Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SMART HDD Cannot Be Removed


  • This topic is locked This topic is locked
17 replies to this topic

#1 nbneil

nbneil

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 12 July 2012 - 08:50 PM

I have been trying for the last two days to remove the SMART HDD virus from my wife's computer. I followed the instructions in the following thread:

http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd

Rkill would not terminate any processes and we followed these instructions to try and manually taskkill via PID, but it did not seem to work either.



The DDS.txt log is as follows. I would appreciate any assistance in removing this malware without the need to reformat the hard drive. Thank you so much in advance.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Beth at 21:32:59 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.3160 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Beth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Beth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6C636AF6-91D6-42F0-A4E4-5AE8AEED22D2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9D2AACF9-FED0-40E5-8956-302ACBD17F1F} : DhcpNameServer = 10.136.68.68 10.136.68.86
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\2rxnghrr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|https://owa.dm.duke.edu/CookieAuth.dll?GetLogon?curl=Z2Fowa&reason=0&formdir=1|http://www.ncbi.nlm.nih.gov/pubmed/|https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-7-10 103472]
S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-1-6 20792]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]
S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-1-6 180968]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-1-6 66896]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-6 1692480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-12 02:59:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-12 02:59:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-11 19:41:01 -------- d-----w- C:\QUARANTINE
2012-07-11 19:33:53 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 12:58:23 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1E15218-20E1-4DA4-9FBC-F22881FC24CF}\mpengine.dll
2012-07-05 18:38:15 -------- d-----w- C:\Program Files (x86)\Geospiza
2012-06-26 17:44:41 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 17:44:41 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-26 13:27:52 -------- d--h--w- C:\Users\Beth\AppData\Local\Diagnostics
2012-06-24 18:59:29 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-24 18:59:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-24 18:58:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-24 18:58:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-14 13:02:17 -------- d--h--w- C:\Users\Beth\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-06-25 13:49:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 13:49:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 21:33:32.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 17 July 2012 - 08:30 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 nbneil

nbneil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 17 July 2012 - 08:54 PM

m0le, I really appreciate your help. I've tried the standard suggestions and in this case, I'm stumped. This is by far the most frustrating malware I've had to deal with. I look forward to working with you.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 18 July 2012 - 02:01 PM

I'm not sure what you've tried using the guide but let me know if you already have results for anything we are using here.

Please boot into safe mode (no networking) and run the following programs

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

And

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 20 July 2012 - 08:05 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 21 July 2012 - 07:30 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 23 July 2012 - 02:15 PM

This topic has been re-opened at the request of the person who originally posted.
Posted Image
m0le is a proud member of UNITE

#8 nbneil

nbneil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 23 July 2012 - 08:20 PM

It looks as if nothing was detected by either, but the problem persists. When the computer starts up, tens of windows pop up and the SMART tool appears. The logs from the scans are below:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 21:24:48
-----------------------------
21:24:48.668 OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:48.668 Number of processors: 2 586 0x170A
21:24:48.668 ComputerName: BETH-PC UserName: Beth
21:24:49.448 Initialize success
21:25:20.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:25:20.883 Disk 0 Vendor: ST932032 D005 Size: 305245MB BusType: 3
21:25:20.914 Disk 0 MBR read successfully
21:25:20.914 Disk 0 MBR scan
21:25:20.914 Disk 0 Windows 7 default MBR code
21:25:20.914 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:25:20.929 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
21:25:20.945 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
21:25:20.961 Disk 0 scanning C:\Windows\system32\drivers
21:25:29.759 Service scanning
21:25:45.780 Modules scanning
21:25:45.780 Disk 0 trace - called modules:
21:25:45.811 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:25:45.811 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004530410]
21:25:45.827 3 CLASSPNP.SYS[fffff88001a7f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800405c050]
21:25:45.827 Scan finished successfully
21:26:03.642 Disk 0 MBR has been saved successfully to "C:\Users\Beth\Desktop\MBR.dat"
21:26:03.642 The log file has been saved successfully to "C:\Users\Beth\Desktop\aswMBR.txt"

21:32:43.0003 0768 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
21:32:43.0237 0768 ============================================================
21:32:43.0237 0768 Current date / time: 2012/07/22 21:32:43.0237
21:32:43.0237 0768 SystemInfo:
21:32:43.0237 0768
21:32:43.0237 0768 OS Version: 6.1.7601 ServicePack: 1.0
21:32:43.0237 0768 Product type: Workstation
21:32:43.0237 0768 ComputerName: BETH-PC
21:32:43.0237 0768 UserName: Beth
21:32:43.0237 0768 Windows directory: C:\Windows
21:32:43.0237 0768 System windows directory: C:\Windows
21:32:43.0237 0768 Running under WOW64
21:32:43.0237 0768 Processor architecture: Intel x64
21:32:43.0237 0768 Number of processors: 2
21:32:43.0237 0768 Page size: 0x1000
21:32:43.0237 0768 Boot type: Safe boot
21:32:43.0237 0768 ============================================================
21:32:43.0767 0768 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:32:43.0767 0768 Drive \Device\Harddisk1\DR2 - Size: 0x3C3F1000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:32:43.0767 0768 ============================================================
21:32:43.0767 0768 \Device\Harddisk0\DR0:
21:32:43.0767 0768 MBR partitions:
21:32:43.0767 0768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
21:32:43.0767 0768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
21:32:43.0767 0768 \Device\Harddisk1\DR2:
21:32:43.0767 0768 MBR partitions:
21:32:43.0767 0768 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E1F49
21:32:43.0767 0768 ============================================================
21:32:43.0783 0768 C: <-> \Device\Harddisk0\DR0\Partition1
21:32:43.0783 0768 ============================================================
21:32:43.0783 0768 Initialize success
21:32:43.0783 0768 ============================================================
21:32:45.0437 1148 ============================================================
21:32:45.0437 1148 Scan started
21:32:45.0437 1148 Mode: Manual;
21:32:45.0437 1148 ============================================================
21:32:45.0795 1148 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:32:45.0795 1148 1394ohci - ok
21:32:45.0842 1148 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:32:45.0842 1148 ACPI - ok
21:32:45.0873 1148 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:32:45.0873 1148 AcpiPmi - ok
21:32:45.0998 1148 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:32:46.0014 1148 AdobeFlashPlayerUpdateSvc - ok
21:32:46.0076 1148 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:32:46.0092 1148 adp94xx - ok
21:32:46.0123 1148 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:32:46.0123 1148 adpahci - ok
21:32:46.0154 1148 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:32:46.0154 1148 adpu320 - ok
21:32:46.0185 1148 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:32:46.0185 1148 AeLookupSvc - ok
21:32:46.0248 1148 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:32:46.0263 1148 AFD - ok
21:32:46.0295 1148 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:32:46.0295 1148 agp440 - ok
21:32:46.0326 1148 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:32:46.0326 1148 ALG - ok
21:32:46.0357 1148 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:32:46.0357 1148 aliide - ok
21:32:46.0373 1148 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:32:46.0373 1148 amdide - ok
21:32:46.0419 1148 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:32:46.0419 1148 AmdK8 - ok
21:32:46.0435 1148 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:32:46.0435 1148 AmdPPM - ok
21:32:46.0466 1148 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:32:46.0466 1148 amdsata - ok
21:32:46.0482 1148 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:32:46.0482 1148 amdsbs - ok
21:32:46.0529 1148 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:32:46.0529 1148 amdxata - ok
21:32:46.0575 1148 ApfiltrService (9b0b7fde049cb283fabe5877a49f2611) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:32:46.0575 1148 ApfiltrService - ok
21:32:46.0622 1148 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:32:46.0622 1148 AppID - ok
21:32:46.0653 1148 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:32:46.0653 1148 AppIDSvc - ok
21:32:46.0700 1148 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:32:46.0700 1148 Appinfo - ok
21:32:46.0841 1148 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:32:46.0841 1148 Apple Mobile Device - ok
21:32:46.0887 1148 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:32:46.0887 1148 arc - ok
21:32:46.0903 1148 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:32:46.0903 1148 arcsas - ok
21:32:46.0934 1148 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:46.0934 1148 AsyncMac - ok
21:32:46.0965 1148 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:32:46.0965 1148 atapi - ok
21:32:47.0028 1148 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:32:47.0059 1148 AudioEndpointBuilder - ok
21:32:47.0059 1148 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:32:47.0059 1148 AudioSrv - ok
21:32:47.0153 1148 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:32:47.0153 1148 AxInstSV - ok
21:32:47.0215 1148 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:32:47.0231 1148 b06bdrv - ok
21:32:47.0262 1148 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:32:47.0277 1148 b57nd60a - ok
21:32:47.0387 1148 BBSvc (dbf43db0c648db9101d61041e00df5c4) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:32:47.0387 1148 BBSvc - ok
21:32:47.0496 1148 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:32:47.0496 1148 BCM42RLY - ok
21:32:47.0652 1148 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:32:47.0730 1148 BCM43XX - ok
21:32:47.0855 1148 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:32:47.0855 1148 BDESVC - ok
21:32:47.0933 1148 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:32:47.0933 1148 Beep - ok
21:32:48.0042 1148 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:32:48.0073 1148 BFE - ok
21:32:48.0151 1148 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:32:48.0229 1148 BITS - ok
21:32:48.0291 1148 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:32:48.0291 1148 blbdrive - ok
21:32:48.0369 1148 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:32:48.0385 1148 Bonjour Service - ok
21:32:48.0416 1148 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:32:48.0416 1148 bowser - ok
21:32:48.0447 1148 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:32:48.0447 1148 BrFiltLo - ok
21:32:48.0463 1148 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:32:48.0463 1148 BrFiltUp - ok
21:32:48.0525 1148 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:32:48.0525 1148 Browser - ok
21:32:48.0541 1148 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:32:48.0557 1148 Brserid - ok
21:32:48.0572 1148 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:32:48.0572 1148 BrSerWdm - ok
21:32:48.0588 1148 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:32:48.0588 1148 BrUsbMdm - ok
21:32:48.0603 1148 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:32:48.0603 1148 BrUsbSer - ok
21:32:48.0635 1148 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:32:48.0635 1148 BTHMODEM - ok
21:32:48.0681 1148 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:32:48.0681 1148 bthserv - ok
21:32:48.0713 1148 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:32:48.0713 1148 cdfs - ok
21:32:48.0744 1148 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:32:48.0744 1148 cdrom - ok
21:32:48.0806 1148 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:32:48.0806 1148 CertPropSvc - ok
21:32:48.0822 1148 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:32:48.0822 1148 circlass - ok
21:32:48.0869 1148 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:32:48.0884 1148 CLFS - ok
21:32:49.0025 1148 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:49.0025 1148 clr_optimization_v2.0.50727_32 - ok
21:32:49.0103 1148 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:32:49.0118 1148 clr_optimization_v2.0.50727_64 - ok
21:32:49.0243 1148 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:49.0274 1148 clr_optimization_v4.0.30319_32 - ok
21:32:49.0337 1148 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:32:49.0383 1148 clr_optimization_v4.0.30319_64 - ok
21:32:49.0399 1148 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:32:49.0399 1148 CmBatt - ok
21:32:49.0430 1148 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:32:49.0430 1148 cmdide - ok
21:32:49.0477 1148 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:32:49.0493 1148 CNG - ok
21:32:49.0539 1148 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:32:49.0539 1148 Compbatt - ok
21:32:49.0555 1148 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:32:49.0555 1148 CompositeBus - ok
21:32:49.0571 1148 COMSysApp - ok
21:32:49.0586 1148 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:32:49.0586 1148 crcdisk - ok
21:32:49.0633 1148 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:32:49.0633 1148 CryptSvc - ok
21:32:49.0695 1148 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:32:49.0711 1148 DcomLaunch - ok
21:32:49.0758 1148 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:32:49.0758 1148 defragsvc - ok
21:32:49.0789 1148 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:32:49.0789 1148 DfsC - ok
21:32:49.0851 1148 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:32:49.0851 1148 Dhcp - ok
21:32:49.0883 1148 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:32:49.0883 1148 discache - ok
21:32:49.0898 1148 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:32:49.0898 1148 Disk - ok
21:32:49.0945 1148 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:32:49.0945 1148 Dnscache - ok
21:32:50.0054 1148 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
21:32:50.0054 1148 DockLoginService - ok
21:32:50.0101 1148 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:32:50.0101 1148 dot3svc - ok
21:32:50.0132 1148 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:32:50.0132 1148 DPS - ok
21:32:50.0179 1148 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:32:50.0179 1148 drmkaud - ok
21:32:50.0257 1148 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:32:50.0304 1148 DXGKrnl - ok
21:32:50.0351 1148 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:32:50.0351 1148 EapHost - ok
21:32:50.0522 1148 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:32:50.0600 1148 ebdrv - ok
21:32:50.0709 1148 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:32:50.0709 1148 EFS - ok
21:32:50.0819 1148 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:32:50.0834 1148 ehRecvr - ok
21:32:50.0865 1148 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:32:50.0865 1148 ehSched - ok
21:32:50.0928 1148 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:32:50.0943 1148 elxstor - ok
21:32:50.0959 1148 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:32:50.0959 1148 ErrDev - ok
21:32:51.0037 1148 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:32:51.0053 1148 EventSystem - ok
21:32:51.0099 1148 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:32:51.0099 1148 exfat - ok
21:32:51.0131 1148 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:32:51.0131 1148 fastfat - ok
21:32:51.0193 1148 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:32:51.0209 1148 Fax - ok
21:32:51.0255 1148 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:32:51.0255 1148 fdc - ok
21:32:51.0287 1148 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:32:51.0302 1148 fdPHost - ok
21:32:51.0318 1148 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:32:51.0318 1148 FDResPub - ok
21:32:51.0349 1148 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:32:51.0349 1148 FileInfo - ok
21:32:51.0365 1148 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:32:51.0365 1148 Filetrace - ok
21:32:51.0489 1148 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:32:51.0536 1148 FLEXnet Licensing Service - ok
21:32:51.0552 1148 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:32:51.0552 1148 flpydisk - ok
21:32:51.0614 1148 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:32:51.0614 1148 FltMgr - ok
21:32:51.0677 1148 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:32:51.0739 1148 FontCache - ok
21:32:51.0879 1148 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:32:51.0879 1148 FontCache3.0.0.0 - ok
21:32:51.0926 1148 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:32:51.0926 1148 FsDepends - ok
21:32:51.0942 1148 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:32:51.0957 1148 Fs_Rec - ok
21:32:52.0004 1148 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:32:52.0004 1148 fvevol - ok
21:32:52.0035 1148 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:32:52.0035 1148 gagp30kx - ok
21:32:52.0145 1148 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
21:32:52.0145 1148 GameConsoleService - ok
21:32:52.0176 1148 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:32:52.0176 1148 GEARAspiWDM - ok
21:32:52.0223 1148 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:32:52.0223 1148 GoToAssist - ok
21:32:52.0285 1148 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:32:52.0332 1148 gpsvc - ok
21:32:52.0363 1148 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:32:52.0363 1148 hcw85cir - ok
21:32:52.0425 1148 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:32:52.0425 1148 HdAudAddService - ok
21:32:52.0457 1148 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:32:52.0457 1148 HDAudBus - ok
21:32:52.0472 1148 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:32:52.0472 1148 HidBatt - ok
21:32:52.0488 1148 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:32:52.0488 1148 HidBth - ok
21:32:52.0519 1148 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:32:52.0519 1148 HidIr - ok
21:32:52.0550 1148 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:32:52.0550 1148 hidserv - ok
21:32:52.0581 1148 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:32:52.0581 1148 HidUsb - ok
21:32:52.0644 1148 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:32:52.0644 1148 hkmsvc - ok
21:32:52.0675 1148 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:32:52.0691 1148 HomeGroupListener - ok
21:32:52.0722 1148 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:32:52.0722 1148 HomeGroupProvider - ok
21:32:52.0753 1148 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:32:52.0753 1148 HpSAMD - ok
21:32:52.0831 1148 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:32:52.0862 1148 HTTP - ok
21:32:52.0893 1148 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:32:52.0893 1148 hwpolicy - ok
21:32:52.0925 1148 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:32:52.0925 1148 i8042prt - ok
21:32:53.0034 1148 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:32:53.0049 1148 IAANTMON - ok
21:32:53.0112 1148 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:32:53.0112 1148 iaStor - ok
21:32:53.0159 1148 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:32:53.0174 1148 iaStorV - ok
21:32:53.0283 1148 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:32:53.0315 1148 idsvc - ok
21:32:53.0736 1148 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:32:53.0876 1148 igfx - ok
21:32:54.0017 1148 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:32:54.0017 1148 iirsp - ok
21:32:54.0079 1148 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:32:54.0110 1148 IKEEXT - ok
21:32:54.0126 1148 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:32:54.0126 1148 intelide - ok
21:32:54.0141 1148 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:32:54.0141 1148 intelppm - ok
21:32:54.0188 1148 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:32:54.0188 1148 IPBusEnum - ok
21:32:54.0219 1148 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:32:54.0219 1148 IpFilterDriver - ok
21:32:54.0282 1148 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:32:54.0297 1148 iphlpsvc - ok
21:32:54.0329 1148 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:32:54.0329 1148 IPMIDRV - ok
21:32:54.0375 1148 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:32:54.0375 1148 IPNAT - ok
21:32:54.0469 1148 iPod Service (24595ec9236d7e421661a2d4ffbd901a) C:\Program Files\iPod\bin\iPodService.exe
21:32:54.0485 1148 iPod Service - ok
21:32:54.0516 1148 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:32:54.0516 1148 IRENUM - ok
21:32:54.0531 1148 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:32:54.0531 1148 isapnp - ok
21:32:54.0563 1148 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:32:54.0563 1148 iScsiPrt - ok
21:32:54.0578 1148 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:32:54.0578 1148 kbdclass - ok
21:32:54.0609 1148 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:32:54.0609 1148 kbdhid - ok
21:32:54.0641 1148 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:32:54.0641 1148 KeyIso - ok
21:32:54.0656 1148 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:32:54.0656 1148 KSecDD - ok
21:32:54.0687 1148 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:32:54.0687 1148 KSecPkg - ok
21:32:54.0719 1148 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:32:54.0719 1148 ksthunk - ok
21:32:54.0765 1148 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:32:54.0781 1148 KtmRm - ok
21:32:54.0843 1148 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:32:54.0843 1148 LanmanServer - ok
21:32:54.0890 1148 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:32:54.0890 1148 LanmanWorkstation - ok
21:32:54.0921 1148 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:32:54.0921 1148 lltdio - ok
21:32:54.0953 1148 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:32:54.0968 1148 lltdsvc - ok
21:32:54.0968 1148 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:32:54.0984 1148 lmhosts - ok
21:32:54.0999 1148 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:32:54.0999 1148 LSI_FC - ok
21:32:55.0031 1148 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:32:55.0031 1148 LSI_SAS - ok
21:32:55.0046 1148 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:32:55.0046 1148 LSI_SAS2 - ok
21:32:55.0062 1148 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:32:55.0062 1148 LSI_SCSI - ok
21:32:55.0093 1148 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:32:55.0093 1148 luafv - ok
21:32:55.0171 1148 McAfee SiteAdvisor Service (b891e3920f24ff1a3bead6cd2b42ed99) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
21:32:55.0171 1148 McAfee SiteAdvisor Service - ok
21:32:55.0202 1148 McAfeeEngineService (cec4d9c0a64993f4f82fd77a84b21944) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
21:32:55.0218 1148 McAfeeEngineService - ok
21:32:55.0265 1148 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
21:32:55.0265 1148 McAfeeFramework - ok
21:32:55.0296 1148 McShield (911a6416d429ee8a8804d44f2e181a31) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
21:32:55.0311 1148 McShield - ok
21:32:55.0327 1148 McTaskManager (7f743f853a32ac25cb8fad959a2f087e) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
21:32:55.0327 1148 McTaskManager - ok
21:32:55.0358 1148 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:32:55.0358 1148 Mcx2Svc - ok
21:32:55.0405 1148 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:32:55.0405 1148 megasas - ok
21:32:55.0436 1148 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:32:55.0436 1148 MegaSR - ok
21:32:55.0467 1148 mfeapfk (12ad015f8c2c109c6a74d25da94607fe) C:\Windows\system32\drivers\mfeapfk.sys
21:32:55.0467 1148 mfeapfk - ok
21:32:55.0483 1148 mfeavfk (dd17753ad5fa52f3bcd3b512934690c4) C:\Windows\system32\drivers\mfeavfk.sys
21:32:55.0483 1148 mfeavfk - ok
21:32:55.0530 1148 mfehidk (3ba96b0584ad024f03eb9835d45619c2) C:\Windows\system32\drivers\mfehidk.sys
21:32:55.0545 1148 mfehidk - ok
21:32:55.0577 1148 mferkdet (158c24a8ed5f2cab71a86fd775bc1727) C:\Windows\system32\drivers\mferkdet.sys
21:32:55.0577 1148 mferkdet - ok
21:32:55.0592 1148 mfetdik (6cfff53e82808268dd61ab4790a36426) C:\Windows\system32\drivers\mfetdik.sys
21:32:55.0592 1148 mfetdik - ok
21:32:55.0608 1148 mfevtp (be9d3bf69f3958492b56dce7ea7f5fa9) C:\Windows\system32\mfevtps.exe
21:32:55.0608 1148 mfevtp - ok
21:32:55.0686 1148 Microsoft SharePoint Workspace Audit Service - ok
21:32:55.0733 1148 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:32:55.0733 1148 MMCSS - ok
21:32:55.0764 1148 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:32:55.0764 1148 Modem - ok
21:32:55.0795 1148 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:32:55.0795 1148 monitor - ok
21:32:55.0811 1148 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:32:55.0811 1148 mouclass - ok
21:32:55.0826 1148 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:32:55.0826 1148 mouhid - ok
21:32:55.0842 1148 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:32:55.0857 1148 mountmgr - ok
21:32:55.0904 1148 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:32:55.0904 1148 MozillaMaintenance - ok
21:32:55.0935 1148 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:32:55.0935 1148 mpio - ok
21:32:55.0951 1148 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:32:55.0951 1148 mpsdrv - ok
21:32:56.0013 1148 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:32:56.0045 1148 MpsSvc - ok
21:32:56.0076 1148 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:32:56.0076 1148 MRxDAV - ok
21:32:56.0123 1148 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:32:56.0123 1148 mrxsmb - ok
21:32:56.0154 1148 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:32:56.0154 1148 mrxsmb10 - ok
21:32:56.0169 1148 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:32:56.0169 1148 mrxsmb20 - ok
21:32:56.0201 1148 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:32:56.0201 1148 msahci - ok
21:32:56.0216 1148 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:32:56.0232 1148 msdsm - ok
21:32:56.0279 1148 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:32:56.0279 1148 MSDTC - ok
21:32:56.0325 1148 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:32:56.0325 1148 Msfs - ok
21:32:56.0325 1148 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:32:56.0341 1148 mshidkmdf - ok
21:32:56.0357 1148 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:32:56.0357 1148 msisadrv - ok
21:32:56.0403 1148 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:32:56.0403 1148 MSiSCSI - ok
21:32:56.0403 1148 msiserver - ok
21:32:56.0435 1148 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:32:56.0435 1148 MSKSSRV - ok
21:32:56.0450 1148 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:32:56.0450 1148 MSPCLOCK - ok
21:32:56.0481 1148 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:32:56.0481 1148 MSPQM - ok
21:32:56.0528 1148 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:32:56.0528 1148 MsRPC - ok
21:32:56.0544 1148 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:32:56.0544 1148 mssmbios - ok
21:32:56.0575 1148 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:32:56.0575 1148 MSTEE - ok
21:32:56.0591 1148 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:32:56.0591 1148 MTConfig - ok
21:32:56.0622 1148 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:32:56.0622 1148 Mup - ok
21:32:56.0669 1148 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:32:56.0700 1148 napagent - ok
21:32:56.0762 1148 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:32:56.0762 1148 NativeWifiP - ok
21:32:56.0809 1148 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:32:56.0856 1148 NDIS - ok
21:32:56.0871 1148 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:32:56.0871 1148 NdisCap - ok
21:32:56.0903 1148 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:32:56.0903 1148 NdisTapi - ok
21:32:56.0949 1148 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:32:56.0949 1148 Ndisuio - ok
21:32:56.0996 1148 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:32:56.0996 1148 NdisWan - ok
21:32:57.0027 1148 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:32:57.0027 1148 NDProxy - ok
21:32:57.0043 1148 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:32:57.0043 1148 NetBIOS - ok
21:32:57.0090 1148 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:32:57.0090 1148 NetBT - ok
21:32:57.0105 1148 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:32:57.0105 1148 Netlogon - ok
21:32:57.0168 1148 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:32:57.0183 1148 Netman - ok
21:32:57.0215 1148 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:32:57.0230 1148 netprofm - ok
21:32:57.0324 1148 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:57.0339 1148 NetTcpPortSharing - ok
21:32:57.0371 1148 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:32:57.0371 1148 nfrd960 - ok
21:32:57.0417 1148 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:32:57.0433 1148 NlaSvc - ok
21:32:57.0449 1148 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:32:57.0449 1148 Npfs - ok
21:32:57.0480 1148 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:32:57.0480 1148 nsi - ok
21:32:57.0495 1148 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:32:57.0495 1148 nsiproxy - ok
21:32:57.0573 1148 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:32:57.0636 1148 Ntfs - ok
21:32:57.0761 1148 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:32:57.0761 1148 Null - ok
21:32:57.0807 1148 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:32:57.0807 1148 nvraid - ok
21:32:57.0823 1148 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:32:57.0839 1148 nvstor - ok
21:32:57.0854 1148 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:32:57.0854 1148 nv_agp - ok
21:32:57.0870 1148 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:32:57.0870 1148 ohci1394 - ok
21:32:57.0979 1148 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:32:57.0979 1148 ose - ok
21:32:58.0275 1148 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:32:58.0400 1148 osppsvc - ok
21:32:58.0541 1148 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:32:58.0556 1148 p2pimsvc - ok
21:32:58.0587 1148 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:32:58.0603 1148 p2psvc - ok
21:32:58.0650 1148 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:32:58.0650 1148 Parport - ok
21:32:58.0681 1148 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:32:58.0681 1148 partmgr - ok
21:32:58.0728 1148 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:32:58.0728 1148 PcaSvc - ok
21:32:58.0759 1148 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:32:58.0759 1148 pci - ok
21:32:58.0775 1148 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:32:58.0775 1148 pciide - ok
21:32:58.0821 1148 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:32:58.0821 1148 pcmcia - ok
21:32:58.0837 1148 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:32:58.0837 1148 pcw - ok
21:32:58.0868 1148 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:32:58.0884 1148 PEAUTH - ok
21:32:58.0977 1148 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:32:59.0087 1148 PerfHost - ok
21:32:59.0211 1148 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:32:59.0258 1148 pla - ok
21:32:59.0321 1148 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:32:59.0336 1148 PlugPlay - ok
21:32:59.0367 1148 Pml Driver HPZ12 (403f8d707515a6aae46ccc5dbfe8408c) C:\Windows\system32\HPZipm12.dll
21:32:59.0367 1148 Pml Driver HPZ12 - ok
21:32:59.0399 1148 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:32:59.0399 1148 PNRPAutoReg - ok
21:32:59.0430 1148 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:32:59.0430 1148 PNRPsvc - ok
21:32:59.0477 1148 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:32:59.0508 1148 PolicyAgent - ok
21:32:59.0523 1148 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:32:59.0523 1148 Power - ok
21:32:59.0601 1148 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:32:59.0601 1148 PptpMiniport - ok
21:32:59.0648 1148 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:32:59.0648 1148 Processor - ok
21:32:59.0695 1148 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:32:59.0695 1148 ProfSvc - ok
21:32:59.0711 1148 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:32:59.0711 1148 ProtectedStorage - ok
21:32:59.0851 1148 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:32:59.0851 1148 Psched - ok
21:32:59.0898 1148 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:32:59.0898 1148 PxHlpa64 - ok
21:33:00.0007 1148 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:33:00.0038 1148 ql2300 - ok
21:33:00.0163 1148 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:33:00.0163 1148 ql40xx - ok
21:33:00.0210 1148 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:33:00.0225 1148 QWAVE - ok
21:33:00.0241 1148 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:33:00.0241 1148 QWAVEdrv - ok
21:33:00.0257 1148 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:33:00.0257 1148 RasAcd - ok
21:33:00.0303 1148 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:33:00.0303 1148 RasAgileVpn - ok
21:33:00.0335 1148 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:33:00.0335 1148 RasAuto - ok
21:33:00.0366 1148 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:33:00.0366 1148 Rasl2tp - ok
21:33:00.0413 1148 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:33:00.0428 1148 RasMan - ok
21:33:00.0459 1148 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:33:00.0475 1148 RasPppoe - ok
21:33:00.0491 1148 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:33:00.0491 1148 RasSstp - ok
21:33:00.0537 1148 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:33:00.0537 1148 rdbss - ok
21:33:00.0553 1148 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:33:00.0553 1148 rdpbus - ok
21:33:00.0584 1148 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:33:00.0584 1148 RDPCDD - ok
21:33:00.0600 1148 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:33:00.0600 1148 RDPENCDD - ok
21:33:00.0615 1148 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:33:00.0615 1148 RDPREFMP - ok
21:33:00.0662 1148 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:33:00.0662 1148 RDPWD - ok
21:33:00.0693 1148 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:33:00.0709 1148 rdyboost - ok
21:33:00.0725 1148 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:33:00.0740 1148 RemoteAccess - ok
21:33:00.0787 1148 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:33:00.0787 1148 RemoteRegistry - ok
21:33:00.0818 1148 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:33:00.0834 1148 RpcEptMapper - ok
21:33:00.0865 1148 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:33:00.0865 1148 RpcLocator - ok
21:33:00.0927 1148 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:33:00.0927 1148 RpcSs - ok
21:33:00.0959 1148 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:33:00.0959 1148 rspndr - ok
21:33:01.0021 1148 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
21:33:01.0021 1148 RSUSBSTOR - ok
21:33:01.0037 1148 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:33:01.0037 1148 SamSs - ok
21:33:01.0068 1148 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:33:01.0068 1148 sbp2port - ok
21:33:01.0115 1148 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:33:01.0115 1148 SCardSvr - ok
21:33:01.0146 1148 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:33:01.0146 1148 scfilter - ok
21:33:01.0224 1148 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:33:01.0271 1148 Schedule - ok
21:33:01.0317 1148 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:33:01.0317 1148 SCPolicySvc - ok
21:33:01.0333 1148 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:33:01.0349 1148 SDRSVC - ok
21:33:01.0442 1148 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:33:01.0442 1148 SeaPort - ok
21:33:01.0505 1148 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:33:01.0505 1148 secdrv - ok
21:33:01.0536 1148 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:33:01.0536 1148 seclogon - ok
21:33:01.0583 1148 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:33:01.0583 1148 SENS - ok
21:33:01.0614 1148 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:33:01.0614 1148 SensrSvc - ok
21:33:01.0645 1148 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:33:01.0645 1148 Serenum - ok
21:33:01.0661 1148 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:33:01.0661 1148 Serial - ok
21:33:01.0692 1148 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:33:01.0692 1148 sermouse - ok
21:33:01.0723 1148 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:33:01.0739 1148 SessionEnv - ok
21:33:01.0754 1148 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:33:01.0754 1148 sffdisk - ok
21:33:01.0754 1148 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:33:01.0754 1148 sffp_mmc - ok
21:33:01.0785 1148 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:33:01.0785 1148 sffp_sd - ok
21:33:01.0817 1148 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:33:01.0817 1148 sfloppy - ok
21:33:01.0957 1148 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:33:02.0035 1148 SftService - ok
21:33:02.0160 1148 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:33:02.0160 1148 SharedAccess - ok
21:33:02.0222 1148 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:33:02.0238 1148 ShellHWDetection - ok
21:33:02.0285 1148 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:33:02.0285 1148 SiSRaid2 - ok
21:33:02.0300 1148 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:33:02.0300 1148 SiSRaid4 - ok
21:33:02.0316 1148 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:33:02.0316 1148 Smb - ok
21:33:02.0378 1148 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:33:02.0378 1148 SNMPTRAP - ok
21:33:02.0378 1148 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:33:02.0378 1148 spldr - ok
21:33:02.0425 1148 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:33:02.0456 1148 Spooler - ok
21:33:02.0612 1148 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:33:02.0721 1148 sppsvc - ok
21:33:02.0831 1148 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:33:02.0846 1148 sppuinotify - ok
21:33:02.0940 1148 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
21:33:02.0940 1148 sprtsvc_DellSupportCenter - ok
21:33:03.0018 1148 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:33:03.0033 1148 srv - ok
21:33:03.0065 1148 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:33:03.0080 1148 srv2 - ok
21:33:03.0096 1148 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:33:03.0096 1148 srvnet - ok
21:33:03.0143 1148 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:33:03.0158 1148 SSDPSRV - ok
21:33:03.0158 1148 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:33:03.0174 1148 SstpSvc - ok
21:33:03.0205 1148 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:33:03.0205 1148 stexstor - ok
21:33:03.0283 1148 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:33:03.0299 1148 stisvc - ok
21:33:03.0330 1148 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:33:03.0330 1148 swenum - ok
21:33:03.0377 1148 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:33:03.0408 1148 swprv - ok
21:33:03.0501 1148 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:33:03.0579 1148 SysMain - ok
21:33:03.0689 1148 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:33:03.0689 1148 TabletInputService - ok
21:33:03.0735 1148 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:33:03.0751 1148 TapiSrv - ok
21:33:03.0782 1148 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:33:03.0798 1148 TBS - ok
21:33:03.0923 1148 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:33:03.0954 1148 Tcpip - ok
21:33:04.0110 1148 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:33:04.0110 1148 TCPIP6 - ok
21:33:04.0203 1148 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:33:04.0203 1148 tcpipreg - ok
21:33:04.0235 1148 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:33:04.0235 1148 TDPIPE - ok
21:33:04.0266 1148 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:33:04.0266 1148 TDTCP - ok
21:33:04.0297 1148 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:33:04.0297 1148 tdx - ok
21:33:04.0328 1148 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:33:04.0328 1148 TermDD - ok
21:33:04.0391 1148 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:33:04.0406 1148 TermService - ok
21:33:04.0437 1148 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:33:04.0437 1148 Themes - ok
21:33:04.0469 1148 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:33:04.0469 1148 THREADORDER - ok
21:33:04.0484 1148 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:33:04.0484 1148 TrkWks - ok
21:33:04.0562 1148 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:33:04.0562 1148 TrustedInstaller - ok
21:33:04.0609 1148 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:33:04.0609 1148 tssecsrv - ok
21:33:04.0671 1148 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:33:04.0671 1148 TsUsbFlt - ok
21:33:04.0734 1148 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:33:04.0734 1148 tunnel - ok
21:33:04.0765 1148 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:33:04.0765 1148 uagp35 - ok
21:33:04.0812 1148 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:33:04.0812 1148 udfs - ok
21:33:04.0859 1148 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:33:04.0859 1148 UI0Detect - ok
21:33:04.0874 1148 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:33:04.0874 1148 uliagpkx - ok
21:33:04.0890 1148 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:33:04.0905 1148 umbus - ok
21:33:04.0921 1148 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:33:04.0921 1148 UmPass - ok
21:33:04.0952 1148 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:33:04.0968 1148 upnphost - ok
21:33:04.0999 1148 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
21:33:04.0999 1148 USBAAPL64 - ok
21:33:05.0030 1148 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:33:05.0030 1148 usbccgp - ok
21:33:05.0046 1148 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:33:05.0046 1148 usbcir - ok
21:33:05.0077 1148 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:33:05.0077 1148 usbehci - ok
21:33:05.0108 1148 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:33:05.0108 1148 usbhub - ok
21:33:05.0139 1148 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:33:05.0139 1148 usbohci - ok
21:33:05.0171 1148 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:33:05.0171 1148 usbprint - ok
21:33:05.0186 1148 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:33:05.0186 1148 USBSTOR - ok
21:33:05.0217 1148 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:33:05.0217 1148 usbuhci - ok
21:33:05.0249 1148 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:33:05.0249 1148 usbvideo - ok
21:33:05.0280 1148 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:33:05.0280 1148 UxSms - ok
21:33:05.0311 1148 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:33:05.0311 1148 VaultSvc - ok
21:33:05.0311 1148 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:33:05.0311 1148 vdrvroot - ok
21:33:05.0358 1148 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:33:05.0389 1148 vds - ok
21:33:05.0436 1148 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:33:05.0436 1148 vga - ok
21:33:05.0451 1148 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:33:05.0451 1148 VgaSave - ok
21:33:05.0467 1148 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:33:05.0483 1148 vhdmp - ok
21:33:05.0498 1148 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:33:05.0498 1148 viaide - ok
21:33:05.0514 1148 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:33:05.0514 1148 volmgr - ok
21:33:05.0576 1148 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:33:05.0576 1148 volmgrx - ok
21:33:05.0592 1148 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:33:05.0592 1148 volsnap - ok
21:33:05.0623 1148 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:33:05.0639 1148 vsmraid - ok
21:33:05.0717 1148 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:33:05.0779 1148 VSS - ok
21:33:05.0888 1148 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:33:05.0888 1148 vwifibus - ok
21:33:05.0919 1148 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:33:05.0919 1148 vwififlt - ok
21:33:05.0966 1148 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:33:05.0982 1148 W32Time - ok
21:33:05.0997 1148 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:33:05.0997 1148 WacomPen - ok
21:33:06.0029 1148 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:33:06.0029 1148 WANARP - ok
21:33:06.0044 1148 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:33:06.0044 1148 Wanarpv6 - ok
21:33:06.0122 1148 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:33:06.0169 1148 WatAdminSvc - ok
21:33:06.0263 1148 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:33:06.0325 1148 wbengine - ok
21:33:06.0450 1148 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:33:06.0450 1148 WbioSrvc - ok
21:33:06.0481 1148 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:33:06.0497 1148 wcncsvc - ok
21:33:06.0512 1148 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:33:06.0512 1148 WcsPlugInService - ok
21:33:06.0559 1148 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:33:06.0559 1148 Wd - ok
21:33:06.0606 1148 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:33:06.0621 1148 Wdf01000 - ok
21:33:06.0653 1148 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:33:06.0653 1148 WdiServiceHost - ok
21:33:06.0653 1148 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:33:06.0653 1148 WdiSystemHost - ok
21:33:06.0715 1148 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:33:06.0715 1148 WebClient - ok
21:33:06.0762 1148 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:33:06.0762 1148 Wecsvc - ok
21:33:06.0777 1148 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:33:06.0777 1148 wercplsupport - ok
21:33:06.0809 1148 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:33:06.0809 1148 WerSvc - ok
21:33:06.0871 1148 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:33:06.0871 1148 WfpLwf - ok
21:33:06.0902 1148 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:33:06.0902 1148 WimFltr - ok
21:33:06.0933 1148 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:33:06.0933 1148 WIMMount - ok
21:33:06.0965 1148 WinDefend - ok
21:33:06.0980 1148 WinHttpAutoProxySvc - ok
21:33:07.0058 1148 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:33:07.0058 1148 Winmgmt - ok
21:33:07.0152 1148 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:33:07.0214 1148 WinRM - ok
21:33:07.0370 1148 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:33:07.0401 1148 Wlansvc - ok
21:33:07.0589 1148 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:33:07.0635 1148 wlidsvc - ok
21:33:07.0682 1148 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
21:33:07.0682 1148 wltrysvc - ok
21:33:07.0807 1148 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:33:07.0807 1148 WmiAcpi - ok
21:33:07.0869 1148 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:33:07.0885 1148 wmiApSrv - ok
21:33:07.0932 1148 WMPNetworkSvc - ok
21:33:07.0963 1148 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:33:07.0963 1148 WPCSvc - ok
21:33:08.0010 1148 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:33:08.0010 1148 WPDBusEnum - ok
21:33:08.0057 1148 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:33:08.0057 1148 ws2ifsl - ok
21:33:08.0072 1148 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:33:08.0072 1148 wscsvc - ok
21:33:08.0072 1148 WSearch - ok
21:33:08.0213 1148 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:33:08.0259 1148 wuauserv - ok
21:33:08.0369 1148 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:33:08.0369 1148 WudfPf - ok
21:33:08.0400 1148 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:33:08.0400 1148 WUDFRd - ok
21:33:08.0447 1148 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:33:08.0447 1148 wudfsvc - ok
21:33:08.0493 1148 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:33:08.0509 1148 WwanSvc - ok
21:33:08.0556 1148 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
21:33:08.0571 1148 yukonw7 - ok
21:33:08.0587 1148 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:33:08.0805 1148 \Device\Harddisk0\DR0 - ok
21:33:08.0805 1148 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
21:33:10.0943 1148 \Device\Harddisk1\DR2 - ok
21:33:10.0943 1148 Boot (0x1200) (c9930f772110007481ed4984ab68f224) \Device\Harddisk0\DR0\Partition0
21:33:10.0943 1148 \Device\Harddisk0\DR0\Partition0 - ok
21:33:10.0958 1148 Boot (0x1200) (91fccc1547dfd2482d1becb0510b4e16) \Device\Harddisk0\DR0\Partition1
21:33:10.0958 1148 \Device\Harddisk0\DR0\Partition1 - ok
21:33:10.0974 1148 Boot (0x1200) (4c9566b21218a76de7b816d4f08ddab4) \Device\Harddisk1\DR2\Partition0
21:33:10.0974 1148 \Device\Harddisk1\DR2\Partition0 - ok
21:33:10.0974 1148 ============================================================
21:33:10.0974 1148 Scan finished
21:33:10.0974 1148 ============================================================
21:33:10.0989 0856 Detected object count: 0
21:33:10.0989 0856 Actual detected object count: 0
21:33:14.0921 0864 Deinitialize success

Attached Files



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 24 July 2012 - 04:56 PM

Run RKill and directly afterwards run Combofix. As shown below

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer.


Then Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 nbneil

nbneil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 25 July 2012 - 08:38 PM

I followed the instructions above. However, after Combofix.exe ran, I received the following error:

Windows cannot find 'NIRKMD'. Make sure you typed the name correctly, and then try again.

I've hit "Ok" multiple times, but it will not progress.

#11 nbneil

nbneil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 25 July 2012 - 08:47 PM

Eventually, hitting "Ok" enough times worked.

The following attached log was produced.

Attached Files



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 26 July 2012 - 06:37 PM

What elements of SMART HDD remain?
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 29 July 2012 - 07:41 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#14 nbneil

nbneil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 29 July 2012 - 10:21 PM

It seems the SMART HDD windows no longer appear after start-up.

Here are the issues my wife has noticed remain:

Nothing in startup menu. Go to programs, cannot find Microsoft office, search Microsoft outlook and
find. Now Microsoft office shows up under program folder list. Was able to add items back to startup.

Upon turning computer on, get dell dock error ~ dell dock has encountered a problem and needs to
close. Send error report or donít send. Chose donít send. Dell dock only thing listed under applications
running in task manager.

Touchpad not working. Ok with mouse attached. This has happened before upon startup.

When starting firefox, options to install java console, said another program was asking for permission.
Ignored request.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:24 AM

Posted 30 July 2012 - 06:37 PM

It seems the SMART HDD windows no longer appear after start-up.

Good. :thumbup2:


Nothing in startup menu. Go to programs, cannot find Microsoft office, search Microsoft outlook and
find. Now Microsoft office shows up under program folder list. Was able to add items back to startup.


These rogues mess with your startup. Download this file to restore the default startup menu


Upon turning computer on, get dell dock error ~ dell dock has encountered a problem and needs to
close. Send error report or donít send. Chose donít send. Dell dock only thing listed under applications
running in task manager.


Are you using Dell Dock? If not, uninstall it from Add/Remove programs.

Touchpad not working. Ok with mouse attached. This has happened before upon startup.

This might need to be reinstalled. Do you have a Dell disk or did you make one?

When starting firefox, options to install java console, said another program was asking for permission.
Ignored request.

Does it say which program is asking for permission?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users