Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee & Windows firewalls won't run, Win7-64


  • This topic is locked This topic is locked
28 replies to this topic

#1 Steven_stumped

Steven_stumped

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 17 August 2012 - 01:11 AM

(Edited for conciseness)
Fast "Dell XPS" workstation running 64-bit Windows
+
Up to date McAfee left running with FIREWALL OFF
===> periodic slowness + CANNOT ENABLE Firewall

ERROR (tried starting "McAfee Personal Firewall")=
"Error 1075: The dependency service does not exist or has been marked for deletion."
Service Status: Stopped
Service dependencies
1. McAfee Firewall Core Service [Service Status: Started/dithered out start/stop buttons]
2. Remote Procedure Call (RPC) [Service Status: Started/dithered out start/start buttons]

REFERENCE (no errors except attempting to start service="McAfee Personal Firewall"):
other McAfee services (status/dependencies)...
1. McAfee Firewall Core Service "mfefire.exe" has dithered out start/stop buttons
Service Status: Started
Dependency=McAfee Validation Trust Protection Service

2. Remote Procedure Call (RPC)
Service Status: Started
Dependency=DCOM Server Process Launcher; RPC Endpoint Mapper

McAfee McShield service "mcshield.exe" also dithered out start/stop buttons (apparently started) also with service dependency on McAfee Validation Trust Protection Service

McAfee Network Agent appears to be fine (can be stopped and restarted). Dependent services McAfee Firewall Core Service + Remote Procedure Call (RPC).

McAfee OOBE Service "McSvHost.exe" is disabled with no dependencies.

McAfee Proxy Services is running and can be stopped or restarted.
McAfee Scanner service is stopped and can be started.
McAee Services runs and can be stopped/restarted.

The following scans found nothing:
1. McAfee scan
2. stinger
3. MalawareBytes

LATEST: Ran DDS and posted log here.

I'd surely welcome advice on how to proceed in getting my firewall to run. Thank you! -Steven


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Home at 0:14:34 on 2012-08-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9818 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\LockStatusTray.exe
C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sierra\Planner\Plnrnote.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\Roxio 2010\Roxio Burn\Roxio Burn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622132603.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [LockStatusTray] C:\Windows\LockStatusTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Program Files (x86)\Sierra\Planner\Plnrnote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.photogize.com/bponet/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{BBD65BFC-B8C2-4A56-9B3A-3D7791076228} : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622132603.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [LockStatusTray] C:\Windows\LockStatusTray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\vwwt461r.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-6-23 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-6-23 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-6-23 162192]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-23 1692480]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 249936]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-31 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PaceDDNT;Paceart Windows NT/2000 Device Driver;C:\Program Files (x86)\Common Files\Paceart Shared\PaceDDNT.sys [2011-9-25 220956]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SQTECH913D;913D Camera;C:\Windows\system32\Drivers\Capt913D.sys --> C:\Windows\system32\Drivers\Capt913D.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 249936]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
.
=============== Created Last 30 ================
.
2012-08-16 04:32:24 -------- d-----w- C:\Users\Home\AppData\Roaming\Malwarebytes
2012-08-16 04:32:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-15 05:12:37 16200 ----a-w- C:\Windows\stinger.sys
2012-08-15 05:10:23 -------- d-----w- C:\Program Files (x86)\stinger
2012-08-14 03:13:56 -------- d-----w- C:\Users\Home\AppData\Local\Macromedia
2012-08-14 03:09:24 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 03:09:24 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-13 05:39:52 -------- d-----w- C:\Users\Home\AppData\Roaming\McAfee
2012-07-25 11:06:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-22 03:26:43 41280 ----a-w- C:\Windows\System32\drivers\Capt913D.sys
2012-07-22 03:26:43 39744 ----a-w- C:\Windows\System32\drivers\Camd913D.sys
2012-07-22 03:26:39 -------- d-----w- C:\Program Files (x86)\913D Camera
.
==================== Find3M ====================
.
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 0:15:45.85 ===============

Attached Files

  • Attached File  DDS.txt   22.7KB   1 downloads

Edited by Steven_stumped, 17 August 2012 - 11:13 PM.


BC AdBot (Login to Remove)

 


#2 Steven_stumped

Steven_stumped
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 17 August 2012 - 07:51 PM

Two thoughts:
1. Did I fail to post enough to "go on" in moving this forward? (15 views but no replies)
2. Why don't you all take money for this service? Surely you deserve it in offering such a nice service and the demand (based upon the many postings per hour here) is crazy high.

#3 Steven_stumped

Steven_stumped
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 17 August 2012 - 09:34 PM

Edited post. 65 views with no replies....

Thank you all for taking a look at this! (I hope the rewrite will be faster/clearer to read.)

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 22 August 2012 - 01:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465528 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Steven_stumped

Steven_stumped
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 23 August 2012 - 12:01 AM

PROBLEM DESCRIPTION: Simply unable to turn on McAfee firewall and noted already some McAfee services have not start/stop button available. I perceive extra network traffic and sluggishness at times in an otherwise fast Dell XPS computer.

DDS log attached

I have restore media in form of 2 Dell Datasafe CDs I created labeled "System Recovery Media-Dell Studio XPS 9000" and also 1 Repair Disc-Dell Studio XPS 9000. Also, Dell claims to have recovery media on a boot partition accessible via F8 upon rebooting.

I apologize I don't have anything more descriptive to go on (like an error message or results of an AV check). Thank you very much for looking at this!
-Steven

Attached Files



#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 24 August 2012 - 08:38 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, Steven_stumped

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

We apologize for the delayed response. It seems like you have been infected that could cause the firewall to turn off. I'll see what I can do here.

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 24 August 2012 - 08:38 AM

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 Steven_stumped

Steven_stumped
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 25 August 2012 - 12:53 AM

Thanks so much for looking at this with me, conspiracy. Have a great weekend! -Steven

Posting:
1. aswMBR.txt
2. MBR.zip (attachment)
3. TDSSKiller.2.8.8.0_25.08.2012_00.18.45_log.txt

1. aswMBR.txt
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-24 22:38:03
-----------------------------
22:38:03.051 OS Version: Windows x64 6.1.7601 Service Pack 1
22:38:03.051 Number of processors: 8 586 0x1A05
22:38:03.052 ComputerName: WINDOWS7 UserName: Home
22:40:06.235 Initialize success
22:40:14.625 AVAST engine defs: 12082402
22:41:25.131 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:41:25.136 Disk 0 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3
22:41:25.139 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:41:25.142 Disk 1 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3
22:41:25.230 Disk 0 MBR read successfully
22:41:25.234 Disk 0 MBR scan
22:41:25.240 Disk 0 Windows VISTA default MBR code
22:41:25.246 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:41:25.303 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920
22:41:25.334 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1419616 MB offset 22900736
22:41:25.429 Disk 0 scanning C:\Windows\system32\drivers
22:42:21.211 Service scanning
22:44:16.927 Modules scanning
22:44:16.934 Disk 0 trace - called modules:
22:44:16.966 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:44:16.972 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800adfe790]
22:44:16.978 3 CLASSPNP.SYS[fffff88001bad43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab42050]
22:46:27.754 AVAST engine scan C:\Windows
22:47:28.560 AVAST engine scan C:\Windows\system32
22:52:29.042 AVAST engine scan C:\Windows\system32\drivers
22:52:49.921 AVAST engine scan C:\Users\Home
22:56:48.041 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\antivirus logs\MBR.dat"
22:56:48.049 The log file has been saved successfully to "C:\Users\Home\Desktop\antivirus logs\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-24 22:59:50
-----------------------------
22:59:50.457 OS Version: Windows x64 6.1.7601 Service Pack 1
22:59:50.457 Number of processors: 8 586 0x1A05
22:59:50.458 ComputerName: WINDOWS7 UserName: Home
22:59:52.928 Initialize success
22:59:57.466 AVAST engine defs: 12082402
23:00:09.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:00:09.541 Disk 0 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3
23:00:09.544 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:00:09.547 Disk 1 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3
23:00:09.582 Disk 0 MBR read successfully
23:00:09.586 Disk 0 MBR scan
23:00:09.591 Disk 0 Windows VISTA default MBR code
23:00:09.595 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:00:09.604 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920
23:00:09.618 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1419616 MB offset 22900736
23:00:09.638 Disk 0 scanning C:\Windows\system32\drivers
23:00:24.429 Service scanning
23:00:51.747 Modules scanning
23:00:51.764 Disk 0 trace - called modules:
23:00:51.789 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:00:51.794 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800adfe790]
23:00:51.797 3 CLASSPNP.SYS[fffff88001bad43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab42050]
23:00:55.885 AVAST engine scan C:\Windows
23:01:00.869 AVAST engine scan C:\Windows\system32
23:05:35.576 AVAST engine scan C:\Windows\system32\drivers
23:06:01.413 AVAST engine scan C:\Users\Home
23:25:16.381 AVAST engine scan C:\ProgramData
23:31:44.113 Scan finished successfully
00:02:44.280 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\antivirus logs\MBR.dat"
00:02:44.296 The log file has been saved successfully to "C:\Users\Home\Desktop\antivirus logs\aswMBR.txt"

3. TDSSKiller.2.8.8.0_25.08.2012_00.18.45_log.txt
00:18:45.0400 4504 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:18:45.0727 4504 ============================================================
00:18:45.0727 4504 Current date / time: 2012/08/25 00:18:45.0727
00:18:45.0727 4504 SystemInfo:
00:18:45.0727 4504
00:18:45.0727 4504 OS Version: 6.1.7601 ServicePack: 1.0
00:18:45.0727 4504 Product type: Workstation
00:18:45.0727 4504 ComputerName: WINDOWS7
00:18:45.0727 4504 UserName: Home
00:18:45.0727 4504 Windows directory: C:\Windows
00:18:45.0727 4504 System windows directory: C:\Windows
00:18:45.0727 4504 Running under WOW64
00:18:45.0727 4504 Processor architecture: Intel x64
00:18:45.0727 4504 Number of processors: 8
00:18:45.0727 4504 Page size: 0x1000
00:18:45.0727 4504 Boot type: Normal boot
00:18:45.0727 4504 ============================================================
00:18:46.0429 4504 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:18:46.0445 4504 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:18:46.0445 4504 ============================================================
00:18:46.0445 4504 \Device\Harddisk0\DR0:
00:18:46.0445 4504 MBR partitions:
00:18:46.0445 4504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C3000
00:18:46.0445 4504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0xAD4B0000
00:18:46.0445 4504 \Device\Harddisk1\DR1:
00:18:46.0445 4504 MBR partitions:
00:18:46.0445 4504 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
00:18:46.0445 4504 ============================================================
00:18:46.0476 4504 C: <-> \Device\Harddisk0\DR0\Partition2
00:18:46.0507 4504 D: <-> \Device\Harddisk1\DR1\Partition1
00:18:46.0507 4504 ============================================================
00:18:46.0507 4504 Initialize success
00:18:46.0507 4504 ============================================================
00:19:04.0369 0740 ============================================================
00:19:04.0369 0740 Scan started
00:19:04.0369 0740 Mode: Manual;
00:19:04.0369 0740 ============================================================
00:19:05.0212 0740 ================ Scan system memory ========================
00:19:05.0212 0740 System memory - ok
00:19:05.0212 0740 ================ Scan services =============================
00:19:05.0368 0740 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:19:05.0368 0740 1394ohci - ok
00:19:05.0430 0740 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:19:05.0430 0740 ACPI - ok
00:19:05.0446 0740 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:19:05.0446 0740 AcpiPmi - ok
00:19:05.0492 0740 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:19:05.0492 0740 adp94xx - ok
00:19:05.0508 0740 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:19:05.0508 0740 adpahci - ok
00:19:05.0539 0740 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:19:05.0539 0740 adpu320 - ok
00:19:05.0555 0740 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:19:05.0555 0740 AeLookupSvc - ok
00:19:05.0633 0740 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:19:05.0633 0740 AFD - ok
00:19:05.0648 0740 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:19:05.0648 0740 agp440 - ok
00:19:05.0664 0740 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:19:05.0664 0740 ALG - ok
00:19:05.0680 0740 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:19:05.0680 0740 aliide - ok
00:19:05.0758 0740 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:19:05.0758 0740 AMD External Events Utility - ok
00:19:05.0773 0740 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:19:05.0773 0740 amdide - ok
00:19:05.0789 0740 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:19:05.0789 0740 AmdK8 - ok
00:19:05.0945 0740 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:19:06.0163 0740 amdkmdag - ok
00:19:06.0179 0740 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:19:06.0179 0740 amdkmdap - ok
00:19:06.0194 0740 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:19:06.0194 0740 AmdPPM - ok
00:19:06.0226 0740 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:19:06.0226 0740 amdsata - ok
00:19:06.0241 0740 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:19:06.0241 0740 amdsbs - ok
00:19:06.0257 0740 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:19:06.0257 0740 amdxata - ok
00:19:06.0350 0740 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
00:19:06.0382 0740 AppHostSvc - ok
00:19:06.0444 0740 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:19:06.0444 0740 AppID - ok
00:19:06.0475 0740 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:19:06.0475 0740 AppIDSvc - ok
00:19:06.0538 0740 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:19:06.0538 0740 Appinfo - ok
00:19:06.0647 0740 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:19:06.0647 0740 Apple Mobile Device - ok
00:19:06.0694 0740 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:19:06.0694 0740 AppMgmt - ok
00:19:06.0709 0740 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:19:06.0709 0740 arc - ok
00:19:06.0740 0740 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:19:06.0740 0740 arcsas - ok
00:19:06.0912 0740 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:19:06.0959 0740 aspnet_state - ok
00:19:07.0006 0740 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:19:07.0006 0740 AsyncMac - ok
00:19:07.0068 0740 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:19:07.0068 0740 atapi - ok
00:19:07.0146 0740 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
00:19:07.0146 0740 AtiHdmiService - ok
00:19:07.0208 0740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:19:07.0255 0740 AudioEndpointBuilder - ok
00:19:07.0271 0740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:19:07.0271 0740 AudioSrv - ok
00:19:07.0396 0740 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:19:07.0396 0740 AxInstSV - ok
00:19:07.0442 0740 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:19:07.0442 0740 b06bdrv - ok
00:19:07.0474 0740 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:19:07.0474 0740 b57nd60a - ok
00:19:07.0505 0740 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:19:07.0505 0740 BDESVC - ok
00:19:07.0505 0740 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:19:07.0505 0740 Beep - ok
00:19:07.0520 0740 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:19:07.0520 0740 blbdrive - ok
00:19:07.0676 0740 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:19:07.0676 0740 Bonjour Service - ok
00:19:07.0723 0740 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:19:07.0723 0740 bowser - ok
00:19:07.0786 0740 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:19:07.0786 0740 BrFiltLo - ok
00:19:07.0801 0740 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:19:07.0801 0740 BrFiltUp - ok
00:19:07.0864 0740 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
00:19:07.0895 0740 Browser - ok
00:19:07.0926 0740 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:19:07.0926 0740 Brserid - ok
00:19:07.0926 0740 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:19:07.0926 0740 BrSerWdm - ok
00:19:07.0942 0740 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:19:07.0942 0740 BrUsbMdm - ok
00:19:07.0957 0740 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:19:07.0957 0740 BrUsbSer - ok
00:19:07.0957 0740 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:19:07.0957 0740 BTHMODEM - ok
00:19:07.0973 0740 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:19:07.0973 0740 bthserv - ok
00:19:07.0988 0740 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:19:07.0988 0740 cdfs - ok
00:19:08.0066 0740 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:19:08.0066 0740 cdrom - ok
00:19:08.0098 0740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:19:08.0113 0740 CertPropSvc - ok
00:19:08.0160 0740 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
00:19:08.0160 0740 cfwids - ok
00:19:08.0269 0740 [ 127D4D0E9F78834FFD1EEEA3FCFB47C1 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
00:19:08.0285 0740 CinemaNow Service - ok
00:19:08.0300 0740 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:19:08.0300 0740 circlass - ok
00:19:08.0332 0740 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:19:08.0332 0740 CLFS - ok
00:19:08.0410 0740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:19:08.0410 0740 clr_optimization_v2.0.50727_32 - ok
00:19:08.0425 0740 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:19:08.0441 0740 clr_optimization_v2.0.50727_64 - ok
00:19:08.0566 0740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:19:08.0659 0740 clr_optimization_v4.0.30319_32 - ok
00:19:08.0706 0740 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:19:08.0768 0740 clr_optimization_v4.0.30319_64 - ok
00:19:08.0800 0740 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:19:08.0800 0740 CmBatt - ok
00:19:08.0800 0740 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:19:08.0815 0740 cmdide - ok
00:19:08.0862 0740 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:19:08.0862 0740 CNG - ok
00:19:08.0893 0740 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:19:08.0893 0740 Compbatt - ok
00:19:08.0909 0740 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:19:08.0909 0740 CompositeBus - ok
00:19:08.0909 0740 COMSysApp - ok
00:19:08.0940 0740 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:19:08.0940 0740 crcdisk - ok
00:19:09.0002 0740 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:19:09.0034 0740 CryptSvc - ok
00:19:09.0127 0740 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:19:09.0127 0740 CSC - ok
00:19:09.0190 0740 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:19:09.0205 0740 CscService - ok
00:19:09.0221 0740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:19:09.0236 0740 DcomLaunch - ok
00:19:09.0268 0740 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:19:09.0268 0740 defragsvc - ok
00:19:09.0330 0740 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:19:09.0330 0740 DfsC - ok
00:19:09.0346 0740 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:19:09.0377 0740 Dhcp - ok
00:19:09.0392 0740 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:19:09.0392 0740 discache - ok
00:19:09.0424 0740 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:19:09.0424 0740 Disk - ok
00:19:09.0502 0740 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:19:09.0533 0740 Dnscache - ok
00:19:09.0580 0740 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
00:19:09.0580 0740 DockLoginService - ok
00:19:09.0642 0740 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:19:09.0642 0740 dot3svc - ok
00:19:09.0658 0740 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:19:09.0658 0740 DPS - ok
00:19:09.0704 0740 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:19:09.0704 0740 drmkaud - ok
00:19:09.0736 0740 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:19:09.0751 0740 DXGKrnl - ok
00:19:09.0751 0740 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:19:09.0751 0740 EapHost - ok
00:19:09.0814 0740 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:19:09.0845 0740 ebdrv - ok
00:19:09.0907 0740 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:19:09.0907 0740 EFS - ok
00:19:09.0938 0740 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:19:09.0954 0740 ehRecvr - ok
00:19:09.0970 0740 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:19:09.0970 0740 ehSched - ok
00:19:10.0001 0740 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:19:10.0001 0740 elxstor - ok
00:19:10.0032 0740 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:19:10.0032 0740 ErrDev - ok
00:19:10.0079 0740 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:19:10.0079 0740 EventSystem - ok
00:19:10.0094 0740 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:19:10.0110 0740 exfat - ok
00:19:10.0126 0740 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:19:10.0126 0740 fastfat - ok
00:19:10.0141 0740 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:19:10.0141 0740 Fax - ok
00:19:10.0157 0740 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:19:10.0157 0740 fdc - ok
00:19:10.0172 0740 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:19:10.0172 0740 fdPHost - ok
00:19:10.0188 0740 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:19:10.0188 0740 FDResPub - ok
00:19:10.0204 0740 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:19:10.0204 0740 FileInfo - ok
00:19:10.0204 0740 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:19:10.0204 0740 Filetrace - ok
00:19:10.0235 0740 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:19:10.0235 0740 flpydisk - ok
00:19:10.0266 0740 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:19:10.0266 0740 FltMgr - ok
00:19:10.0344 0740 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:19:10.0344 0740 FontCache - ok
00:19:10.0406 0740 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:19:10.0453 0740 FontCache3.0.0.0 - ok
00:19:10.0500 0740 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:19:10.0500 0740 FsDepends - ok
00:19:10.0562 0740 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:19:10.0562 0740 Fs_Rec - ok
00:19:10.0562 0740 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:19:10.0562 0740 fvevol - ok
00:19:10.0578 0740 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:19:10.0578 0740 gagp30kx - ok
00:19:10.0656 0740 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:19:10.0656 0740 GEARAspiWDM - ok
00:19:10.0703 0740 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
00:19:10.0750 0740 GoToAssist - ok
00:19:10.0796 0740 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:19:10.0796 0740 gpsvc - ok
00:19:10.0828 0740 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:19:10.0828 0740 hcw85cir - ok
00:19:10.0906 0740 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:19:10.0906 0740 HDAudBus - ok
00:19:10.0952 0740 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:19:10.0952 0740 HidBatt - ok
00:19:10.0952 0740 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:19:10.0952 0740 HidBth - ok
00:19:10.0984 0740 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:19:10.0984 0740 HidIr - ok
00:19:10.0999 0740 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:19:11.0015 0740 hidserv - ok
00:19:11.0030 0740 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:19:11.0030 0740 HidUsb - ok
00:19:11.0093 0740 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:19:11.0124 0740 hkmsvc - ok
00:19:11.0171 0740 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:19:11.0171 0740 HomeGroupListener - ok
00:19:11.0186 0740 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:19:11.0186 0740 HomeGroupProvider - ok
00:19:11.0202 0740 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:19:11.0202 0740 HpSAMD - ok
00:19:11.0218 0740 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:19:11.0233 0740 HTTP - ok
00:19:11.0280 0740 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:19:11.0280 0740 hwpolicy - ok
00:19:11.0342 0740 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:19:11.0342 0740 i8042prt - ok
00:19:11.0405 0740 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:19:11.0405 0740 IAANTMON - ok
00:19:11.0436 0740 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:19:11.0436 0740 iaStor - ok
00:19:11.0483 0740 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:19:11.0483 0740 iaStorV - ok
00:19:11.0545 0740 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:19:11.0592 0740 idsvc - ok
00:19:11.0639 0740 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:19:11.0639 0740 iirsp - ok
00:19:11.0670 0740 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:19:11.0732 0740 IKEEXT - ok
00:19:11.0779 0740 [ 2A7CF87BE453241FE0BAA1C8651E7AA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:19:11.0795 0740 IntcAzAudAddService - ok
00:19:11.0810 0740 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:19:11.0810 0740 intelide - ok
00:19:11.0842 0740 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:19:11.0842 0740 intelppm - ok
00:19:11.0951 0740 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
00:19:11.0966 0740 IntuitUpdateService - ok
00:19:12.0107 0740 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
00:19:12.0107 0740 IntuitUpdateServiceV4 - ok
00:19:12.0122 0740 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:19:12.0122 0740 IPBusEnum - ok
00:19:12.0169 0740 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:19:12.0169 0740 IpFilterDriver - ok
00:19:12.0185 0740 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:19:12.0185 0740 IPMIDRV - ok
00:19:12.0200 0740 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:19:12.0200 0740 IPNAT - ok
00:19:12.0278 0740 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:19:12.0278 0740 iPod Service - ok
00:19:12.0310 0740 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:19:12.0310 0740 IRENUM - ok
00:19:12.0310 0740 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:19:12.0310 0740 isapnp - ok
00:19:12.0341 0740 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:19:12.0341 0740 iScsiPrt - ok
00:19:12.0372 0740 [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
00:19:12.0372 0740 JRAID - ok
00:19:12.0388 0740 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:19:12.0388 0740 kbdclass - ok
00:19:12.0403 0740 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:19:12.0403 0740 kbdhid - ok
00:19:12.0419 0740 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:19:12.0419 0740 KeyIso - ok
00:19:12.0466 0740 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:19:12.0466 0740 KSecDD - ok
00:19:12.0481 0740 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:19:12.0481 0740 KSecPkg - ok
00:19:12.0512 0740 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:19:12.0512 0740 ksthunk - ok
00:19:12.0544 0740 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:19:12.0544 0740 KtmRm - ok
00:19:12.0637 0740 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:19:12.0684 0740 LanmanServer - ok
00:19:12.0762 0740 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:19:12.0809 0740 LanmanWorkstation - ok
00:19:12.0856 0740 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:19:12.0856 0740 lltdio - ok
00:19:12.0887 0740 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:19:12.0902 0740 lltdsvc - ok
00:19:12.0918 0740 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:19:12.0918 0740 lmhosts - ok
00:19:12.0949 0740 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:19:12.0949 0740 LSI_FC - ok
00:19:12.0965 0740 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:19:12.0965 0740 LSI_SAS - ok
00:19:12.0980 0740 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:19:12.0980 0740 LSI_SAS2 - ok
00:19:12.0980 0740 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:19:12.0980 0740 LSI_SCSI - ok
00:19:12.0996 0740 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:19:12.0996 0740 luafv - ok
00:19:13.0090 0740 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:19:13.0105 0740 McMPFSvc - ok
00:19:13.0121 0740 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:19:13.0121 0740 mcmscsvc - ok
00:19:13.0136 0740 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:19:13.0152 0740 McNaiAnn - ok
00:19:13.0152 0740 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:19:13.0152 0740 McNASvc - ok
00:19:13.0292 0740 [ DD2321925274F2902929D76CE2B0EB45 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
00:19:13.0292 0740 McODS - ok
00:19:13.0308 0740 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:19:13.0308 0740 McOobeSv - ok
00:19:13.0308 0740 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:19:13.0308 0740 McProxy - ok
00:19:13.0417 0740 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
00:19:13.0417 0740 McShield - ok
00:19:13.0464 0740 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:19:13.0495 0740 Mcx2Svc - ok
00:19:13.0495 0740 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:19:13.0495 0740 megasas - ok
00:19:13.0542 0740 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:19:13.0542 0740 MegaSR - ok
00:19:13.0558 0740 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
00:19:13.0558 0740 mfeapfk - ok
00:19:13.0589 0740 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
00:19:13.0589 0740 mfeavfk - ok
00:19:13.0604 0740 mfeavfk01 - ok
00:19:13.0636 0740 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
00:19:13.0636 0740 mfefire - ok
00:19:13.0651 0740 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
00:19:13.0667 0740 mfefirek - ok
00:19:13.0682 0740 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
00:19:13.0682 0740 mfehidk - ok
00:19:13.0698 0740 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
00:19:13.0698 0740 mfenlfk - ok
00:19:13.0714 0740 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
00:19:13.0714 0740 mferkdet - ok
00:19:13.0776 0740 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
00:19:13.0776 0740 mfevtp - ok
00:19:13.0823 0740 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
00:19:13.0823 0740 mfewfpk - ok
00:19:13.0854 0740 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:19:13.0854 0740 MMCSS - ok
00:19:13.0854 0740 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:19:13.0870 0740 Modem - ok
00:19:13.0885 0740 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:19:13.0885 0740 monitor - ok
00:19:13.0963 0740 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:19:13.0963 0740 mouclass - ok
00:19:13.0979 0740 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:19:13.0979 0740 mouhid - ok
00:19:14.0041 0740 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:19:14.0041 0740 mountmgr - ok
00:19:14.0135 0740 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:19:14.0182 0740 MozillaMaintenance - ok
00:19:14.0228 0740 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:19:14.0228 0740 mpio - ok
00:19:14.0244 0740 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:19:14.0260 0740 mpsdrv - ok
00:19:14.0306 0740 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:19:14.0306 0740 MRxDAV - ok
00:19:14.0369 0740 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:19:14.0369 0740 mrxsmb - ok
00:19:14.0416 0740 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:19:14.0416 0740 mrxsmb10 - ok
00:19:14.0431 0740 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:19:14.0431 0740 mrxsmb20 - ok
00:19:14.0447 0740 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:19:14.0447 0740 msahci - ok
00:19:14.0462 0740 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:19:14.0462 0740 msdsm - ok
00:19:14.0478 0740 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:19:14.0494 0740 MSDTC - ok
00:19:14.0509 0740 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:19:14.0509 0740 Msfs - ok
00:19:14.0509 0740 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:19:14.0509 0740 mshidkmdf - ok
00:19:14.0525 0740 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:19:14.0525 0740 msisadrv - ok
00:19:14.0556 0740 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:19:14.0572 0740 MSiSCSI - ok
00:19:14.0572 0740 MSIServer - ok
00:19:14.0603 0740 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:19:14.0603 0740 MSKSSRV - ok
00:19:14.0618 0740 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:19:14.0618 0740 MSPCLOCK - ok
00:19:14.0634 0740 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:19:14.0634 0740 MSPQM - ok
00:19:14.0712 0740 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:19:14.0728 0740 MsRPC - ok
00:19:14.0743 0740 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:19:14.0743 0740 mssmbios - ok
00:19:14.0821 0740 MSSQLSERVER - ok
00:19:14.0977 0740 [ 04EF36EAF5C4DBCE424D81B76F1E9231 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:19:15.0040 0740 MSSQLServerADHelper100 - ok
00:19:15.0071 0740 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:19:15.0071 0740 MSTEE - ok
00:19:15.0086 0740 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:19:15.0086 0740 MTConfig - ok
00:19:15.0102 0740 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:19:15.0118 0740 Mup - ok
00:19:15.0180 0740 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:19:15.0180 0740 napagent - ok
00:19:15.0227 0740 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:19:15.0227 0740 NativeWifiP - ok
00:19:15.0258 0740 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:19:15.0274 0740 NDIS - ok
00:19:15.0274 0740 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:19:15.0274 0740 NdisCap - ok
00:19:15.0305 0740 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:19:15.0305 0740 NdisTapi - ok
00:19:15.0367 0740 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:19:15.0367 0740 Ndisuio - ok
00:19:15.0430 0740 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:19:15.0445 0740 NdisWan - ok
00:19:15.0492 0740 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:19:15.0492 0740 NDProxy - ok
00:19:15.0554 0740 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:19:15.0554 0740 NetBIOS - ok
00:19:15.0617 0740 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:19:15.0617 0740 NetBT - ok
00:19:15.0648 0740 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:19:15.0648 0740 Netlogon - ok
00:19:15.0679 0740 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:19:15.0679 0740 Netman - ok
00:19:15.0757 0740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:19:15.0804 0740 NetMsmqActivator - ok
00:19:15.0804 0740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:19:15.0804 0740 NetPipeActivator - ok
00:19:15.0851 0740 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:19:15.0851 0740 netprofm - ok
00:19:15.0866 0740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:19:15.0866 0740 NetTcpActivator - ok
00:19:15.0866 0740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:19:15.0866 0740 NetTcpPortSharing - ok
00:19:15.0882 0740 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:19:15.0898 0740 nfrd960 - ok
00:19:15.0944 0740 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:19:15.0960 0740 NlaSvc - ok
00:19:15.0960 0740 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:19:15.0960 0740 Npfs - ok
00:19:15.0976 0740 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:19:15.0976 0740 nsi - ok
00:19:15.0991 0740 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:19:15.0991 0740 nsiproxy - ok
00:19:16.0069 0740 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:19:16.0100 0740 Ntfs - ok
00:19:16.0116 0740 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:19:16.0116 0740 Null - ok
00:19:16.0147 0740 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:19:16.0147 0740 nvraid - ok
00:19:16.0210 0740 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:19:16.0210 0740 nvstor - ok
00:19:16.0272 0740 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:19:16.0272 0740 nv_agp - ok
00:19:16.0334 0740 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:19:16.0334 0740 ohci1394 - ok
00:19:16.0397 0740 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:19:16.0459 0740 ose - ok
00:19:16.0662 0740 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:19:16.0756 0740 osppsvc - ok
00:19:16.0849 0740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:19:16.0849 0740 p2pimsvc - ok
00:19:16.0880 0740 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:19:16.0896 0740 p2psvc - ok
00:19:17.0021 0740 [ 234FD0D9A5246DF17E942AD848BA6750 ] PaceDDNT C:\Program Files (x86)\Common Files\Paceart Shared\PaceDDNT.sys
00:19:17.0021 0740 PaceDDNT - ok
00:19:17.0052 0740 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:19:17.0052 0740 Parport - ok
00:19:17.0114 0740 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:19:17.0114 0740 partmgr - ok
00:19:17.0177 0740 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:19:17.0177 0740 PcaSvc - ok
00:19:17.0239 0740 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:19:17.0239 0740 pci - ok
00:19:17.0255 0740 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:19:17.0255 0740 pciide - ok
00:19:17.0270 0740 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:19:17.0270 0740 pcmcia - ok
00:19:17.0270 0740 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:19:17.0270 0740 pcw - ok
00:19:17.0302 0740 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:19:17.0302 0740 PEAUTH - ok
00:19:17.0333 0740 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:19:17.0348 0740 PeerDistSvc - ok
00:19:17.0411 0740 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:19:17.0411 0740 PerfHost - ok
00:19:17.0504 0740 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:19:17.0504 0740 pla - ok
00:19:17.0582 0740 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:19:17.0598 0740 PlugPlay - ok
00:19:17.0598 0740 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:19:17.0614 0740 PNRPAutoReg - ok
00:19:17.0629 0740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:19:17.0629 0740 PNRPsvc - ok
00:19:17.0645 0740 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:19:17.0645 0740 PolicyAgent - ok
00:19:17.0660 0740 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:19:17.0660 0740 Power - ok
00:19:17.0738 0740 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:19:17.0738 0740 PptpMiniport - ok
00:19:17.0754 0740 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:19:17.0754 0740 Processor - ok
00:19:17.0785 0740 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
00:19:17.0785 0740 ProfSvc - ok
00:19:17.0801 0740 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:19:17.0801 0740 ProtectedStorage - ok
00:19:17.0848 0740 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:19:17.0848 0740 Psched - ok
00:19:17.0863 0740 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
00:19:17.0879 0740 PxHlpa64 - ok
00:19:17.0926 0740 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:19:17.0926 0740 ql2300 - ok
00:19:17.0941 0740 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:19:17.0957 0740 ql40xx - ok
00:19:17.0957 0740 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:19:17.0972 0740 QWAVE - ok
00:19:17.0972 0740 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:19:17.0972 0740 QWAVEdrv - ok
00:19:17.0988 0740 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:19:17.0988 0740 RasAcd - ok
00:19:18.0035 0740 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:19:18.0035 0740 RasAgileVpn - ok
00:19:18.0050 0740 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:19:18.0066 0740 RasAuto - ok
00:19:18.0066 0740 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:19:18.0066 0740 Rasl2tp - ok
00:19:18.0097 0740 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:19:18.0144 0740 RasMan - ok
00:19:18.0175 0740 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:19:18.0175 0740 RasPppoe - ok
00:19:18.0238 0740 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:19:18.0238 0740 RasSstp - ok
00:19:18.0284 0740 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:19:18.0284 0740 rdbss - ok
00:19:18.0300 0740 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:19:18.0300 0740 rdpbus - ok
00:19:18.0300 0740 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:19:18.0300 0740 RDPCDD - ok
00:19:18.0378 0740 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:19:18.0378 0740 RDPDR - ok
00:19:18.0394 0740 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:19:18.0394 0740 RDPENCDD - ok
00:19:18.0409 0740 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:19:18.0409 0740 RDPREFMP - ok
00:19:18.0456 0740 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:19:18.0456 0740 RDPWD - ok
00:19:18.0518 0740 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:19:18.0518 0740 rdyboost - ok
00:19:18.0534 0740 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:19:18.0550 0740 RemoteAccess - ok
00:19:18.0565 0740 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:19:18.0565 0740 RemoteRegistry - ok
00:19:18.0628 0740 [ E0BEF062C8950B698E3D79DF432AD250 ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
00:19:18.0690 0740 RoxLiveShare10 - ok
00:19:18.0721 0740 [ 8475CEF8C9C7DE0918C61235ED06606A ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
00:19:18.0799 0740 RoxMediaDB10 - ok
00:19:18.0924 0740 [ FF578453D3B3ADAAB22D7151D7F9E592 ] RoxMediaDB12 C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
00:19:18.0924 0740 RoxMediaDB12 - ok
00:19:18.0940 0740 [ 5AB029B4CF15E5FD7BBA73694856C477 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
00:19:19.0002 0740 RoxWatch10 - ok
00:19:19.0065 0740 [ 71B38B8DF1A9B55FC0FB64958CC7B9DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
00:19:19.0127 0740 RoxWatch12 - ok
00:19:19.0158 0740 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:19:19.0174 0740 RpcEptMapper - ok
00:19:19.0236 0740 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:19:19.0236 0740 RpcLocator - ok
00:19:19.0314 0740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:19:19.0314 0740 RpcSs - ok
00:19:19.0377 0740 [ C606C5F712A3761896CEFFA4AF6B1268 ] RsFx0151 C:\Windows\system32\DRIVERS\RsFx0151.sys
00:19:19.0377 0740 RsFx0151 - ok
00:19:19.0392 0740 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:19:19.0392 0740 rspndr - ok
00:19:19.0423 0740 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
00:19:19.0423 0740 RSUSBSTOR - ok
00:19:19.0439 0740 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:19:19.0439 0740 RTL8167 - ok
00:19:19.0501 0740 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:19:19.0501 0740 s3cap - ok
00:19:19.0548 0740 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:19:19.0548 0740 SamSs - ok
00:19:19.0564 0740 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:19:19.0564 0740 sbp2port - ok
00:19:19.0579 0740 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:19:19.0579 0740 SCardSvr - ok
00:19:19.0642 0740 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:19:19.0642 0740 scfilter - ok
00:19:19.0704 0740 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:19:19.0720 0740 Schedule - ok
00:19:19.0782 0740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:19:19.0782 0740 SCPolicySvc - ok
00:19:19.0829 0740 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:19:19.0876 0740 SDRSVC - ok
00:19:19.0907 0740 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:19:19.0907 0740 secdrv - ok
00:19:19.0969 0740 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:19:20.0001 0740 seclogon - ok
00:19:20.0110 0740 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:19:20.0110 0740 SENS - ok
00:19:20.0125 0740 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:19:20.0125 0740 SensrSvc - ok
00:19:20.0157 0740 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:19:20.0157 0740 Serenum - ok
00:19:20.0188 0740 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:19:20.0188 0740 Serial - ok
00:19:20.0235 0740 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:19:20.0235 0740 sermouse - ok
00:19:20.0297 0740 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:19:20.0344 0740 SessionEnv - ok
00:19:20.0406 0740 SessionLauncher - ok
00:19:20.0422 0740 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:19:20.0422 0740 sffdisk - ok
00:19:20.0422 0740 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:19:20.0422 0740 sffp_mmc - ok
00:19:20.0437 0740 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:19:20.0437 0740 sffp_sd - ok
00:19:20.0453 0740 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:19:20.0453 0740 sfloppy - ok
00:19:20.0531 0740 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
00:19:20.0547 0740 SftService - ok
00:19:20.0625 0740 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:19:20.0625 0740 ShellHWDetection - ok
00:19:20.0640 0740 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:19:20.0640 0740 SiSRaid2 - ok
00:19:20.0671 0740 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:19:20.0671 0740 SiSRaid4 - ok
00:19:20.0703 0740 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:19:20.0703 0740 Smb - ok
00:19:20.0749 0740 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:19:20.0765 0740 SNMPTRAP - ok
00:19:20.0765 0740 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:19:20.0765 0740 spldr - ok
00:19:20.0781 0740 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
00:19:20.0796 0740 Spooler - ok
00:19:20.0905 0740 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:19:20.0983 0740 sppsvc - ok
00:19:20.0999 0740 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:19:20.0999 0740 sppuinotify - ok
00:19:21.0030 0740 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
00:19:21.0030 0740 sprtsvc_DellSupportCenter - ok
00:19:21.0155 0740 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:19:21.0217 0740 SQLBrowser - ok
00:19:21.0280 0740 [ 3420E0482AD95120B471B7328A8D7D08 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
00:19:21.0342 0740 SQLSERVERAGENT - ok
00:19:21.0420 0740 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:19:21.0467 0740 SQLWriter - ok
00:19:21.0514 0740 [ 4A94298361542BECCC186A9ECEC5DF4C ] SQTECH913D C:\Windows\system32\Drivers\Capt913D.sys
00:19:21.0514 0740 SQTECH913D - ok
00:19:21.0576 0740 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:19:21.0576 0740 srv - ok
00:19:21.0639 0740 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:19:21.0639 0740 srv2 - ok
00:19:21.0654 0740 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:19:21.0654 0740 srvnet - ok
00:19:21.0685 0740 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:19:21.0701 0740 SSDPSRV - ok
00:19:21.0701 0740 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:19:21.0701 0740 SstpSvc - ok
00:19:21.0732 0740 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:19:21.0732 0740 stexstor - ok
00:19:21.0795 0740 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:19:21.0841 0740 stisvc - ok
00:19:21.0873 0740 [ 5889618EEBD7D2FF13C30D73FCFF8CD0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
00:19:21.0919 0740 stllssvr - ok
00:19:21.0966 0740 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:19:21.0966 0740 storflt - ok
00:19:21.0982 0740 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
00:19:21.0982 0740 StorSvc - ok
00:19:21.0997 0740 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:19:21.0997 0740 storvsc - ok
00:19:22.0013 0740 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:19:22.0013 0740 swenum - ok
00:19:22.0029 0740 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:19:22.0044 0740 swprv - ok
00:19:22.0122 0740 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:19:22.0153 0740 SysMain - ok
00:19:22.0216 0740 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:19:22.0247 0740 TabletInputService - ok
00:19:22.0309 0740 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:19:22.0341 0740 TapiSrv - ok
00:19:22.0372 0740 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:19:22.0372 0740 TBS - ok
00:19:22.0450 0740 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:19:22.0481 0740 Tcpip - ok
00:19:22.0528 0740 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:19:22.0528 0740 TCPIP6 - ok
00:19:22.0590 0740 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:19:22.0590 0740 tcpipreg - ok
00:19:22.0606 0740 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:19:22.0606 0740 TDPIPE - ok
00:19:22.0668 0740 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:19:22.0668 0740 TDTCP - ok
00:19:22.0684 0740 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:19:22.0684 0740 tdx - ok
00:19:22.0699 0740 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:19:22.0699 0740 TermDD - ok
00:19:22.0731 0740 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:19:22.0731 0740 TermService - ok
00:19:22.0746 0740 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:19:22.0762 0740 Themes - ok
00:19:22.0777 0740 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:19:22.0777 0740 THREADORDER - ok
00:19:22.0777 0740 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:19:22.0793 0740 TrkWks - ok
00:19:22.0824 0740 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:19:22.0871 0740 TrustedInstaller - ok
00:19:22.0918 0740 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:19:22.0918 0740 tssecsrv - ok
00:19:22.0949 0740 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:19:22.0949 0740 TsUsbFlt - ok
00:19:23.0027 0740 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:19:23.0027 0740 tunnel - ok
00:19:23.0089 0740 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:19:23.0089 0740 uagp35 - ok
00:19:23.0121 0740 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:19:23.0121 0740 udfs - ok
00:19:23.0152 0740 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:19:23.0167 0740 UI0Detect - ok
00:19:23.0183 0740 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:19:23.0183 0740 uliagpkx - ok
00:19:23.0183 0740 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:19:23.0183 0740 umbus - ok
00:19:23.0214 0740 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:19:23.0214 0740 UmPass - ok
00:19:23.0230 0740 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:19:23.0230 0740 UmRdpService - ok
00:19:23.0261 0740 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:19:23.0261 0740 upnphost - ok
00:19:23.0308 0740 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:19:23.0308 0740 USBAAPL64 - ok
00:19:23.0386 0740 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:19:23.0386 0740 usbccgp - ok
00:19:23.0495 0740 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:19:23.0495 0740 usbcir - ok
00:19:23.0542 0740 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:19:23.0542 0740 usbehci - ok
00:19:23.0557 0740 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:19:23.0557 0740 usbhub - ok
00:19:23.0573 0740 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:19:23.0573 0740 usbohci - ok
00:19:23.0620 0740 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:19:23.0620 0740 usbprint - ok
00:19:23.0635 0740 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:19:23.0635 0740 USBSTOR - ok
00:19:23.0651 0740 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:19:23.0651 0740 usbuhci - ok
00:19:23.0667 0740 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:19:23.0667 0740 UxSms - ok
00:19:23.0682 0740 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:19:23.0682 0740 VaultSvc - ok
00:19:23.0729 0740 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:19:23.0745 0740 vdrvroot - ok
00:19:23.0791 0740 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:19:23.0838 0740 vds - ok
00:19:23.0901 0740 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:19:23.0901 0740 vga - ok
00:19:23.0916 0740 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:19:23.0916 0740 VgaSave - ok
00:19:23.0947 0740 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:19:23.0947 0740 vhdmp - ok
00:19:23.0963 0740 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:19:23.0963 0740 viaide - ok
00:19:23.0979 0740 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:19:23.0979 0740 vmbus - ok
00:19:24.0010 0740 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:19:24.0010 0740 VMBusHID - ok
00:19:24.0025 0740 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:19:24.0025 0740 volmgr - ok
00:19:24.0088 0740 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:19:24.0088 0740 volmgrx - ok
00:19:24.0103 0740 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:19:24.0119 0740 volsnap - ok
00:19:24.0135 0740 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
00:19:24.0135 0740 vpcbus - ok
00:19:24.0213 0740 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
00:19:24.0213 0740 vpcnfltr - ok
00:19:24.0213 0740 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
00:19:24.0213 0740 vpcusb - ok
00:19:24.0291 0740 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
00:19:24.0291 0740 vpcvmm - ok
00:19:24.0322 0740 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:19:24.0322 0740 vsmraid - ok
00:19:24.0400 0740 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:19:24.0493 0740 VSS - ok
00:19:24.0556 0740 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:19:24.0556 0740 vwifibus - ok
00:19:24.0587 0740 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:19:24.0587 0740 W32Time - ok
00:19:24.0665 0740 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
00:19:24.0712 0740 W3SVC - ok
00:19:24.0774 0740 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:19:24.0774 0740 WacomPen - ok
00:19:24.0868 0740 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:19:24.0868 0740 WANARP - ok
00:19:24.0868 0740 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:19:24.0868 0740 Wanarpv6 - ok
00:19:24.0883 0740 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
00:19:24.0899 0740 WAS - ok
00:19:24.0961 0740 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:19:25.0024 0740 WatAdminSvc - ok
00:19:25.0086 0740 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:19:25.0149 0740 wbengine - ok
00:19:25.0164 0740 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:19:25.0164 0740 WbioSrvc - ok
00:19:25.0227 0740 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:19:25.0227 0740 wcncsvc - ok
00:19:25.0242 0740 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:19:25.0242 0740 WcsPlugInService - ok
00:19:25.0273 0740 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:19:25.0273 0740 Wd - ok
00:19:25.0305 0740 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:19:25.0320 0740 Wdf01000 - ok
00:19:25.0336 0740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:19:25.0351 0740 WdiServiceHost - ok
00:19:25.0351 0740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:19:25.0351 0740 WdiSystemHost - ok
00:19:25.0367 0740 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:19:25.0414 0740 WebClient - ok
00:19:25.0429 0740 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:19:25.0429 0740 Wecsvc - ok
00:19:25.0445 0740 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:19:25.0445 0740 wercplsupport - ok
00:19:25.0476 0740 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:19:25.0476 0740 WerSvc - ok
00:19:25.0492 0740 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:19:25.0492 0740 WfpLwf - ok
00:19:25.0539 0740 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
00:19:25.0539 0740 WimFltr - ok
00:19:25.0554 0740 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:19:25.0554 0740 WIMMount - ok
00:19:25.0570 0740 WinHttpAutoProxySvc - ok
00:19:25.0617 0740 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:19:25.0632 0740 Winmgmt - ok
00:19:25.0710 0740 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:19:25.0773 0740 WinRM - ok
00:19:25.0897 0740 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:19:25.0897 0740 WinUsb - ok
00:19:25.0929 0740 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:19:25.0929 0740 Wlansvc - ok
00:19:25.0944 0740 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:19:25.0944 0740 WmiAcpi - ok
00:19:25.0960 0740 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:19:25.0960 0740 wmiApSrv - ok
00:19:25.0991 0740 WMPNetworkSvc - ok
00:19:26.0022 0740 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:19:26.0022 0740 WPCSvc - ok
00:19:26.0085 0740 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:19:26.0131 0740 WPDBusEnum - ok
00:19:26.0163 0740 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:19:26.0163 0740 ws2ifsl - ok
00:19:26.0163 0740 WSearch - ok
00:19:26.0209 0740 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:19:26.0209 0740 WudfPf - ok
00:19:26.0256 0740 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:19:26.0256 0740 WUDFRd - ok
00:19:26.0319 0740 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:19:26.0365 0740 wudfsvc - ok
00:19:26.0381 0740 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:19:26.0381 0740 WwanSvc - ok
00:19:26.0381 0740 ================ Scan global ===============================
00:19:26.0397 0740 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:19:26.0443 0740 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:19:26.0459 0740 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:19:26.0475 0740 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:19:26.0521 0740 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:19:26.0537 0740 [Global] - ok
00:19:26.0537 0740 ================ Scan MBR ==================================
00:19:26.0568 0740 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
00:19:26.0833 0740 \Device\Harddisk0\DR0 - ok
00:19:26.0865 0740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
00:19:26.0865 0740 \Device\Harddisk1\DR1 - ok
00:19:26.0865 0740 ================ Scan VBR ==================================
00:19:26.0865 0740 [ 6EDFAF3B1D3B2847D031D7F213F8D12A ] \Device\Harddisk0\DR0\Partition1
00:19:26.0865 0740 \Device\Harddisk0\DR0\Partition1 - ok
00:19:26.0896 0740 [ BF10C43BBFB41C04FD927DCD5982F7FB ] \Device\Harddisk0\DR0\Partition2
00:19:26.0896 0740 \Device\Harddisk0\DR0\Partition2 - ok
00:19:26.0896 0740 [ 86C2D36F7F0784083C0FE065D5420009 ] \Device\Harddisk1\DR1\Partition1
00:19:26.0896 0740 \Device\Harddisk1\DR1\Partition1 - ok
00:19:26.0896 0740 ============================================================
00:19:26.0896 0740 Scan finished
00:19:26.0896 0740 ============================================================
00:19:26.0911 7656 Detected object count: 0
00:19:26.0911 7656 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   571bytes   0 downloads


#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 25 August 2012 - 04:18 AM

Hello,

You're welcome. Have a great weekend too. :)

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 Steven_stumped

Steven_stumped
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 26 August 2012 - 09:34 AM

Conspire,

ComboFix.txt is posted below. It persisted in saying McAfee was enabled despite McAfee Security Center 11.0 displaying "Real Time Scanning"=OFF.

Thanks for looking at this!
-Steven

Attached Files



#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 26 August 2012 - 10:27 AM

Hi Steven,

As long as CF can run unhindered then it should be ok. Not finding much on CF log though since this is the 3rd run. Have to dig deeper before exploring at other causes.

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 Steven_stumped

Steven_stumped
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 26 August 2012 - 10:43 PM

Conspire,
I've positive news to report and an additional log from a previous ComboFix run. (I'll follow through on your latest recommendation but wanted to respond immediately to your mention it was the 3rd run where the log wasn't so interesting).

POSITIVE NEWS: McAfee Firewall is now on
PREVIOUS COMBOFIX RUN: See attached log and explaination below
-Steven

...MORE
1st Time I ran ComboFix:
Series of errors complaining "Cannot find NIRKMD" before and after each series of 50==>Accidentally closed CMD Prompt after about 3 of 50. No apparent harm. I forgot to check for a log.

2nd Time running ComboFix:
Attaching Log "ComboFix_1st attempt.txt". I intended to uninstall it by typing "ComboFix /Uninstall" but it ran anyway, completed, and I'm attaching that log in this post. Based upon http://www.bleepingcomputer.com/forums/topic401248.html I was following reasonable sounding steps to address "Cannot find NIRMD" error" which post attributed to McAfee probably compromising it. I ran the uninstall which subsequently seemed to complete the normal run and created a log, then I deleted the executable and downloaded it again, finally running it in safe mode successfully and posting that log in my previous reply. Could that first completed run have fixed something (explaining why my firewall now works)?

Attached Files



#13 Steven_stumped

Steven_stumped
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 26 August 2012 - 11:10 PM

FRST.txt attached

Attached Files

  • Attached File  FRST.txt   33.26KB   1 downloads


#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 26 August 2012 - 11:13 PM

Hi,

Thanks for the detailed explanation. It could have been other causes which happened coincidentally. Based on the first log, they don't seem to be the ones that disabled the firewall.

Do you have any other symptoms left to be addressed? Such as redirect etc
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 Steven_stumped

Steven_stumped
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 27 August 2012 - 12:38 AM

Hi Conspire,

The only other "symptom" I find is a McAfee Security Report showing 841 risky connections blocked. It successfully blocked everything it deemed to be risky. Is that a large number for running less than a day?

Do you think I may not have a virus after all, and what would you advise as my next step? (e.g. If McAfee is blocking "risky connections" is that a sign that something is still operating in the background, and if so, does the firewall neutralize the threat so that I don't need to keep on looking for it?)
-Steven




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users