Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-c.generic


  • This topic is locked This topic is locked
15 replies to this topic

#1 pollo8507

pollo8507

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 12 May 2012 - 09:36 AM

Hello,

I have a 6 month old laptop (Windows 7) that randomly started shutting down. It would usually do this out of sleep mode, the BSOD would come up and then it takes forever to get through system repairs. Anyway, I recently downloaded and ran Spybot and found Smitfraud-c.generic. The would not remove the infection at first, but I figured out I was not running it as an admin. After running again as admin, the infection was removed. However, after rebooting, Spybot finds the infection again. I found a forum on this site that suggested downloading and running Malwarebytes Anti-Malware. I did that and it was able to find infections. After rebooting and running Spybot again, the Smitfraud still shows up. Here is the log from Malwarebytes below. How in the heck do i get rid of this thing? Any help would be greatly appreciated!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

5/11/2012 9:34:28 PM
mbam-log-2012-05-11 (21-34-28).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375886
Time elapsed: 53 minute(s), 27 second(s)

Memory Processes Detected: 1
C:\WINDOWS\svchost.exe (Trojan.Agent) -> 5888 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|SpybotDeletingA216 (Trojan.Agent) -> Data: command.com /c del "C:\WINDOWS\svchost.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|SpybotDeletingC3319 (Trojan.Agent) -> Data: cmd.exe /c del "C:\WINDOWS\svchost.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|SpybotDeletingB6253 (Trojan.Agent) -> Data: command.com /c del "C:\WINDOWS\svchost.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|SpybotDeletingD9214 (Trojan.Agent) -> Data: cmd.exe /c del "C:\WINDOWS\svchost.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\svchost.exe_old (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:27 AM

Posted 12 May 2012 - 12:23 PM

Hi pollo8507,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

Please take note:

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links.. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 pollo8507

pollo8507
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 12 May 2012 - 12:33 PM

Hi Jason,

Thanks so much. Other than the machine shutting down whenever it feels like it, I have not noticed any other issues. I don't have the Windows install disk handy and it is a 64-bit system.

Here is the log from DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by David at 13:27:23 on 2012-05-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.3825 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\Silverlight.Configuration.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120508200236.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB2145] command.com /c del "C:\WINDOWS\svchost.exe_old"
uRunOnce: [SpybotDeletingD7322] cmd.exe /c del "C:\WINDOWS\svchost.exe_old"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRunOnce: [SpybotDeletingA6066] command.com /c del "C:\WINDOWS\svchost.exe_old"
mRunOnce: [SpybotDeletingC9572] cmd.exe /c del "C:\WINDOWS\svchost.exe_old"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{539DE454-CC5B-48D6-BC2A-7DE9534DA2E4} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120508200236.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRunOnce-x64: [SpybotDeletingA6066] command.com /c del "C:\WINDOWS\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC9572] cmd.exe /c del "C:\WINDOWS\svchost.exe_old"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\nt3h13kq.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\system32\drivers\btmaud.sys --> C:\windows\system32\drivers\btmaud.sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?]
.
=============== Created Last 30 ================
.
2012-05-12 14:29:00 20480 ----a-w- C:\windows\svchost.exe
2012-05-12 02:51:00 691 ----a-w- C:\Users\David\AppData\Roaming\GetValue.vbs
2012-05-12 02:51:00 35 ----a-w- C:\Users\David\AppData\Roaming\SetValue.bat
2012-05-12 01:33:51 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes
2012-05-12 01:33:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-12 01:33:39 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-05-12 01:33:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-11 22:45:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-11 22:45:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-05-12 02:51:00 4462 ----a-w- C:\windows\SysWow64\tmp.reg
2012-05-06 02:35:13 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 02:35:13 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 02:35:07 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 17:11:30 162192 ----a-w- C:\windows\System32\mfevtps.exe
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-22 17:29:46 75936 ----a-w- C:\windows\System32\drivers\mfenlfk.sys
2012-02-22 17:29:46 65264 ----a-w- C:\windows\System32\drivers\cfwids.sys
2012-02-22 17:29:46 647208 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2012-02-22 17:29:46 487296 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2012-02-22 17:29:46 289664 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2012-02-22 17:29:46 229528 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2012-02-22 17:29:46 160792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
2012-02-22 17:29:46 10248 ----a-w- C:\windows\System32\drivers\mfeclnk.sys
2012-02-22 17:29:46 100912 ----a-w- C:\windows\System32\drivers\mferkdet.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
.
============= FINISH: 13:30:07.45 ===============

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:27 AM

Posted 12 May 2012 - 02:51 PM

pollo8507,

:step1: Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


:step2: Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • TDSSkiller log
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 pollo8507

pollo8507
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 12 May 2012 - 05:38 PM

Thanks! I ran the tdsskiller and one of the finds was defaulted to Cure. I changed it to Skip per the instructions, but let me know if I need to redo that step. Here is the log created: (the log for ComboFix starts about 3/4 of the way down the post. I did not get any error messages through the process and there haven't really been any changes to the performance of the computer as far as I can tell, let me know if you need anything else! Thanks!

18:03:25.0154 9404 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:03:26.0127 9404 ============================================================
18:03:26.0127 9404 Current date / time: 2012/05/12 18:03:26.0127
18:03:26.0127 9404 SystemInfo:
18:03:26.0127 9404
18:03:26.0128 9404 OS Version: 6.1.7601 ServicePack: 1.0
18:03:26.0128 9404 Product type: Workstation
18:03:26.0128 9404 ComputerName: DAVID-PC
18:03:26.0128 9404 UserName: David
18:03:26.0128 9404 Windows directory: C:\windows
18:03:26.0128 9404 System windows directory: C:\windows
18:03:26.0128 9404 Running under WOW64
18:03:26.0128 9404 Processor architecture: Intel x64
18:03:26.0128 9404 Number of processors: 4
18:03:26.0128 9404 Page size: 0x1000
18:03:26.0128 9404 Boot type: Normal boot
18:03:26.0128 9404 ============================================================
18:03:26.0619 9404 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:03:26.0623 9404 ============================================================
18:03:26.0623 9404 \Device\Harddisk0\DR0:
18:03:26.0623 9404 MBR partitions:
18:03:26.0623 9404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
18:03:26.0623 9404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0
18:03:26.0623 9404 ============================================================
18:03:26.0660 9404 C: <-> \Device\Harddisk0\DR0\Partition1
18:03:26.0660 9404 ============================================================
18:03:26.0660 9404 Initialize success
18:03:26.0660 9404 ============================================================
18:03:46.0477 9664 ============================================================
18:03:46.0477 9664 Scan started
18:03:46.0477 9664 Mode: Manual; SigCheck; TDLFS;
18:03:46.0477 9664 ============================================================
18:03:49.0008 9664 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:03:49.0224 9664 1394ohci - ok
18:03:49.0268 9664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:03:49.0284 9664 ACPI - ok
18:03:49.0311 9664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:03:49.0366 9664 AcpiPmi - ok
18:03:49.0498 9664 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:49.0516 9664 AdobeFlashPlayerUpdateSvc - ok
18:03:49.0597 9664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:03:49.0626 9664 adp94xx - ok
18:03:49.0680 9664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:03:49.0695 9664 adpahci - ok
18:03:49.0733 9664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:03:49.0745 9664 adpu320 - ok
18:03:49.0777 9664 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:03:49.0898 9664 AeLookupSvc - ok
18:03:50.0099 9664 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
18:03:50.0209 9664 AESTFilters - ok
18:03:50.0278 9664 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:03:50.0351 9664 AFD - ok
18:03:50.0425 9664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:03:50.0440 9664 agp440 - ok
18:03:50.0483 9664 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:03:50.0572 9664 ALG - ok
18:03:50.0624 9664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:03:50.0652 9664 aliide - ok
18:03:50.0669 9664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:03:50.0681 9664 amdide - ok
18:03:50.0716 9664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:03:50.0747 9664 AmdK8 - ok
18:03:50.0779 9664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
18:03:50.0812 9664 AmdPPM - ok
18:03:50.0843 9664 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:03:50.0858 9664 amdsata - ok
18:03:50.0921 9664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:03:50.0934 9664 amdsbs - ok
18:03:50.0959 9664 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:03:50.0972 9664 amdxata - ok
18:03:51.0015 9664 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\windows\system32\DRIVERS\AMPPAL.sys
18:03:51.0086 9664 AMPPAL - ok
18:03:51.0110 9664 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\windows\system32\DRIVERS\amppal.sys
18:03:51.0137 9664 AMPPALP - ok
18:03:51.0358 9664 AMPPALR3 (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:03:51.0424 9664 AMPPALR3 - ok
18:03:51.0618 9664 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
18:03:51.0641 9664 ApfiltrService - ok
18:03:51.0720 9664 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:03:51.0862 9664 AppID - ok
18:03:51.0893 9664 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:03:51.0951 9664 AppIDSvc - ok
18:03:52.0011 9664 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
18:03:52.0116 9664 Appinfo - ok
18:03:52.0172 9664 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:03:52.0187 9664 arc - ok
18:03:52.0238 9664 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:03:52.0250 9664 arcsas - ok
18:03:52.0414 9664 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:03:52.0426 9664 aspnet_state - ok
18:03:52.0466 9664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:03:52.0525 9664 AsyncMac - ok
18:03:52.0556 9664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:03:52.0567 9664 atapi - ok
18:03:52.0609 9664 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:03:52.0732 9664 AudioEndpointBuilder - ok
18:03:52.0737 9664 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:03:52.0807 9664 AudioSrv - ok
18:03:52.0847 9664 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
18:03:52.0950 9664 AxInstSV - ok
18:03:53.0024 9664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:03:53.0071 9664 b06bdrv - ok
18:03:53.0142 9664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:03:53.0175 9664 b57nd60a - ok
18:03:53.0223 9664 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:03:53.0307 9664 BDESVC - ok
18:03:53.0352 9664 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:03:53.0394 9664 Beep - ok
18:03:53.0463 9664 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
18:03:53.0532 9664 BFE - ok
18:03:53.0574 9664 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
18:03:53.0628 9664 BITS - ok
18:03:53.0709 9664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:03:53.0739 9664 blbdrive - ok
18:03:53.0860 9664 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:03:53.0931 9664 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
18:03:53.0931 9664 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
18:03:54.0037 9664 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:03:54.0084 9664 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
18:03:54.0084 9664 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
18:03:54.0200 9664 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:03:54.0252 9664 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
18:03:54.0252 9664 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
18:03:54.0486 9664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:03:54.0530 9664 bowser - ok
18:03:54.0562 9664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:03:54.0610 9664 BrFiltLo - ok
18:03:54.0626 9664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:03:54.0639 9664 BrFiltUp - ok
18:03:54.0667 9664 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
18:03:54.0708 9664 Browser - ok
18:03:54.0742 9664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:03:54.0790 9664 Brserid - ok
18:03:54.0839 9664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:03:54.0876 9664 BrSerWdm - ok
18:03:54.0919 9664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:03:54.0943 9664 BrUsbMdm - ok
18:03:54.0995 9664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:03:55.0022 9664 BrUsbSer - ok
18:03:55.0062 9664 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
18:03:55.0096 9664 BthEnum - ok
18:03:55.0133 9664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:03:55.0159 9664 BTHMODEM - ok
18:03:55.0252 9664 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
18:03:55.0279 9664 BthPan - ok
18:03:55.0334 9664 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
18:03:55.0366 9664 BTHPORT - ok
18:03:55.0415 9664 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:03:55.0453 9664 bthserv - ok
18:03:55.0560 9664 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:03:55.0569 9664 BTHSSecurityMgr - ok
18:03:55.0612 9664 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
18:03:55.0641 9664 BTHUSB - ok
18:03:55.0690 9664 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys
18:03:55.0730 9664 btmaudio - ok
18:03:55.0772 9664 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys
18:03:55.0808 9664 btmaux - ok
18:03:55.0849 9664 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\windows\system32\DRIVERS\btmhsf.sys
18:03:55.0888 9664 btmhsf - ok
18:03:55.0924 9664 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:03:55.0995 9664 cdfs - ok
18:03:56.0059 9664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:03:56.0176 9664 cdrom - ok
18:03:56.0216 9664 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:03:56.0357 9664 CertPropSvc - ok
18:03:56.0447 9664 cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
18:03:56.0457 9664 cfwids - ok
18:03:56.0483 9664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:03:56.0512 9664 circlass - ok
18:03:56.0550 9664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:03:56.0565 9664 CLFS - ok
18:03:56.0712 9664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:56.0738 9664 clr_optimization_v2.0.50727_32 - ok
18:03:56.0901 9664 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:03:56.0913 9664 clr_optimization_v2.0.50727_64 - ok
18:03:56.0995 9664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:03:57.0005 9664 clr_optimization_v4.0.30319_32 - ok
18:03:57.0128 9664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:03:57.0138 9664 clr_optimization_v4.0.30319_64 - ok
18:03:57.0205 9664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:03:57.0243 9664 CmBatt - ok
18:03:57.0282 9664 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:03:57.0309 9664 cmdide - ok
18:03:57.0348 9664 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
18:03:57.0406 9664 CNG - ok
18:03:57.0448 9664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:03:57.0459 9664 Compbatt - ok
18:03:57.0558 9664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
18:03:57.0585 9664 CompositeBus - ok
18:03:57.0605 9664 COMSysApp - ok
18:03:57.0644 9664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:03:57.0654 9664 crcdisk - ok
18:03:57.0693 9664 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
18:03:57.0743 9664 CryptSvc - ok
18:03:57.0818 9664 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
18:03:57.0880 9664 CtClsFlt - ok
18:03:57.0974 9664 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:03:58.0044 9664 DcomLaunch - ok
18:03:58.0095 9664 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:03:58.0184 9664 defragsvc - ok
18:03:58.0321 9664 DellDigitalDelivery (bc8362b60304a9ed9416c305f6df5247) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
18:03:58.0334 9664 DellDigitalDelivery - ok
18:03:58.0407 9664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:03:58.0449 9664 DfsC - ok
18:03:58.0514 9664 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:03:58.0603 9664 Dhcp - ok
18:03:58.0632 9664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:03:58.0676 9664 discache - ok
18:03:58.0720 9664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:03:58.0730 9664 Disk - ok
18:03:58.0778 9664 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:03:58.0876 9664 Dnscache - ok
18:03:58.0930 9664 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:03:59.0018 9664 dot3svc - ok
18:03:59.0052 9664 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:03:59.0136 9664 DPS - ok
18:03:59.0175 9664 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:03:59.0209 9664 drmkaud - ok
18:03:59.0284 9664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:03:59.0313 9664 DXGKrnl - ok
18:03:59.0364 9664 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:03:59.0429 9664 EapHost - ok
18:03:59.0567 9664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:03:59.0748 9664 ebdrv - ok
18:03:59.0877 9664 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:03:59.0917 9664 EFS - ok
18:04:00.0039 9664 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:04:00.0140 9664 ehRecvr - ok
18:04:00.0178 9664 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:04:00.0197 9664 ehSched - ok
18:04:00.0285 9664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:04:00.0309 9664 elxstor - ok
18:04:00.0375 9664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:04:00.0399 9664 ErrDev - ok
18:04:00.0475 9664 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:04:00.0550 9664 EventSystem - ok
18:04:00.0713 9664 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:04:00.0742 9664 EvtEng - ok
18:04:00.0890 9664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:04:00.0929 9664 exfat - ok
18:04:00.0953 9664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:04:01.0051 9664 fastfat - ok
18:04:01.0156 9664 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:04:01.0286 9664 Fax - ok
18:04:01.0310 9664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:04:01.0343 9664 fdc - ok
18:04:01.0410 9664 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:04:01.0453 9664 fdPHost - ok
18:04:01.0465 9664 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:04:01.0505 9664 FDResPub - ok
18:04:01.0543 9664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:04:01.0553 9664 FileInfo - ok
18:04:01.0561 9664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:04:01.0598 9664 Filetrace - ok
18:04:01.0618 9664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:04:01.0630 9664 flpydisk - ok
18:04:01.0659 9664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:04:01.0675 9664 FltMgr - ok
18:04:01.0747 9664 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
18:04:01.0866 9664 FontCache - ok
18:04:01.0966 9664 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:04:02.0014 9664 FontCache3.0.0.0 - ok
18:04:02.0106 9664 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:04:02.0138 9664 FsDepends - ok
18:04:02.0194 9664 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
18:04:02.0204 9664 Fs_Rec - ok
18:04:02.0268 9664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:04:02.0296 9664 fvevol - ok
18:04:02.0341 9664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:04:02.0352 9664 gagp30kx - ok
18:04:02.0493 9664 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:04:02.0553 9664 GamesAppService - ok
18:04:02.0603 9664 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
18:04:02.0672 9664 gpsvc - ok
18:04:02.0720 9664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:04:02.0768 9664 hcw85cir - ok
18:04:02.0857 9664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:04:02.0875 9664 HdAudAddService - ok
18:04:02.0901 9664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:04:02.0948 9664 HDAudBus - ok
18:04:02.0964 9664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:04:02.0987 9664 HidBatt - ok
18:04:03.0029 9664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:04:03.0083 9664 HidBth - ok
18:04:03.0113 9664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:04:03.0128 9664 HidIr - ok
18:04:03.0148 9664 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
18:04:03.0190 9664 hidserv - ok
18:04:03.0256 9664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:04:03.0271 9664 HidUsb - ok
18:04:03.0313 9664 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
18:04:03.0440 9664 hkmsvc - ok
18:04:03.0458 9664 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
18:04:03.0552 9664 HomeGroupListener - ok
18:04:03.0579 9664 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
18:04:03.0639 9664 HomeGroupProvider - ok
18:04:03.0680 9664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:04:03.0690 9664 HpSAMD - ok
18:04:03.0773 9664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:04:03.0829 9664 HTTP - ok
18:04:03.0844 9664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:04:03.0853 9664 hwpolicy - ok
18:04:03.0948 9664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:04:03.0959 9664 i8042prt - ok
18:04:04.0008 9664 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
18:04:04.0024 9664 iaStor - ok
18:04:04.0124 9664 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:04:04.0185 9664 IAStorDataMgrSvc - ok
18:04:04.0216 9664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:04:04.0236 9664 iaStorV - ok
18:04:04.0264 9664 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\windows\system32\DRIVERS\iBtFltCoex.sys
18:04:04.0284 9664 iBtFltCoex - ok
18:04:04.0483 9664 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:04:04.0576 9664 idsvc - ok
18:04:05.0020 9664 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
18:04:05.0321 9664 igfx - ok
18:04:05.0563 9664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:04:05.0575 9664 iirsp - ok
18:04:05.0623 9664 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:04:05.0700 9664 IKEEXT - ok
18:04:05.0773 9664 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
18:04:05.0802 9664 intaud_WaveExtensible - ok
18:04:05.0843 9664 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
18:04:05.0868 9664 IntcDAud - ok
18:04:05.0911 9664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:04:05.0922 9664 intelide - ok
18:04:05.0943 9664 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:04:05.0969 9664 intelppm - ok
18:04:06.0047 9664 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:04:06.0082 9664 IPBusEnum - ok
18:04:06.0108 9664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:04:06.0136 9664 IpFilterDriver - ok
18:04:06.0197 9664 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:04:06.0259 9664 iphlpsvc - ok
18:04:06.0292 9664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:04:06.0315 9664 IPMIDRV - ok
18:04:06.0349 9664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:04:06.0428 9664 IPNAT - ok
18:04:06.0467 9664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:04:06.0490 9664 IRENUM - ok
18:04:06.0513 9664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:04:06.0524 9664 isapnp - ok
18:04:06.0563 9664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:04:06.0578 9664 iScsiPrt - ok
18:04:06.0616 9664 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
18:04:06.0627 9664 iwdbus - ok
18:04:06.0666 9664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:04:06.0678 9664 kbdclass - ok
18:04:06.0694 9664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
18:04:06.0726 9664 kbdhid - ok
18:04:06.0756 9664 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:04:06.0771 9664 KeyIso - ok
18:04:06.0787 9664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
18:04:06.0832 9664 KSecDD - ok
18:04:06.0864 9664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
18:04:06.0881 9664 KSecPkg - ok
18:04:06.0923 9664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:04:06.0974 9664 ksthunk - ok
18:04:07.0012 9664 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:04:07.0072 9664 KtmRm - ok
18:04:07.0121 9664 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
18:04:07.0169 9664 LanmanServer - ok
18:04:07.0205 9664 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:04:07.0278 9664 LanmanWorkstation - ok
18:04:07.0318 9664 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:04:07.0357 9664 lltdio - ok
18:04:07.0444 9664 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:04:07.0502 9664 lltdsvc - ok
18:04:07.0540 9664 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:04:07.0573 9664 lmhosts - ok
18:04:07.0727 9664 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:04:07.0739 9664 LMS - ok
18:04:07.0810 9664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:04:07.0832 9664 LSI_FC - ok
18:04:07.0841 9664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:04:07.0851 9664 LSI_SAS - ok
18:04:07.0869 9664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:04:07.0879 9664 LSI_SAS2 - ok
18:04:07.0893 9664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:04:07.0905 9664 LSI_SCSI - ok
18:04:07.0943 9664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:04:08.0008 9664 luafv - ok
18:04:08.0172 9664 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:04:08.0236 9664 McAfee SiteAdvisor Service - ok
18:04:08.0373 9664 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
18:04:08.0394 9664 McAWFwk - ok
18:04:08.0397 9664 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:04:08.0409 9664 McMPFSvc - ok
18:04:08.0429 9664 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:04:08.0441 9664 mcmscsvc - ok
18:04:08.0464 9664 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:04:08.0476 9664 McNaiAnn - ok
18:04:08.0504 9664 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:04:08.0515 9664 McNASvc - ok
18:04:08.0606 9664 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\mcafee\VirusScan\mcods.exe
18:04:08.0671 9664 McODS - ok
18:04:08.0674 9664 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:04:08.0684 9664 McOobeSv - ok
18:04:08.0700 9664 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:04:08.0711 9664 McProxy - ok
18:04:08.0769 9664 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:04:08.0779 9664 McShield - ok
18:04:08.0962 9664 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:04:09.0001 9664 Mcx2Svc - ok
18:04:09.0073 9664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:04:09.0083 9664 megasas - ok
18:04:09.0137 9664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:04:09.0151 9664 MegaSR - ok
18:04:09.0273 9664 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
18:04:09.0282 9664 MEIx64 - ok
18:04:09.0327 9664 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
18:04:09.0371 9664 mfeapfk - ok
18:04:09.0399 9664 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
18:04:09.0412 9664 mfeavfk - ok
18:04:09.0491 9664 mfeavfk01 - ok
18:04:09.0529 9664 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:04:09.0540 9664 mfefire - ok
18:04:09.0596 9664 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
18:04:09.0612 9664 mfefirek - ok
18:04:09.0656 9664 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
18:04:09.0680 9664 mfehidk - ok
18:04:09.0736 9664 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
18:04:09.0760 9664 mfenlfk - ok
18:04:09.0806 9664 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
18:04:09.0815 9664 mferkdet - ok
18:04:09.0850 9664 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
18:04:09.0893 9664 mfevtp - ok
18:04:09.0919 9664 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
18:04:09.0932 9664 mfewfpk - ok
18:04:09.0954 9664 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:04:09.0999 9664 MMCSS - ok
18:04:10.0032 9664 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:04:10.0082 9664 Modem - ok
18:04:10.0114 9664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:04:10.0155 9664 monitor - ok
18:04:10.0198 9664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:04:10.0209 9664 mouclass - ok
18:04:10.0266 9664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:04:10.0316 9664 mouhid - ok
18:04:10.0345 9664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:04:10.0356 9664 mountmgr - ok
18:04:10.0397 9664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:04:10.0422 9664 mpio - ok
18:04:10.0444 9664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:04:10.0473 9664 mpsdrv - ok
18:04:10.0561 9664 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
18:04:10.0637 9664 MpsSvc - ok
18:04:10.0667 9664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:04:10.0721 9664 MRxDAV - ok
18:04:10.0741 9664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:04:10.0784 9664 mrxsmb - ok
18:04:10.0810 9664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:04:10.0825 9664 mrxsmb10 - ok
18:04:10.0859 9664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:04:10.0887 9664 mrxsmb20 - ok
18:04:10.0904 9664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:04:10.0914 9664 msahci - ok
18:04:10.0931 9664 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:04:10.0943 9664 msdsm - ok
18:04:10.0977 9664 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:04:11.0013 9664 MSDTC - ok
18:04:11.0052 9664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:04:11.0087 9664 Msfs - ok
18:04:11.0122 9664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:04:11.0196 9664 mshidkmdf - ok
18:04:11.0213 9664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:04:11.0222 9664 msisadrv - ok
18:04:11.0245 9664 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:04:11.0281 9664 MSiSCSI - ok
18:04:11.0284 9664 msiserver - ok
18:04:11.0373 9664 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:04:11.0386 9664 MSK80Service - ok
18:04:11.0449 9664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:04:11.0490 9664 MSKSSRV - ok
18:04:11.0506 9664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:04:11.0594 9664 MSPCLOCK - ok
18:04:11.0604 9664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:04:11.0646 9664 MSPQM - ok
18:04:11.0679 9664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:04:11.0694 9664 MsRPC - ok
18:04:11.0713 9664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:04:11.0728 9664 mssmbios - ok
18:04:11.0758 9664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:04:11.0829 9664 MSTEE - ok
18:04:11.0840 9664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:04:11.0850 9664 MTConfig - ok
18:04:11.0888 9664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:04:11.0902 9664 Mup - ok
18:04:12.0036 9664 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:04:12.0051 9664 MyWiFiDHCPDNS - ok
18:04:12.0098 9664 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
18:04:12.0176 9664 napagent - ok
18:04:12.0244 9664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:04:12.0340 9664 NativeWifiP - ok
18:04:12.0497 9664 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
18:04:12.0562 9664 NAUpdate - ok
18:04:12.0644 9664 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
18:04:12.0682 9664 NDIS - ok
18:04:12.0711 9664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:04:12.0780 9664 NdisCap - ok
18:04:12.0814 9664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:04:12.0870 9664 NdisTapi - ok
18:04:12.0880 9664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:04:12.0919 9664 Ndisuio - ok
18:04:12.0940 9664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:04:13.0017 9664 NdisWan - ok
18:04:13.0044 9664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:04:13.0074 9664 NDProxy - ok
18:04:13.0122 9664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:04:13.0162 9664 NetBIOS - ok
18:04:13.0181 9664 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:04:13.0215 9664 NetBT - ok
18:04:13.0263 9664 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:04:13.0297 9664 Netlogon - ok
18:04:13.0348 9664 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:04:13.0401 9664 Netman - ok
18:04:13.0564 9664 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:13.0575 9664 NetMsmqActivator - ok
18:04:13.0578 9664 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:13.0587 9664 NetPipeActivator - ok
18:04:13.0625 9664 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:04:13.0659 9664 netprofm - ok
18:04:13.0663 9664 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:13.0673 9664 NetTcpActivator - ok
18:04:13.0677 9664 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:13.0686 9664 NetTcpPortSharing - ok
18:04:14.0035 9664 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\windows\system32\DRIVERS\NETwNs64.sys
18:04:14.0260 9664 NETwNs64 - ok
18:04:14.0456 9664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:04:14.0466 9664 nfrd960 - ok
18:04:14.0511 9664 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:04:14.0599 9664 NlaSvc - ok
18:04:14.0801 9664 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
18:04:14.0854 9664 NOBU - ok
18:04:15.0033 9664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:04:15.0070 9664 Npfs - ok
18:04:15.0124 9664 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:04:15.0168 9664 nsi - ok
18:04:15.0184 9664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:04:15.0239 9664 nsiproxy - ok
18:04:15.0315 9664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:04:15.0370 9664 Ntfs - ok
18:04:15.0532 9664 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:04:15.0579 9664 Null - ok
18:04:15.0632 9664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:04:15.0646 9664 nvraid - ok
18:04:15.0665 9664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:04:15.0679 9664 nvstor - ok
18:04:15.0692 9664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:04:15.0703 9664 nv_agp - ok
18:04:15.0720 9664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:04:15.0749 9664 ohci1394 - ok
18:04:15.0804 9664 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:04:15.0870 9664 p2pimsvc - ok
18:04:15.0913 9664 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:04:15.0927 9664 p2psvc - ok
18:04:15.0955 9664 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:04:15.0967 9664 Parport - ok
18:04:16.0014 9664 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:04:16.0024 9664 partmgr - ok
18:04:16.0053 9664 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:04:16.0086 9664 PcaSvc - ok
18:04:16.0111 9664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:04:16.0122 9664 pci - ok
18:04:16.0178 9664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
18:04:16.0187 9664 pciide - ok
18:04:16.0204 9664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:04:16.0217 9664 pcmcia - ok
18:04:16.0231 9664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:04:16.0241 9664 pcw - ok
18:04:16.0271 9664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:04:16.0355 9664 PEAUTH - ok
18:04:16.0451 9664 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:04:16.0479 9664 PerfHost - ok
18:04:16.0546 9664 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:04:16.0645 9664 pla - ok
18:04:16.0692 9664 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:04:16.0729 9664 PlugPlay - ok
18:04:16.0761 9664 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:04:16.0783 9664 PNRPAutoReg - ok
18:04:16.0813 9664 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:04:16.0829 9664 PNRPsvc - ok
18:04:16.0870 9664 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:04:16.0945 9664 PolicyAgent - ok
18:04:16.0973 9664 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:04:17.0023 9664 Power - ok
18:04:17.0123 9664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:04:17.0170 9664 PptpMiniport - ok
18:04:17.0192 9664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:04:17.0213 9664 Processor - ok
18:04:17.0254 9664 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
18:04:17.0328 9664 ProfSvc - ok
18:04:17.0355 9664 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:04:17.0365 9664 ProtectedStorage - ok
18:04:17.0419 9664 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:04:17.0467 9664 Psched - ok
18:04:17.0524 9664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:04:17.0562 9664 ql2300 - ok
18:04:17.0738 9664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:04:17.0770 9664 ql40xx - ok
18:04:17.0806 9664 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:04:17.0829 9664 QWAVE - ok
18:04:17.0860 9664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:04:17.0882 9664 QWAVEdrv - ok
18:04:17.0894 9664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:04:17.0922 9664 RasAcd - ok
18:04:17.0963 9664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:04:17.0993 9664 RasAgileVpn - ok
18:04:18.0051 9664 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:04:18.0110 9664 RasAuto - ok
18:04:18.0150 9664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:04:18.0211 9664 Rasl2tp - ok
18:04:18.0263 9664 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:04:18.0358 9664 RasMan - ok
18:04:18.0380 9664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:04:18.0425 9664 RasPppoe - ok
18:04:18.0470 9664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:04:18.0517 9664 RasSstp - ok
18:04:18.0538 9664 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:04:18.0588 9664 rdbss - ok
18:04:18.0606 9664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:04:18.0662 9664 rdpbus - ok
18:04:18.0672 9664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:04:18.0702 9664 RDPCDD - ok
18:04:18.0726 9664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:04:18.0766 9664 RDPENCDD - ok
18:04:18.0780 9664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:04:18.0809 9664 RDPREFMP - ok
18:04:18.0837 9664 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
18:04:18.0912 9664 RDPWD - ok
18:04:18.0928 9664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:04:18.0942 9664 rdyboost - ok
18:04:19.0073 9664 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:04:19.0094 9664 RegSrvc - ok
18:04:19.0144 9664 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:04:19.0196 9664 RemoteAccess - ok
18:04:19.0223 9664 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:04:19.0269 9664 RemoteRegistry - ok
18:04:19.0369 9664 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
18:04:19.0403 9664 RFCOMM - ok
18:04:19.0424 9664 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:04:19.0492 9664 RpcEptMapper - ok
18:04:19.0523 9664 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:04:19.0537 9664 RpcLocator - ok
18:04:19.0581 9664 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:04:19.0616 9664 RpcSs - ok
18:04:19.0648 9664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:04:19.0707 9664 rspndr - ok
18:04:19.0767 9664 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
18:04:19.0787 9664 RSUSBSTOR - ok
18:04:19.0885 9664 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
18:04:19.0901 9664 RTL8167 - ok
18:04:19.0929 9664 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:04:19.0939 9664 SamSs - ok
18:04:19.0990 9664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:04:20.0004 9664 sbp2port - ok
18:04:20.0202 9664 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:04:20.0223 9664 SBSDWSCService - ok
18:04:20.0262 9664 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:04:20.0298 9664 SCardSvr - ok
18:04:20.0368 9664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:04:20.0413 9664 scfilter - ok
18:04:20.0493 9664 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:04:20.0591 9664 Schedule - ok
18:04:20.0627 9664 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:04:20.0654 9664 SCPolicySvc - ok
18:04:20.0691 9664 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:04:20.0796 9664 SDRSVC - ok
18:04:20.0898 9664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:04:20.0965 9664 secdrv - ok
18:04:20.0997 9664 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:04:21.0062 9664 seclogon - ok
18:04:21.0077 9664 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
18:04:21.0119 9664 SENS - ok
18:04:21.0217 9664 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:04:21.0267 9664 SensrSvc - ok
18:04:21.0301 9664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:04:21.0330 9664 Serenum - ok
18:04:21.0382 9664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:04:21.0411 9664 Serial - ok
18:04:21.0429 9664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:04:21.0444 9664 sermouse - ok
18:04:21.0495 9664 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
18:04:21.0606 9664 SessionEnv - ok
18:04:21.0641 9664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:04:21.0664 9664 sffdisk - ok
18:04:21.0685 9664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:04:21.0706 9664 sffp_mmc - ok
18:04:21.0784 9664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:04:21.0826 9664 sffp_sd - ok
18:04:21.0858 9664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:04:21.0868 9664 sfloppy - ok
18:04:22.0019 9664 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:04:22.0058 9664 SftService - ok
18:04:22.0227 9664 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:04:22.0291 9664 SharedAccess - ok
18:04:22.0326 9664 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:04:22.0475 9664 ShellHWDetection - ok
18:04:22.0679 9664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:04:22.0690 9664 SiSRaid2 - ok
18:04:22.0703 9664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:04:22.0717 9664 SiSRaid4 - ok
18:04:22.0746 9664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:04:22.0783 9664 Smb - ok
18:04:22.0887 9664 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:04:22.0914 9664 SNMPTRAP - ok
18:04:22.0937 9664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:04:22.0946 9664 spldr - ok
18:04:23.0024 9664 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:04:23.0113 9664 Spooler - ok
18:04:23.0223 9664 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:04:23.0340 9664 sppsvc - ok
18:04:23.0510 9664 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:04:23.0559 9664 sppuinotify - ok
18:04:23.0629 9664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:04:23.0741 9664 srv - ok
18:04:23.0760 9664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:04:23.0793 9664 srv2 - ok
18:04:23.0872 9664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:04:23.0919 9664 srvnet - ok
18:04:24.0018 9664 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:04:24.0080 9664 SSDPSRV - ok
18:04:24.0105 9664 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:04:24.0144 9664 SstpSvc - ok
18:04:24.0268 9664 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
18:04:24.0338 9664 STacSV - ok
18:04:24.0363 9664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:04:24.0377 9664 stexstor - ok
18:04:24.0450 9664 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
18:04:24.0478 9664 STHDA - ok
18:04:24.0537 9664 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:04:24.0610 9664 stisvc - ok
18:04:24.0642 9664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:04:24.0655 9664 swenum - ok
18:04:24.0738 9664 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:04:24.0790 9664 swprv - ok
18:04:24.0852 9664 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:04:24.0964 9664 SysMain - ok
18:04:25.0105 9664 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:04:25.0183 9664 TabletInputService - ok
18:04:25.0213 9664 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:04:25.0311 9664 TapiSrv - ok
18:04:25.0344 9664 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:04:25.0386 9664 TBS - ok
18:04:25.0527 9664 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:04:25.0602 9664 Tcpip - ok
18:04:25.0822 9664 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:04:25.0858 9664 TCPIP6 - ok
18:04:25.0913 9664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:04:25.0956 9664 tcpipreg - ok
18:04:25.0976 9664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:04:25.0987 9664 TDPIPE - ok
18:04:26.0009 9664 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:04:26.0031 9664 TDTCP - ok
18:04:26.0044 9664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:04:26.0073 9664 tdx - ok
18:04:26.0086 9664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:04:26.0102 9664 TermDD - ok
18:04:26.0155 9664 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:04:26.0280 9664 TermService - ok
18:04:26.0287 9664 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:04:26.0307 9664 Themes - ok
18:04:26.0347 9664 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:04:26.0399 9664 THREADORDER - ok
18:04:26.0449 9664 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\windows\system32\DRIVERS\tihub3.sys
18:04:26.0459 9664 tihub3 - ok
18:04:26.0489 9664 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\windows\system32\DRIVERS\tixhci.sys
18:04:26.0519 9664 tixhci - ok
18:04:26.0559 9664 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:04:26.0659 9664 TrkWks - ok
18:04:26.0771 9664 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:04:26.0821 9664 TrustedInstaller - ok
18:04:26.0841 9664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:04:26.0891 9664 tssecsrv - ok
18:04:26.0921 9664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:04:26.0951 9664 TsUsbFlt - ok
18:04:27.0021 9664 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:04:27.0061 9664 TsUsbGD - ok
18:04:27.0091 9664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:04:27.0131 9664 tunnel - ok
18:04:27.0171 9664 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
18:04:27.0181 9664 TurboB - ok
18:04:27.0301 9664 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:04:27.0311 9664 TurboBoost - ok
18:04:27.0321 9664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:04:27.0341 9664 uagp35 - ok
18:04:27.0371 9664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:04:27.0421 9664 udfs - ok
18:04:27.0521 9664 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:04:27.0541 9664 UI0Detect - ok
18:04:27.0561 9664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:04:27.0571 9664 uliagpkx - ok
18:04:27.0591 9664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:04:27.0671 9664 umbus - ok
18:04:27.0681 9664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:04:27.0711 9664 UmPass - ok
18:04:28.0081 9664 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:04:28.0121 9664 UNS - ok
18:04:28.0241 9664 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:04:28.0341 9664 upnphost - ok
18:04:28.0401 9664 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
18:04:28.0431 9664 usbccgp - ok
18:04:28.0451 9664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:04:28.0461 9664 usbcir - ok
18:04:28.0491 9664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
18:04:28.0511 9664 usbehci - ok
18:04:28.0621 9664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:04:28.0651 9664 usbhub - ok
18:04:28.0671 9664 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:04:28.0751 9664 usbohci - ok
18:04:28.0771 9664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
18:04:28.0800 9664 usbprint - ok
18:04:28.0823 9664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
18:04:28.0903 9664 USBSTOR - ok
18:04:28.0923 9664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:04:28.0943 9664 usbuhci - ok
18:04:28.0983 9664 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:04:28.0993 9664 usbvideo - ok
18:04:29.0083 9664 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:04:29.0133 9664 UxSms - ok
18:04:29.0203 9664 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:04:29.0213 9664 VaultSvc - ok
18:04:29.0223 9664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:04:29.0233 9664 vdrvroot - ok
18:04:29.0273 9664 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:04:29.0373 9664 vds - ok
18:04:29.0393 9664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:04:29.0413 9664 vga - ok
18:04:29.0423 9664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:04:29.0473 9664 VgaSave - ok
18:04:29.0513 9664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:04:29.0533 9664 vhdmp - ok
18:04:29.0543 9664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:04:29.0553 9664 viaide - ok
18:04:29.0583 9664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:04:29.0593 9664 volmgr - ok
18:04:29.0623 9664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:04:29.0683 9664 volmgrx - ok
18:04:29.0703 9664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:04:29.0723 9664 volsnap - ok
18:04:29.0753 9664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:04:29.0763 9664 vsmraid - ok
18:04:29.0833 9664 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:04:29.0903 9664 VSS - ok
18:04:30.0133 9664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:04:30.0163 9664 vwifibus - ok
18:04:30.0203 9664 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:04:30.0233 9664 vwififlt - ok
18:04:30.0253 9664 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:04:30.0263 9664 vwifimp - ok
18:04:30.0303 9664 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:04:30.0333 9664 W32Time - ok
18:04:30.0363 9664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:04:30.0433 9664 WacomPen - ok
18:04:30.0463 9664 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:04:30.0503 9664 WANARP - ok
18:04:30.0503 9664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:04:30.0543 9664 Wanarpv6 - ok
18:04:30.0643 9664 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:04:30.0713 9664 WatAdminSvc - ok
18:04:30.0783 9664 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
18:04:30.0863 9664 wbengine - ok
18:04:31.0023 9664 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:04:31.0043 9664 WbioSrvc - ok
18:04:31.0073 9664 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
18:04:31.0143 9664 wcncsvc - ok
18:04:31.0153 9664 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:04:31.0183 9664 WcsPlugInService - ok
18:04:31.0233 9664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:04:31.0243 9664 Wd - ok
18:04:31.0283 9664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:04:31.0303 9664 Wdf01000 - ok
18:04:31.0333 9664 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:04:31.0403 9664 WdiServiceHost - ok
18:04:31.0403 9664 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:04:31.0433 9664 WdiSystemHost - ok
18:04:31.0463 9664 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
18:04:31.0583 9664 WebClient - ok
18:04:31.0613 9664 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:04:31.0673 9664 Wecsvc - ok
18:04:31.0693 9664 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:04:31.0733 9664 wercplsupport - ok
18:04:31.0803 9664 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:04:31.0863 9664 WerSvc - ok
18:04:31.0953 9664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:04:31.0983 9664 WfpLwf - ok
18:04:32.0023 9664 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
18:04:32.0033 9664 WimFltr - ok
18:04:32.0053 9664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:04:32.0063 9664 WIMMount - ok
18:04:32.0113 9664 WinDefend - ok
18:04:32.0113 9664 WinHttpAutoProxySvc - ok
18:04:32.0273 9664 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:04:32.0303 9664 Winmgmt - ok
18:04:32.0393 9664 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
18:04:32.0483 9664 WinRM - ok
18:04:32.0723 9664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
18:04:32.0743 9664 WinUsb - ok
18:04:32.0803 9664 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:04:32.0853 9664 Wlansvc - ok
18:04:32.0993 9664 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:04:33.0003 9664 wlcrasvc - ok
18:04:33.0183 9664 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:04:33.0253 9664 wlidsvc - ok
18:04:33.0473 9664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:04:33.0523 9664 WmiAcpi - ok
18:04:33.0595 9664 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:04:33.0635 9664 wmiApSrv - ok
18:04:33.0715 9664 WMPNetworkSvc - ok
18:04:33.0755 9664 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:04:33.0785 9664 WPCSvc - ok
18:04:33.0805 9664 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:04:33.0855 9664 WPDBusEnum - ok
18:04:33.0885 9664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:04:33.0915 9664 ws2ifsl - ok
18:04:33.0935 9664 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
18:04:33.0955 9664 wscsvc - ok
18:04:33.0955 9664 WSearch - ok
18:04:34.0065 9664 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
18:04:34.0145 9664 wuauserv - ok
18:04:34.0315 9664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:04:34.0365 9664 WudfPf - ok
18:04:34.0425 9664 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:04:34.0465 9664 WUDFRd - ok
18:04:34.0485 9664 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:04:34.0555 9664 wudfsvc - ok
18:04:34.0565 9664 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:04:34.0605 9664 WwanSvc - ok
18:04:34.0645 9664 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
18:04:34.0675 9664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:04:34.0675 9664 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:04:34.0715 9664 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:04:34.0715 9664 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:04:34.0745 9664 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
18:04:34.0745 9664 \Device\Harddisk0\DR0\Partition0 - ok
18:04:34.0765 9664 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1
18:04:34.0765 9664 \Device\Harddisk0\DR0\Partition1 - ok
18:04:34.0765 9664 ============================================================
18:04:34.0765 9664 Scan finished
18:04:34.0765 9664 ============================================================
18:04:34.0775 9868 Detected object count: 5
18:04:34.0775 9868 Actual detected object count: 5
18:05:47.0597 9868 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:47.0597 9868 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:05:47.0598 9868 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:47.0598 9868 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:05:47.0599 9868 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:05:47.0599 9868 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:05:47.0599 9868 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
18:05:47.0599 9868 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
18:05:47.0602 9868 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:05:47.0602 9868 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:06:22.0646 9852 Deinitialize success

Here is the log for ComboFix:

ComboFix 12-05-12.01 - David 05/12/2012 18:25:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4705 [GMT -4:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\svchost.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 22:28 . 2012-05-12 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 22:09 . 2012-05-12 22:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-12 02:51 . 2012-05-12 02:51 691 ----a-w- c:\users\David\AppData\Roaming\GetValue.vbs
2012-05-12 02:51 . 2012-05-12 02:51 35 ----a-w- c:\users\David\AppData\Roaming\SetValue.bat
2012-05-12 01:33 . 2012-05-12 01:33 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2012-05-12 01:33 . 2012-05-12 01:33 -------- d-----w- c:\programdata\Malwarebytes
2012-05-12 01:33 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 01:33 . 2012-05-12 01:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 22:45 . 2012-05-11 23:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-11 22:45 . 2012-05-11 22:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 02:35 . 2012-04-02 15:47 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 02:35 . 2011-11-18 09:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 02:35 . 2012-04-02 16:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 17:11 . 2011-11-18 09:59 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-05 02:13 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-01 06:46 . 2012-04-11 20:10 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 20:10 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 20:10 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 20:10 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 20:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 20:10 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 20:10 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 20:13 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 20:13 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 20:13 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 20:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 20:13 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 20:13 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 20:13 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 20:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-22 17:29 . 2011-11-18 09:59 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-03-13 17:20 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 17:29 . 2011-03-13 17:20 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-03-13 17:20 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-03-13 17:20 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-03-13 17:20 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 17:29 . 2011-03-13 17:20 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-03-13 17:20 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 17:29 . 2011-03-13 17:20 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-17 06:38 . 2012-03-14 11:35 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:35 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:35 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:35 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\nt3h13kq.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-12 18:30:00
ComboFix-quarantined-files.txt 2012-05-12 22:30
.
Pre-Run: 576,360,873,984 bytes free
Post-Run: 576,296,525,824 bytes free
.
- - End Of File - - 125BDA3D08A651E6655FCB1CFD502EB9

#6 pollo8507

pollo8507
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 12 May 2012 - 05:48 PM

Just a follow up, I restarted the computer just a minute ago and it boots up a lot quicker. Firefox opens way quicker now

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:27 AM

Posted 13 May 2012 - 01:44 PM

pollo8507,

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Please rerun TDSSkiller and set the following to Cure:

\Device\Harddisk0\DR0 Rootkit.Boot.Pihar.b

Please post the new TDSSkiller log in your next reply.

How's your computer running now?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 pollo8507

pollo8507
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 13 May 2012 - 08:00 PM

Bleh, ok thanks so much. Here is the new log below after selecting Cure for the issue. I understand that the computer may never be fully secure and would like to at least clean it. I do have a question though. If I can get a Windows 7 install disk and use my current product key to reload the operating system, would that completely absolve the issue of the trojan?

18:06:26.0508 8780 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:06:27.0296 8780 ============================================================
18:06:27.0296 8780 Current date / time: 2012/05/13 18:06:27.0296
18:06:27.0296 8780 SystemInfo:
18:06:27.0296 8780
18:06:27.0296 8780 OS Version: 6.1.7601 ServicePack: 1.0
18:06:27.0296 8780 Product type: Workstation
18:06:27.0296 8780 ComputerName: DAVID-PC
18:06:27.0296 8780 UserName: David
18:06:27.0296 8780 Windows directory: C:\windows
18:06:27.0296 8780 System windows directory: C:\windows
18:06:27.0296 8780 Running under WOW64
18:06:27.0296 8780 Processor architecture: Intel x64
18:06:27.0296 8780 Number of processors: 4
18:06:27.0296 8780 Page size: 0x1000
18:06:27.0296 8780 Boot type: Normal boot
18:06:27.0296 8780 ============================================================
18:06:27.0658 8780 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:06:27.0658 8780 ============================================================
18:06:27.0658 8780 \Device\Harddisk0\DR0:
18:06:27.0658 8780 MBR partitions:
18:06:27.0658 8780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
18:06:27.0658 8780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0
18:06:27.0658 8780 ============================================================
18:06:27.0698 8780 C: <-> \Device\Harddisk0\DR0\Partition1
18:06:27.0698 8780 ============================================================
18:06:27.0698 8780 Initialize success
18:06:27.0698 8780 ============================================================
18:06:40.0826 12044 ============================================================
18:06:40.0826 12044 Scan started
18:06:40.0826 12044 Mode: Manual; SigCheck; TDLFS;
18:06:40.0826 12044 ============================================================
18:06:45.0921 12044 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:06:46.0006 12044 1394ohci - ok
18:06:46.0061 12044 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:06:46.0076 12044 ACPI - ok
18:06:46.0116 12044 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:06:46.0136 12044 AcpiPmi - ok
18:06:46.0266 12044 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:06:46.0286 12044 AdobeFlashPlayerUpdateSvc - ok
18:06:46.0396 12044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:06:46.0406 12044 adp94xx - ok
18:06:46.0476 12044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:06:46.0496 12044 adpahci - ok
18:06:46.0596 12044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:06:46.0616 12044 adpu320 - ok
18:06:46.0646 12044 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:06:46.0696 12044 AeLookupSvc - ok
18:06:46.0846 12044 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
18:06:46.0866 12044 AESTFilters - ok
18:06:46.0926 12044 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:06:46.0948 12044 AFD - ok
18:06:46.0988 12044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:06:46.0998 12044 agp440 - ok
18:06:47.0038 12044 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:06:47.0091 12044 ALG - ok
18:06:47.0152 12044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:06:47.0166 12044 aliide - ok
18:06:47.0188 12044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:06:47.0202 12044 amdide - ok
18:06:47.0250 12044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:06:47.0288 12044 AmdK8 - ok
18:06:47.0366 12044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
18:06:47.0387 12044 AmdPPM - ok
18:06:47.0408 12044 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:06:47.0422 12044 amdsata - ok
18:06:47.0462 12044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:06:47.0479 12044 amdsbs - ok
18:06:47.0501 12044 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:06:47.0512 12044 amdxata - ok
18:06:47.0567 12044 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\windows\system32\DRIVERS\AMPPAL.sys
18:06:47.0599 12044 AMPPAL - ok
18:06:47.0657 12044 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\windows\system32\DRIVERS\amppal.sys
18:06:47.0686 12044 AMPPALP - ok
18:06:47.0864 12044 AMPPALR3 (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:06:47.0928 12044 AMPPALR3 - ok
18:06:48.0139 12044 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
18:06:48.0150 12044 ApfiltrService - ok
18:06:48.0185 12044 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:06:48.0232 12044 AppID - ok
18:06:48.0290 12044 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:06:48.0334 12044 AppIDSvc - ok
18:06:48.0453 12044 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
18:06:48.0516 12044 Appinfo - ok
18:06:48.0556 12044 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:06:48.0566 12044 arc - ok
18:06:48.0596 12044 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:06:48.0616 12044 arcsas - ok
18:06:48.0749 12044 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:06:48.0761 12044 aspnet_state - ok
18:06:48.0803 12044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:06:48.0908 12044 AsyncMac - ok
18:06:48.0953 12044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:06:48.0969 12044 atapi - ok
18:06:49.0030 12044 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:06:49.0148 12044 AudioEndpointBuilder - ok
18:06:49.0158 12044 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:06:49.0269 12044 AudioSrv - ok
18:06:49.0310 12044 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
18:06:49.0330 12044 AxInstSV - ok
18:06:49.0366 12044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:06:49.0424 12044 b06bdrv - ok
18:06:49.0544 12044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:06:49.0564 12044 b57nd60a - ok
18:06:49.0604 12044 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:06:49.0624 12044 BDESVC - ok
18:06:49.0674 12044 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:06:49.0724 12044 Beep - ok
18:06:49.0784 12044 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
18:06:49.0824 12044 BFE - ok
18:06:49.0894 12044 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
18:06:49.0944 12044 BITS - ok
18:06:50.0056 12044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:06:50.0066 12044 blbdrive - ok
18:06:50.0206 12044 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:06:50.0216 12044 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
18:06:50.0216 12044 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
18:06:50.0276 12044 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:06:50.0306 12044 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
18:06:50.0306 12044 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
18:06:50.0344 12044 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:06:50.0368 12044 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
18:06:50.0368 12044 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
18:06:50.0558 12044 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:06:50.0578 12044 bowser - ok
18:06:50.0588 12044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:06:50.0608 12044 BrFiltLo - ok
18:06:50.0618 12044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:06:50.0638 12044 BrFiltUp - ok
18:06:50.0668 12044 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
18:06:50.0708 12044 Browser - ok
18:06:50.0738 12044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:06:50.0748 12044 Brserid - ok
18:06:50.0768 12044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:06:50.0788 12044 BrSerWdm - ok
18:06:50.0798 12044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:06:50.0828 12044 BrUsbMdm - ok
18:06:50.0851 12044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:06:50.0870 12044 BrUsbSer - ok
18:06:50.0890 12044 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
18:06:50.0900 12044 BthEnum - ok
18:06:50.0910 12044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:06:50.0930 12044 BTHMODEM - ok
18:06:50.0970 12044 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
18:06:51.0000 12044 BthPan - ok
18:06:51.0090 12044 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
18:06:51.0110 12044 BTHPORT - ok
18:06:51.0140 12044 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:06:51.0180 12044 bthserv - ok
18:06:51.0270 12044 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:06:51.0280 12044 BTHSSecurityMgr - ok
18:06:51.0340 12044 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
18:06:51.0360 12044 BTHUSB - ok
18:06:51.0410 12044 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys
18:06:51.0420 12044 btmaudio - ok
18:06:51.0430 12044 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys
18:06:51.0450 12044 btmaux - ok
18:06:51.0510 12044 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\windows\system32\DRIVERS\btmhsf.sys
18:06:51.0530 12044 btmhsf - ok
18:06:51.0560 12044 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:06:51.0600 12044 cdfs - ok
18:06:51.0660 12044 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:06:51.0670 12044 cdrom - ok
18:06:51.0710 12044 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:06:51.0740 12044 CertPropSvc - ok
18:06:51.0790 12044 cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
18:06:51.0800 12044 cfwids - ok
18:06:51.0860 12044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:06:51.0870 12044 circlass - ok
18:06:51.0910 12044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:06:51.0920 12044 CLFS - ok
18:06:52.0040 12044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:06:52.0050 12044 clr_optimization_v2.0.50727_32 - ok
18:06:52.0130 12044 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:06:52.0140 12044 clr_optimization_v2.0.50727_64 - ok
18:06:52.0210 12044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:06:52.0220 12044 clr_optimization_v4.0.30319_32 - ok
18:06:52.0290 12044 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:06:52.0300 12044 clr_optimization_v4.0.30319_64 - ok
18:06:52.0370 12044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:06:52.0380 12044 CmBatt - ok
18:06:52.0400 12044 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:06:52.0410 12044 cmdide - ok
18:06:52.0440 12044 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
18:06:52.0470 12044 CNG - ok
18:06:52.0510 12044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:06:52.0520 12044 Compbatt - ok
18:06:52.0560 12044 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
18:06:52.0580 12044 CompositeBus - ok
18:06:52.0630 12044 COMSysApp - ok
18:06:52.0650 12044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:06:52.0660 12044 crcdisk - ok
18:06:52.0690 12044 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
18:06:52.0720 12044 CryptSvc - ok
18:06:52.0790 12044 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
18:06:52.0800 12044 CtClsFlt - ok
18:06:52.0850 12044 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:06:52.0920 12044 DcomLaunch - ok
18:06:52.0990 12044 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:06:53.0040 12044 defragsvc - ok
18:06:53.0170 12044 DellDigitalDelivery (bc8362b60304a9ed9416c305f6df5247) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
18:06:53.0180 12044 DellDigitalDelivery - ok
18:06:53.0220 12044 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:06:53.0260 12044 DfsC - ok
18:06:53.0332 12044 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:06:53.0372 12044 Dhcp - ok
18:06:53.0392 12044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:06:53.0432 12044 discache - ok
18:06:53.0502 12044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:06:53.0522 12044 Disk - ok
18:06:53.0552 12044 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:06:53.0592 12044 Dnscache - ok
18:06:53.0652 12044 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:06:53.0682 12044 dot3svc - ok
18:06:53.0722 12044 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:06:53.0802 12044 DPS - ok
18:06:53.0842 12044 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:06:53.0852 12044 drmkaud - ok
18:06:53.0972 12044 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:06:53.0992 12044 DXGKrnl - ok
18:06:54.0032 12044 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:06:54.0072 12044 EapHost - ok
18:06:54.0232 12044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:06:54.0282 12044 ebdrv - ok
18:06:54.0422 12044 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:06:54.0432 12044 EFS - ok
18:06:54.0532 12044 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:06:54.0552 12044 ehRecvr - ok
18:06:54.0572 12044 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:06:54.0592 12044 ehSched - ok
18:06:54.0712 12044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:06:54.0744 12044 elxstor - ok
18:06:54.0767 12044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:06:54.0782 12044 ErrDev - ok
18:06:54.0840 12044 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:06:54.0890 12044 EventSystem - ok
18:06:55.0132 12044 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:06:55.0167 12044 EvtEng - ok
18:06:55.0347 12044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:06:55.0392 12044 exfat - ok
18:06:55.0426 12044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:06:55.0465 12044 fastfat - ok
18:06:55.0536 12044 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:06:55.0555 12044 Fax - ok
18:06:55.0579 12044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:06:55.0591 12044 fdc - ok
18:06:55.0623 12044 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:06:55.0683 12044 fdPHost - ok
18:06:55.0700 12044 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:06:55.0747 12044 FDResPub - ok
18:06:55.0789 12044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:06:55.0803 12044 FileInfo - ok
18:06:55.0818 12044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:06:55.0880 12044 Filetrace - ok
18:06:55.0897 12044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:06:55.0911 12044 flpydisk - ok
18:06:55.0958 12044 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:06:55.0975 12044 FltMgr - ok
18:06:56.0100 12044 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
18:06:56.0127 12044 FontCache - ok
18:06:56.0236 12044 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:06:56.0248 12044 FontCache3.0.0.0 - ok
18:06:56.0306 12044 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:06:56.0321 12044 FsDepends - ok
18:06:56.0352 12044 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
18:06:56.0366 12044 Fs_Rec - ok
18:06:56.0399 12044 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:06:56.0421 12044 fvevol - ok
18:06:56.0442 12044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:06:56.0457 12044 gagp30kx - ok
18:06:56.0544 12044 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:06:56.0556 12044 GamesAppService - ok
18:06:56.0638 12044 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
18:06:56.0752 12044 gpsvc - ok
18:06:56.0788 12044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:06:56.0812 12044 hcw85cir - ok
18:06:56.0858 12044 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:06:56.0892 12044 HdAudAddService - ok
18:06:56.0921 12044 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:06:56.0940 12044 HDAudBus - ok
18:06:56.0973 12044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:06:57.0013 12044 HidBatt - ok
18:06:57.0040 12044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:06:57.0060 12044 HidBth - ok
18:06:57.0080 12044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:06:57.0130 12044 HidIr - ok
18:06:57.0171 12044 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
18:06:57.0216 12044 hidserv - ok
18:06:57.0291 12044 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:06:57.0307 12044 HidUsb - ok
18:06:57.0357 12044 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
18:06:57.0396 12044 hkmsvc - ok
18:06:57.0424 12044 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
18:06:57.0447 12044 HomeGroupListener - ok
18:06:57.0480 12044 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
18:06:57.0498 12044 HomeGroupProvider - ok
18:06:57.0541 12044 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:06:57.0556 12044 HpSAMD - ok
18:06:57.0590 12044 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:06:57.0656 12044 HTTP - ok
18:06:57.0687 12044 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:06:57.0706 12044 hwpolicy - ok
18:06:57.0762 12044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:06:57.0796 12044 i8042prt - ok
18:06:57.0851 12044 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
18:06:57.0871 12044 iaStor - ok
18:06:57.0993 12044 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:06:58.0073 12044 IAStorDataMgrSvc - ok
18:06:58.0129 12044 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:06:58.0152 12044 iaStorV - ok
18:06:58.0188 12044 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\windows\system32\DRIVERS\iBtFltCoex.sys
18:06:58.0202 12044 iBtFltCoex - ok
18:06:58.0454 12044 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:06:58.0472 12044 idsvc - ok
18:06:58.0936 12044 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
18:06:59.0073 12044 igfx - ok
18:06:59.0331 12044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:06:59.0341 12044 iirsp - ok
18:06:59.0389 12044 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:06:59.0460 12044 IKEEXT - ok
18:06:59.0551 12044 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
18:06:59.0560 12044 intaud_WaveExtensible - ok
18:06:59.0598 12044 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
18:06:59.0617 12044 IntcDAud - ok
18:06:59.0646 12044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:06:59.0659 12044 intelide - ok
18:06:59.0710 12044 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:06:59.0725 12044 intelppm - ok
18:06:59.0748 12044 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:06:59.0791 12044 IPBusEnum - ok
18:06:59.0821 12044 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:06:59.0859 12044 IpFilterDriver - ok
18:06:59.0902 12044 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:06:59.0954 12044 iphlpsvc - ok
18:07:00.0004 12044 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:07:00.0022 12044 IPMIDRV - ok
18:07:00.0039 12044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:07:00.0085 12044 IPNAT - ok
18:07:00.0135 12044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:07:00.0169 12044 IRENUM - ok
18:07:00.0203 12044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:07:00.0219 12044 isapnp - ok
18:07:00.0239 12044 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:07:00.0254 12044 iScsiPrt - ok
18:07:00.0295 12044 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
18:07:00.0307 12044 iwdbus - ok
18:07:00.0378 12044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:07:00.0392 12044 kbdclass - ok
18:07:00.0404 12044 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
18:07:00.0421 12044 kbdhid - ok
18:07:00.0446 12044 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:00.0459 12044 KeyIso - ok
18:07:00.0478 12044 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
18:07:00.0519 12044 KSecDD - ok
18:07:00.0554 12044 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
18:07:00.0565 12044 KSecPkg - ok
18:07:00.0603 12044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:07:00.0640 12044 ksthunk - ok
18:07:00.0679 12044 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:07:00.0729 12044 KtmRm - ok
18:07:00.0779 12044 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
18:07:00.0832 12044 LanmanServer - ok
18:07:00.0871 12044 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:07:00.0949 12044 LanmanWorkstation - ok
18:07:01.0012 12044 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:07:01.0053 12044 lltdio - ok
18:07:01.0101 12044 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:07:01.0149 12044 lltdsvc - ok
18:07:01.0175 12044 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:07:01.0215 12044 lmhosts - ok
18:07:01.0397 12044 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:07:01.0418 12044 LMS - ok
18:07:01.0477 12044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:07:01.0501 12044 LSI_FC - ok
18:07:01.0531 12044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:07:01.0546 12044 LSI_SAS - ok
18:07:01.0569 12044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:07:01.0583 12044 LSI_SAS2 - ok
18:07:01.0615 12044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:07:01.0630 12044 LSI_SCSI - ok
18:07:01.0667 12044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:07:01.0724 12044 luafv - ok
18:07:01.0869 12044 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:07:01.0886 12044 McAfee SiteAdvisor Service - ok
18:07:01.0993 12044 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
18:07:02.0010 12044 McAWFwk - ok
18:07:02.0019 12044 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:07:02.0035 12044 McMPFSvc - ok
18:07:02.0054 12044 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:07:02.0076 12044 mcmscsvc - ok
18:07:02.0124 12044 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:07:02.0141 12044 McNaiAnn - ok
18:07:02.0162 12044 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:07:02.0191 12044 McNASvc - ok
18:07:02.0267 12044 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\mcafee\VirusScan\mcods.exe
18:07:02.0342 12044 McODS - ok
18:07:02.0347 12044 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:07:02.0367 12044 McOobeSv - ok
18:07:02.0394 12044 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:07:02.0408 12044 McProxy - ok
18:07:02.0485 12044 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:07:02.0503 12044 McShield - ok
18:07:02.0610 12044 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:07:02.0631 12044 Mcx2Svc - ok
18:07:02.0698 12044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:07:02.0715 12044 megasas - ok
18:07:02.0746 12044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:07:02.0768 12044 MegaSR - ok
18:07:02.0876 12044 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
18:07:02.0890 12044 MEIx64 - ok
18:07:02.0942 12044 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
18:07:02.0957 12044 mfeapfk - ok
18:07:03.0057 12044 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
18:07:03.0073 12044 mfeavfk - ok
18:07:03.0111 12044 mfeavfk01 - ok
18:07:03.0166 12044 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:07:03.0182 12044 mfefire - ok
18:07:03.0339 12044 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
18:07:03.0361 12044 mfefirek - ok
18:07:03.0487 12044 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
18:07:03.0506 12044 mfehidk - ok
18:07:03.0584 12044 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
18:07:03.0594 12044 mfenlfk - ok
18:07:03.0631 12044 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
18:07:03.0644 12044 mferkdet - ok
18:07:03.0674 12044 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
18:07:03.0685 12044 mfevtp - ok
18:07:03.0745 12044 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
18:07:03.0760 12044 mfewfpk - ok
18:07:03.0791 12044 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:07:03.0833 12044 MMCSS - ok
18:07:03.0892 12044 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:07:03.0928 12044 Modem - ok
18:07:03.0962 12044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:07:03.0977 12044 monitor - ok
18:07:04.0012 12044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:07:04.0025 12044 mouclass - ok
18:07:04.0081 12044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:07:04.0098 12044 mouhid - ok
18:07:04.0125 12044 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:07:04.0141 12044 mountmgr - ok
18:07:04.0164 12044 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:07:04.0178 12044 mpio - ok
18:07:04.0191 12044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:07:04.0238 12044 mpsdrv - ok
18:07:04.0306 12044 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
18:07:04.0358 12044 MpsSvc - ok
18:07:04.0392 12044 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:07:04.0413 12044 MRxDAV - ok
18:07:04.0435 12044 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:07:04.0453 12044 mrxsmb - ok
18:07:04.0482 12044 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:07:04.0500 12044 mrxsmb10 - ok
18:07:04.0532 12044 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:07:04.0584 12044 mrxsmb20 - ok
18:07:04.0598 12044 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:07:04.0617 12044 msahci - ok
18:07:04.0649 12044 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:07:04.0664 12044 msdsm - ok
18:07:04.0693 12044 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:07:04.0715 12044 MSDTC - ok
18:07:04.0743 12044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:07:04.0780 12044 Msfs - ok
18:07:04.0828 12044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:07:04.0856 12044 mshidkmdf - ok
18:07:04.0875 12044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:07:04.0884 12044 msisadrv - ok
18:07:04.0919 12044 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:07:04.0953 12044 MSiSCSI - ok
18:07:04.0960 12044 msiserver - ok
18:07:05.0064 12044 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:07:05.0076 12044 MSK80Service - ok
18:07:05.0144 12044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:07:05.0189 12044 MSKSSRV - ok
18:07:05.0212 12044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:07:05.0263 12044 MSPCLOCK - ok
18:07:05.0277 12044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:07:05.0319 12044 MSPQM - ok
18:07:05.0341 12044 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:07:05.0358 12044 MsRPC - ok
18:07:05.0375 12044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:07:05.0388 12044 mssmbios - ok
18:07:05.0408 12044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:07:05.0448 12044 MSTEE - ok
18:07:05.0468 12044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:07:05.0481 12044 MTConfig - ok
18:07:05.0486 12044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:07:05.0498 12044 Mup - ok
18:07:05.0621 12044 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:07:05.0638 12044 MyWiFiDHCPDNS - ok
18:07:05.0668 12044 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
18:07:05.0711 12044 napagent - ok
18:07:05.0767 12044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:07:05.0787 12044 NativeWifiP - ok
18:07:05.0919 12044 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
18:07:05.0942 12044 NAUpdate - ok
18:07:06.0029 12044 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
18:07:06.0053 12044 NDIS - ok
18:07:06.0096 12044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:07:06.0127 12044 NdisCap - ok
18:07:06.0187 12044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:07:06.0216 12044 NdisTapi - ok
18:07:06.0241 12044 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:07:06.0274 12044 Ndisuio - ok
18:07:06.0324 12044 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:07:06.0356 12044 NdisWan - ok
18:07:06.0373 12044 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:07:06.0410 12044 NDProxy - ok
18:07:06.0473 12044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:07:06.0514 12044 NetBIOS - ok
18:07:06.0554 12044 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:07:06.0589 12044 NetBT - ok
18:07:06.0625 12044 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:06.0636 12044 Netlogon - ok
18:07:06.0722 12044 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:07:06.0757 12044 Netman - ok
18:07:06.0913 12044 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:06.0926 12044 NetMsmqActivator - ok
18:07:06.0929 12044 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:06.0938 12044 NetPipeActivator - ok
18:07:07.0000 12044 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:07:07.0047 12044 netprofm - ok
18:07:07.0050 12044 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:07.0065 12044 NetTcpActivator - ok
18:07:07.0068 12044 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:07.0079 12044 NetTcpPortSharing - ok
18:07:07.0464 12044 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\windows\system32\DRIVERS\NETwNs64.sys
18:07:07.0555 12044 NETwNs64 - ok
18:07:07.0784 12044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:07:07.0797 12044 nfrd960 - ok
18:07:07.0837 12044 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:07:07.0937 12044 NlaSvc - ok
18:07:08.0122 12044 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
18:07:08.0191 12044 NOBU - ok
18:07:08.0374 12044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:07:08.0434 12044 Npfs - ok
18:07:08.0466 12044 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:07:08.0505 12044 nsi - ok
18:07:08.0524 12044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:07:08.0559 12044 nsiproxy - ok
18:07:08.0616 12044 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:07:08.0662 12044 Ntfs - ok
18:07:08.0816 12044 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:07:08.0858 12044 Null - ok
18:07:08.0903 12044 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:07:08.0916 12044 nvraid - ok
18:07:08.0939 12044 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:07:08.0956 12044 nvstor - ok
18:07:08.0991 12044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:07:09.0006 12044 nv_agp - ok
18:07:09.0026 12044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:07:09.0042 12044 ohci1394 - ok
18:07:09.0077 12044 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:07:09.0102 12044 p2pimsvc - ok
18:07:09.0144 12044 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:07:09.0164 12044 p2psvc - ok
18:07:09.0217 12044 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:07:09.0231 12044 Parport - ok
18:07:09.0252 12044 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:07:09.0265 12044 partmgr - ok
18:07:09.0291 12044 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:07:09.0311 12044 PcaSvc - ok
18:07:09.0386 12044 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:07:09.0406 12044 pci - ok
18:07:09.0436 12044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
18:07:09.0446 12044 pciide - ok
18:07:09.0496 12044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:07:09.0506 12044 pcmcia - ok
18:07:09.0536 12044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:07:09.0546 12044 pcw - ok
18:07:09.0586 12044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:07:09.0626 12044 PEAUTH - ok
18:07:09.0716 12044 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:07:09.0736 12044 PerfHost - ok
18:07:09.0806 12044 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:07:09.0846 12044 pla - ok
18:07:09.0926 12044 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:07:09.0946 12044 PlugPlay - ok
18:07:09.0996 12044 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:07:10.0006 12044 PNRPAutoReg - ok
18:07:10.0036 12044 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:07:10.0056 12044 PNRPsvc - ok
18:07:10.0096 12044 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:07:10.0126 12044 PolicyAgent - ok
18:07:10.0196 12044 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:07:10.0236 12044 Power - ok
18:07:10.0336 12044 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:07:10.0376 12044 PptpMiniport - ok
18:07:10.0416 12044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:07:10.0436 12044 Processor - ok
18:07:10.0466 12044 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
18:07:10.0506 12044 ProfSvc - ok
18:07:10.0536 12044 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:10.0546 12044 ProtectedStorage - ok
18:07:10.0626 12044 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:07:10.0676 12044 Psched - ok
18:07:10.0746 12044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:07:10.0776 12044 ql2300 - ok
18:07:10.0946 12044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:07:10.0966 12044 ql40xx - ok
18:07:10.0996 12044 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:07:11.0026 12044 QWAVE - ok
18:07:11.0036 12044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:07:11.0056 12044 QWAVEdrv - ok
18:07:11.0076 12044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:07:11.0116 12044 RasAcd - ok
18:07:11.0156 12044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:07:11.0186 12044 RasAgileVpn - ok
18:07:11.0256 12044 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:07:11.0286 12044 RasAuto - ok
18:07:11.0336 12044 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:07:11.0376 12044 Rasl2tp - ok
18:07:11.0456 12044 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:07:11.0496 12044 RasMan - ok
18:07:11.0556 12044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:07:11.0596 12044 RasPppoe - ok
18:07:11.0656 12044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:07:11.0696 12044 RasSstp - ok
18:07:11.0736 12044 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:07:11.0776 12044 rdbss - ok
18:07:11.0796 12044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:07:11.0816 12044 rdpbus - ok
18:07:11.0826 12044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:07:11.0866 12044 RDPCDD - ok
18:07:11.0896 12044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:07:11.0926 12044 RDPENCDD - ok
18:07:11.0936 12044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:07:11.0976 12044 RDPREFMP - ok
18:07:12.0006 12044 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
18:07:12.0016 12044 RDPWD - ok
18:07:12.0056 12044 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:07:12.0066 12044 rdyboost - ok
18:07:12.0196 12044 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:07:12.0216 12044 RegSrvc - ok
18:07:12.0256 12044 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:07:12.0296 12044 RemoteAccess - ok
18:07:12.0326 12044 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:07:12.0366 12044 RemoteRegistry - ok
18:07:12.0486 12044 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
18:07:12.0496 12044 RFCOMM - ok
18:07:12.0536 12044 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:07:12.0576 12044 RpcEptMapper - ok
18:07:12.0646 12044 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:07:12.0656 12044 RpcLocator - ok
18:07:12.0696 12044 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:07:12.0736 12044 RpcSs - ok
18:07:12.0776 12044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:07:12.0816 12044 rspndr - ok
18:07:12.0876 12044 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
18:07:12.0886 12044 RSUSBSTOR - ok
18:07:12.0926 12044 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
18:07:12.0946 12044 RTL8167 - ok
18:07:12.0996 12044 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:13.0006 12044 SamSs - ok
18:07:13.0046 12044 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:07:13.0056 12044 sbp2port - ok
18:07:13.0276 12044 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:07:13.0296 12044 SBSDWSCService - ok
18:07:13.0326 12044 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:07:13.0366 12044 SCardSvr - ok
18:07:13.0446 12044 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:07:13.0486 12044 scfilter - ok
18:07:13.0536 12044 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:07:13.0586 12044 Schedule - ok
18:07:13.0616 12044 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:07:13.0646 12044 SCPolicySvc - ok
18:07:13.0726 12044 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:07:13.0746 12044 SDRSVC - ok
18:07:13.0816 12044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:07:13.0856 12044 secdrv - ok
18:07:13.0876 12044 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:07:13.0916 12044 seclogon - ok
18:07:13.0936 12044 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
18:07:13.0966 12044 SENS - ok
18:07:14.0006 12044 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:07:14.0026 12044 SensrSvc - ok
18:07:14.0046 12044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:07:14.0066 12044 Serenum - ok
18:07:14.0106 12044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:07:14.0116 12044 Serial - ok
18:07:14.0136 12044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:07:14.0146 12044 sermouse - ok
18:07:14.0196 12044 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
18:07:14.0236 12044 SessionEnv - ok
18:07:14.0256 12044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:07:14.0266 12044 sffdisk - ok
18:07:14.0296 12044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:07:14.0316 12044 sffp_mmc - ok
18:07:14.0336 12044 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:07:14.0346 12044 sffp_sd - ok
18:07:14.0386 12044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:07:14.0396 12044 sfloppy - ok
18:07:14.0536 12044 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:07:14.0566 12044 SftService - ok
18:07:14.0686 12044 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:07:14.0716 12044 SharedAccess - ok
18:07:14.0776 12044 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:07:14.0856 12044 ShellHWDetection - ok
18:07:14.0926 12044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:07:14.0936 12044 SiSRaid2 - ok
18:07:14.0946 12044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:07:14.0956 12044 SiSRaid4 - ok
18:07:15.0326 12044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:07:15.0356 12044 Smb - ok
18:07:15.0466 12044 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:07:15.0476 12044 SNMPTRAP - ok
18:07:15.0496 12044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:07:15.0506 12044 spldr - ok
18:07:15.0546 12044 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:07:15.0586 12044 Spooler - ok
18:07:15.0746 12044 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:07:15.0856 12044 sppsvc - ok
18:07:15.0996 12044 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:07:16.0046 12044 sppuinotify - ok
18:07:16.0126 12044 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:07:16.0146 12044 srv - ok
18:07:16.0176 12044 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:07:16.0186 12044 srv2 - ok
18:07:16.0226 12044 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:07:16.0236 12044 srvnet - ok
18:07:16.0356 12044 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:07:16.0406 12044 SSDPSRV - ok
18:07:16.0446 12044 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:07:16.0486 12044 SstpSvc - ok
18:07:16.0666 12044 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
18:07:16.0676 12044 STacSV - ok
18:07:16.0696 12044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:07:16.0716 12044 stexstor - ok
18:07:16.0796 12044 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
18:07:16.0816 12044 STHDA - ok
18:07:16.0866 12044 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:07:16.0886 12044 stisvc - ok
18:07:16.0926 12044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:07:16.0936 12044 swenum - ok
18:07:17.0236 12044 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:07:17.0276 12044 swprv - ok
18:07:17.0416 12044 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:07:17.0446 12044 SysMain - ok
18:07:17.0676 12044 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:07:17.0696 12044 TabletInputService - ok
18:07:17.0736 12044 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:07:17.0776 12044 TapiSrv - ok
18:07:17.0816 12044 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:07:17.0846 12044 TBS - ok
18:07:18.0096 12044 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:07:18.0141 12044 Tcpip - ok
18:07:18.0372 12044 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:07:18.0412 12044 TCPIP6 - ok
18:07:18.0598 12044 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:07:18.0637 12044 tcpipreg - ok
18:07:18.0661 12044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:07:18.0676 12044 TDPIPE - ok
18:07:18.0716 12044 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:07:18.0729 12044 TDTCP - ok
18:07:18.0766 12044 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:07:18.0805 12044 tdx - ok
18:07:18.0849 12044 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:07:18.0860 12044 TermDD - ok
18:07:18.0909 12044 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:07:18.0961 12044 TermService - ok
18:07:19.0004 12044 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:07:19.0025 12044 Themes - ok
18:07:19.0054 12044 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:07:19.0095 12044 THREADORDER - ok
18:07:19.0154 12044 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\windows\system32\DRIVERS\tihub3.sys
18:07:19.0168 12044 tihub3 - ok
18:07:19.0211 12044 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\windows\system32\DRIVERS\tixhci.sys
18:07:19.0225 12044 tixhci - ok
18:07:19.0267 12044 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:07:19.0303 12044 TrkWks - ok
18:07:19.0374 12044 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:07:19.0411 12044 TrustedInstaller - ok
18:07:19.0458 12044 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:07:19.0500 12044 tssecsrv - ok
18:07:19.0554 12044 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:07:19.0571 12044 TsUsbFlt - ok
18:07:19.0585 12044 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:07:19.0601 12044 TsUsbGD - ok
18:07:19.0654 12044 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:07:19.0697 12044 tunnel - ok
18:07:19.0731 12044 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
18:07:19.0741 12044 TurboB - ok
18:07:19.0856 12044 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:07:19.0867 12044 TurboBoost - ok
18:07:19.0882 12044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:07:19.0896 12044 uagp35 - ok
18:07:19.0963 12044 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:07:20.0016 12044 udfs - ok
18:07:20.0065 12044 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:07:20.0078 12044 UI0Detect - ok
18:07:20.0114 12044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:07:20.0128 12044 uliagpkx - ok
18:07:20.0142 12044 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:07:20.0157 12044 umbus - ok
18:07:20.0176 12044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:07:20.0193 12044 UmPass - ok
18:07:20.0415 12044 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:07:20.0473 12044 UNS - ok
18:07:20.0616 12044 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:07:20.0679 12044 upnphost - ok
18:07:20.0744 12044 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
18:07:20.0758 12044 usbccgp - ok
18:07:20.0794 12044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:07:20.0811 12044 usbcir - ok
18:07:20.0856 12044 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
18:07:20.0870 12044 usbehci - ok
18:07:20.0909 12044 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:07:20.0951 12044 usbhub - ok
18:07:20.0988 12044 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:07:21.0011 12044 usbohci - ok
18:07:21.0028 12044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
18:07:21.0048 12044 usbprint - ok
18:07:21.0068 12044 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
18:07:21.0082 12044 USBSTOR - ok
18:07:21.0100 12044 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:07:21.0114 12044 usbuhci - ok
18:07:21.0173 12044 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:07:21.0199 12044 usbvideo - ok
18:07:21.0232 12044 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:07:21.0279 12044 UxSms - ok
18:07:21.0311 12044 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:21.0336 12044 VaultSvc - ok
18:07:21.0399 12044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:07:21.0413 12044 vdrvroot - ok
18:07:21.0451 12044 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:07:21.0495 12044 vds - ok
18:07:21.0557 12044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:07:21.0575 12044 vga - ok
18:07:21.0595 12044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:07:21.0630 12044 VgaSave - ok
18:07:21.0684 12044 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:07:21.0697 12044 vhdmp - ok
18:07:21.0707 12044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:07:21.0721 12044 viaide - ok
18:07:21.0748 12044 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:07:21.0761 12044 volmgr - ok
18:07:21.0790 12044 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:07:21.0859 12044 volmgrx - ok
18:07:21.0893 12044 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:07:21.0911 12044 volsnap - ok
18:07:21.0949 12044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:07:21.0962 12044 vsmraid - ok
18:07:22.0029 12044 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:07:22.0077 12044 VSS - ok
18:07:22.0228 12044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:07:22.0244 12044 vwifibus - ok
18:07:22.0304 12044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:07:22.0336 12044 vwififlt - ok
18:07:22.0354 12044 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:07:22.0370 12044 vwifimp - ok
18:07:22.0411 12044 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:07:22.0453 12044 W32Time - ok
18:07:22.0484 12044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:07:22.0498 12044 WacomPen - ok
18:07:22.0534 12044 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:07:22.0574 12044 WANARP - ok
18:07:22.0617 12044 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:07:22.0653 12044 Wanarpv6 - ok
18:07:22.0793 12044 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:07:22.0827 12044 WatAdminSvc - ok
18:07:22.0914 12044 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
18:07:22.0954 12044 wbengine - ok
18:07:23.0110 12044 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:07:23.0130 12044 WbioSrvc - ok
18:07:23.0149 12044 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
18:07:23.0176 12044 wcncsvc - ok
18:07:23.0193 12044 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:07:23.0206 12044 WcsPlugInService - ok
18:07:23.0257 12044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:07:23.0271 12044 Wd - ok
18:07:23.0303 12044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:07:23.0322 12044 Wdf01000 - ok
18:07:23.0385 12044 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:07:23.0416 12044 WdiServiceHost - ok
18:07:23.0422 12044 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:07:23.0450 12044 WdiSystemHost - ok
18:07:23.0481 12044 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
18:07:23.0507 12044 WebClient - ok
18:07:23.0553 12044 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:07:23.0602 12044 Wecsvc - ok
18:07:23.0620 12044 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:07:23.0666 12044 wercplsupport - ok
18:07:23.0701 12044 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:07:23.0747 12044 WerSvc - ok
18:07:23.0805 12044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:07:23.0852 12044 WfpLwf - ok
18:07:23.0913 12044 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
18:07:23.0929 12044 WimFltr - ok
18:07:23.0950 12044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:07:23.0966 12044 WIMMount - ok
18:07:24.0034 12044 WinDefend - ok
18:07:24.0042 12044 WinHttpAutoProxySvc - ok
18:07:24.0151 12044 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:07:24.0193 12044 Winmgmt - ok
18:07:24.0312 12044 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
18:07:24.0367 12044 WinRM - ok
18:07:24.0568 12044 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
18:07:24.0583 12044 WinUsb - ok
18:07:24.0658 12044 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:07:24.0686 12044 Wlansvc - ok
18:07:24.0834 12044 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:07:24.0845 12044 wlcrasvc - ok
18:07:24.0963 12044 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:07:25.0010 12044 wlidsvc - ok
18:07:25.0187 12044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:07:25.0200 12044 WmiAcpi - ok
18:07:25.0275 12044 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:07:25.0292 12044 wmiApSrv - ok
18:07:25.0349 12044 WMPNetworkSvc - ok
18:07:25.0396 12044 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:07:25.0418 12044 WPCSvc - ok
18:07:25.0461 12044 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:07:25.0480 12044 WPDBusEnum - ok
18:07:25.0518 12044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:07:25.0555 12044 ws2ifsl - ok
18:07:25.0573 12044 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
18:07:25.0596 12044 wscsvc - ok
18:07:25.0599 12044 WSearch - ok
18:07:25.0685 12044 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
18:07:25.0747 12044 wuauserv - ok
18:07:25.0915 12044 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:07:25.0964 12044 WudfPf - ok
18:07:26.0011 12044 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:07:26.0079 12044 WUDFRd - ok
18:07:26.0117 12044 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:07:26.0160 12044 wudfsvc - ok
18:07:26.0189 12044 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:07:26.0210 12044 WwanSvc - ok
18:07:26.0239 12044 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
18:07:26.0269 12044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:07:26.0269 12044 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:07:26.0368 12044 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:07:26.0368 12044 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:07:26.0400 12044 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
18:07:26.0401 12044 \Device\Harddisk0\DR0\Partition0 - ok
18:07:26.0418 12044 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1
18:07:26.0427 12044 \Device\Harddisk0\DR0\Partition1 - ok
18:07:26.0428 12044 ============================================================
18:07:26.0428 12044 Scan finished
18:07:26.0428 12044 ============================================================
18:07:26.0442 5056 Detected object count: 5
18:07:26.0442 5056 Actual detected object count: 5
18:09:12.0945 5056 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0945 5056 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0945 5056 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0945 5056 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0945 5056 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0945 5056 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:13.0023 5056 \Device\Harddisk0\DR0\# - copied to quarantine
18:09:13.0039 5056 \Device\Harddisk0\DR0 - copied to quarantine
18:09:13.0101 5056 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:09:21.0510 5056 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:09:25.0706 5056 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:09:29.0793 5056 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:09:33.0865 5056 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:09:33.0881 5056 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:09:33.0881 5056 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:09:33.0881 5056 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:09:37.0968 5056 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:09:42.0086 5056 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:09:42.0102 5056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:09:42.0102 5056 \Device\Harddisk0\DR0 - ok
18:09:42.0102 5056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:09:42.0102 5056 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:09:42.0102 5056 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:09:50.0651 9092 Deinitialize success

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:27 AM

Posted 15 May 2012 - 11:54 AM

pollo8507,

Yes, if you completely reformat your computer (not just a repair install), that is the only way to be certain your computer is clean. You will lose any programs and files, so will then have to reinstall all your programs.


:step1: Rerun Malwarebytes
Please open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient!
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


In your next reply, please include:
  • Malwarebytes log
  • ESET log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 pollo8507

pollo8507
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 16 May 2012 - 06:08 PM

Hi there, the computer is running quite well, no random shutdowns since the clean up started. Here are the logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

5/15/2012 8:45:53 PM
mbam-log-2012-05-15 (20-45-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 381062
Time elapsed: 57 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SysWOW64\Process.exe.vir Win32/PrcView application cleaned by deleting - quarantined

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:27 AM

Posted 17 May 2012 - 11:07 AM

Looking good. :thumbup2:

Please post the contents of C:\Qoobox\Add-Remote Programs.txt in your next reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 pollo8507

pollo8507
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 18 May 2012 - 04:46 PM

Here you go!

Accidental Damage Services Agreement
Adobe AIR
Adobe Reader X MUI
Advanced Audio FX Engine
Banctec Service Agreement
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay
Escape Whisper Valley ™
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
High-Definition Video Playback
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® WiDi
Java Auto Updater
Java™ 6 Update 27
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Luxor
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee SecurityCenter
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Premium Service Agreement
QualxServ Service Agreement
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.5
Spybot - Search & Destroy
SyncUP
TI USB 3.0 Host Controller Driver
TI USB3 Host Driver
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:27 AM

Posted 19 May 2012 - 09:50 AM

pollo8507,

Your computer looks clean! How is it running now?

Let's take some preventative steps to ensure you don't get infected again:


:step1: Uninstall Combofix
Hold down the Windows key Posted Image and press the R key.
In the Run window, type the following bolded text and click OK:

Combofix.exe /Uninstall

:step2: Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

:step3: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

:step3: Make Internet Explorer more secure:
Hold down the Windows Key, and press the R key.
In the Run Dialog box, type: inetcpl.cpl & click OK
Click on the Security tab,
Click Reset all zones to default level
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

:step4: Install the Latest Version of Common Software:
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting http://secunia.com/vulnerability_scanning/online/ and http://www.calendarofupdates.com/updates/calendar.html.

I recommend FileHippo's update checker that scans your computer for programs it recognizes and allows you to easily download new versions of common software: http://filehippo.com/updatechecker/UpdateChecker.exe

:step5: Finally, read this tutorial and follow each of the steps:
http://www.bleepingcomputer.com/tutorials/tutorial82.html

Please feel free to post any future computer problems in the appropriate forum. Have a great day! :)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 pollo8507

pollo8507
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 21 May 2012 - 06:42 PM

Thanks so much for all your help! I really appreciate it:)

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:27 AM

Posted 21 May 2012 - 06:51 PM

You're welcome, I'm glad I could help! :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users