
00:41:07.0380 5056 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:41:07.0459 5056 WinRM - ok
00:41:07.0490 5056 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:41:07.0527 5056 WinUsb - ok
00:41:07.0565 5056 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:41:07.0599 5056 Wlansvc - ok
00:41:07.0671 5056 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:41:07.0745 5056 wlidsvc - ok
00:41:07.0771 5056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:41:07.0773 5056 WmiAcpi - ok
00:41:07.0813 5056 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:41:07.0822 5056 wmiApSrv - ok
00:41:07.0844 5056 WMPNetworkSvc - ok
00:41:07.0877 5056 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:41:07.0895 5056 WPCSvc - ok
00:41:07.0926 5056 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:41:07.0974 5056 WPDBusEnum - ok
00:41:08.0003 5056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:41:08.0008 5056 ws2ifsl - ok
00:41:08.0020 5056 WSearch - ok
00:41:08.0080 5056 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:41:08.0153 5056 wuauserv - ok
00:41:08.0183 5056 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:41:08.0221 5056 WudfPf - ok
00:41:08.0254 5056 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:41:08.0294 5056 WUDFRd - ok
00:41:08.0336 5056 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:41:08.0379 5056 wudfsvc - ok
00:41:08.0415 5056 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:41:08.0443 5056 WwanSvc - ok
00:41:08.0482 5056 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:41:08.0552 5056 \Device\Harddisk0\DR0 - ok
00:41:08.0560 5056 Boot (0x1200) (7019b8cc0dc29e0feb9b03c67b44ee2d) \Device\Harddisk0\DR0\Partition0
00:41:08.0563 5056 \Device\Harddisk0\DR0\Partition0 - ok
00:41:08.0574 5056 Boot (0x1200) (66ae7e20fe5346732cef75bfa1127fc7) \Device\Harddisk0\DR0\Partition1
00:41:08.0576 5056 \Device\Harddisk0\DR0\Partition1 - ok
00:41:08.0599 5056 Boot (0x1200) (c8fb0b30a8eacbce93f45fd566d4406a) \Device\Harddisk0\DR0\Partition2
00:41:08.0601 5056 \Device\Harddisk0\DR0\Partition2 - ok
00:41:08.0602 5056 ============================================================
00:41:08.0602 5056 Scan finished
00:41:08.0602 5056 ============================================================
00:41:08.0611 2728 Detected object count: 1
00:41:08.0611 2728 Actual detected object count: 1
00:41:39.0129 2728 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
00:41:39.0129 2728 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip




log from MBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 00:46:02
-----------------------------
00:46:02.758 OS Version: Windows x64 6.1.7601 Service Pack 1
00:46:02.758 Number of processors: 4 586 0x2505
00:46:02.759 ComputerName: CYCLOP-PC UserName: owne
00:46:05.267 Initialize success
00:48:14.974 AVAST engine defs: 12032702
00:48:27.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:48:27.665 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
00:48:27.678 Disk 0 MBR read successfully
00:48:27.680 Disk 0 MBR scan
00:48:27.685 Disk 0 Windows VISTA default MBR code
00:48:27.688 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
00:48:27.697 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208845
00:48:27.711 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 236185 MB offset 30928845
00:48:27.716 Disk 0 Partition - 00 0F Extended LBA 225651 MB offset 514637824
00:48:27.744 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 225650 MB offset 514639872
00:48:27.780 Disk 0 scanning C:\Windows\system32\drivers
00:48:38.793 Service scanning
00:48:57.834 Modules scanning
00:48:57.844 Disk 0 trace - called modules:
00:48:57.873 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:48:57.878 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c66790]
00:48:57.883 3 CLASSPNP.SYS[fffff88001bbe43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004930050]
00:49:01.250 AVAST engine scan C:\Windows
00:49:06.642 AVAST engine scan C:\Windows\system32
00:53:51.282 AVAST engine scan C:\Windows\system32\drivers
00:54:03.224 AVAST engine scan C:\Users\owne
00:57:00.803 File: C:\Users\owne\AppData\Local\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
00:57:00.978 File: C:\Users\owne\AppData\Local\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
01:03:29.437 AVAST engine scan C:\ProgramData
01:07:27.993 Scan finished successfully
01:30:18.694 Disk 0 MBR has been saved successfully to "C:\Users\owne\Desktop\MBR.dat"
01:30:18.703 The log file has been saved successfully to "C:\Users\owne\Desktop\aswMBR.txt"



for the MBR.rar file. i cannot attach it because it is too big(560K) while my upload quota for this forum is only 496.61K left.

thanx for your help!!

cyclop

#4 cyclop

cyclop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 28 March 2012 - 03:20 AM

since i cannot attach my MBR.rar in my previous post, i uploaded it in my dropbox folder

this is the download link

http://dl.dropbox.com/u/31458321/MBR.rar

sorry for the complication and thanks for willing to help me.

cyclop

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 28 March 2012 - 09:34 AM

Good work.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#6 cyclop

cyclop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 28 March 2012 - 03:55 PM

i cannot copy-paste the log from combofix here since it is too long.

can i just attach it with this post?

log.txt is the log report from combofix

checkup.txt is the report from security check


cyclop

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 29 March 2012 - 07:31 AM

Your ComboFix log is looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23


Please let me know of any remaining issues with this computer.

#8 cyclop

cyclop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 29 March 2012 - 10:37 AM

So the malware was gone? Thank you so much for your time.

Btw, what is the 3rd party program?

cyclop

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 29 March 2012 - 01:27 PM

Btw, what is the 3rd party program?

All the programs checked by the Security tool.

You can include, Google Chrome, and or any other programs you installed.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#10 cyclop

cyclop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 29 March 2012 - 03:02 PM

ok. thanks so much for your help.

cheers.



cyclop

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 04 April 2012 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users