Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected computer - Newsfudge Virus?


  • Please log in to reply
9 replies to this topic

#1 popdog

popdog

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 30 April 2013 - 06:42 PM

Hi

 

Some months ago my web browser started redirecting to a 'Newsfudge' website.  I thought this was odd, but after a couple of days, the computer failed to load correctly.  The computer would boot as normal until I got to the login screen, yet when I entered my password the computer froze on the 'Welcome' screen.  Being busy I left the computer in the desk and having been meaning to get it fixed - hence there's a delay between when this occurred and this current post.  

 

It still loads in safe mode, however I can't get it functioning normally.  I run Windows 7 Home Premium.  

 

I think that's about all the info I can supply right now, obviously any help is greatly appreciated!

 

Thanks

 

popdog



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 30 April 2013 - 07:18 PM

Hello popdog. this can be tricky to get out. You should first backup important files/


Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.




Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).




Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


    How is it now?

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 popdog

popdog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 03 June 2013 - 02:31 AM

Hi Boopme

 

Thanks for your response.  Sorry about the delay - things have been flat out.  I've followed your instructions and here are the logs:

 

12:46:33.0374 2004  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:46:34.0139 2004  ============================================================
12:46:34.0139 2004  Current date / time: 2013/06/03 12:46:34.0139
12:46:34.0139 2004  SystemInfo:
12:46:34.0139 2004  
12:46:34.0139 2004  OS Version: 6.1.7600 ServicePack: 0.0
12:46:34.0139 2004  Product type: Workstation
12:46:34.0144 2004  ComputerName: SLANEY-PC
12:46:34.0144 2004  UserName: slaney
12:46:34.0144 2004  Windows directory: C:\Windows
12:46:34.0144 2004  System windows directory: C:\Windows
12:46:34.0144 2004  Running under WOW64
12:46:34.0144 2004  Processor architecture: Intel x64
12:46:34.0144 2004  Number of processors: 2
12:46:34.0144 2004  Page size: 0x1000
12:46:34.0144 2004  Boot type: Safe boot with network
12:46:34.0144 2004  ============================================================
12:46:34.0744 2004  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:46:34.0749 2004  ============================================================
12:46:34.0749 2004  \Device\Harddisk0\DR0:
12:46:34.0754 2004  MBR partitions:
12:46:34.0754 2004  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
12:46:34.0754 2004  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
12:46:34.0754 2004  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88EA800, BlocksNum 0x1CB43800
12:46:34.0754 2004  ============================================================
12:46:34.0784 2004  C: <-> \Device\Harddisk0\DR0\Partition2
12:46:34.0819 2004  D: <-> \Device\Harddisk0\DR0\Partition3
12:46:34.0819 2004  ============================================================
12:46:34.0819 2004  Initialize success
12:46:34.0819 2004  ============================================================
12:47:05.0109 1920  ============================================================
12:47:05.0109 1920  Scan started
12:47:05.0109 1920  Mode: Manual; TDLFS;
12:47:05.0109 1920  ============================================================
12:47:05.0909 1920  ================ Scan system memory ========================
12:47:05.0909 1920  System memory - ok
12:47:05.0914 1920  ================ Scan services =============================
12:47:06.0059 1920  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:47:06.0064 1920  1394ohci - ok
12:47:06.0144 1920  [ D67C517B4EEC71B975CC913BA2625C54 ] AcfXAudioService C:\Windows\SysWOW64\ACFXAU64.dll
12:47:06.0149 1920  AcfXAudioService - ok
12:47:06.0189 1920  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
12:47:06.0194 1920  ACPI - ok
12:47:06.0229 1920  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
12:47:06.0229 1920  AcpiPmi - ok
12:47:06.0294 1920  [ 5E1A953C6472E7BB644892A4D0DF5E72 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:47:06.0299 1920  AdobeFlashPlayerUpdateSvc - ok
12:47:06.0344 1920  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:47:06.0354 1920  adp94xx - ok
12:47:06.0394 1920  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:47:06.0399 1920  adpahci - ok
12:47:06.0429 1920  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:47:06.0429 1920  adpu320 - ok
12:47:06.0474 1920  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:47:06.0484 1920  AeLookupSvc - ok
12:47:06.0534 1920  [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
12:47:06.0539 1920  AERTFilters - ok
12:47:06.0594 1920  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
12:47:06.0604 1920  AFD - ok
12:47:06.0639 1920  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
12:47:06.0644 1920  agp440 - ok
12:47:06.0674 1920  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:47:06.0674 1920  ALG - ok
12:47:06.0709 1920  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
12:47:06.0709 1920  aliide - ok
12:47:06.0739 1920  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
12:47:06.0739 1920  amdide - ok
12:47:06.0769 1920  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:47:06.0774 1920  AmdK8 - ok
12:47:06.0804 1920  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:47:06.0804 1920  AmdPPM - ok
12:47:06.0849 1920  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:47:06.0849 1920  amdsata - ok
12:47:06.0879 1920  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:47:06.0884 1920  amdsbs - ok
12:47:06.0899 1920  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:47:06.0899 1920  amdxata - ok
12:47:06.0969 1920  [ 03FBB7C5EA4EF153F10282614B9771CB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
12:47:06.0984 1920  AppHostSvc - ok
12:47:07.0029 1920  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
12:47:07.0029 1920  AppID - ok
12:47:07.0059 1920  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:47:07.0074 1920  AppIDSvc - ok
12:47:07.0084 1920  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
12:47:07.0089 1920  Appinfo - ok
12:47:07.0164 1920  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:47:07.0169 1920  Apple Mobile Device - ok
12:47:07.0204 1920  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:47:07.0204 1920  arc - ok
12:47:07.0219 1920  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:47:07.0224 1920  arcsas - ok
12:47:07.0274 1920  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:47:07.0279 1920  AsyncMac - ok
12:47:07.0319 1920  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
12:47:07.0319 1920  atapi - ok
12:47:07.0364 1920  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:47:07.0389 1920  AudioEndpointBuilder - ok
12:47:07.0399 1920  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:47:07.0409 1920  AudioSrv - ok
12:47:07.0434 1920  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:47:07.0434 1920  AxInstSV - ok
12:47:07.0464 1920  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:47:07.0469 1920  b06bdrv - ok
12:47:07.0494 1920  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:47:07.0499 1920  b57nd60a - ok
12:47:07.0574 1920  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:47:07.0579 1920  BBSvc - ok
12:47:07.0624 1920  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:47:07.0629 1920  BBUpdate - ok
12:47:07.0654 1920  [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
12:47:07.0654 1920  BCM42RLY - ok
12:47:07.0729 1920  [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
12:47:07.0754 1920  BCM43XX - ok
12:47:07.0814 1920  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:47:07.0814 1920  BDESVC - ok
12:47:07.0829 1920  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:47:07.0829 1920  Beep - ok
12:47:07.0869 1920  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
12:47:07.0979 1920  BITS - ok
12:47:08.0014 1920  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:47:08.0014 1920  blbdrive - ok
12:47:08.0054 1920  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:47:08.0069 1920  Bonjour Service - ok
12:47:08.0114 1920  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:47:08.0114 1920  bowser - ok
12:47:08.0149 1920  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:47:08.0149 1920  BrFiltLo - ok
12:47:08.0159 1920  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:47:08.0164 1920  BrFiltUp - ok
12:47:08.0214 1920  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
12:47:08.0219 1920  Browser - ok
12:47:08.0239 1920  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:47:08.0244 1920  Brserid - ok
12:47:08.0269 1920  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:47:08.0269 1920  BrSerWdm - ok
12:47:08.0299 1920  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:47:08.0299 1920  BrUsbMdm - ok
12:47:08.0314 1920  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:47:08.0319 1920  BrUsbSer - ok
12:47:08.0374 1920  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:47:08.0374 1920  BthEnum - ok
12:47:08.0384 1920  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:47:08.0384 1920  BTHMODEM - ok
12:47:08.0409 1920  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:47:08.0414 1920  BthPan - ok
12:47:08.0454 1920  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
12:47:08.0469 1920  BTHPORT - ok
12:47:08.0504 1920  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:47:08.0504 1920  bthserv - ok
12:47:08.0539 1920  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
12:47:08.0539 1920  BTHUSB - ok
12:47:08.0564 1920  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
12:47:08.0564 1920  btwaudio - ok
12:47:08.0599 1920  [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
12:47:08.0604 1920  btwavdt - ok
12:47:08.0679 1920  [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:47:08.0719 1920  btwdins - ok
12:47:08.0739 1920  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
12:47:08.0739 1920  btwl2cap - ok
12:47:08.0749 1920  [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
12:47:08.0754 1920  btwrchid - ok
12:47:08.0769 1920  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:47:08.0774 1920  cdfs - ok
12:47:08.0804 1920  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:47:08.0809 1920  cdrom - ok
12:47:08.0839 1920  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:47:08.0839 1920  CertPropSvc - ok
12:47:08.0864 1920  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:47:08.0864 1920  circlass - ok
12:47:08.0889 1920  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:47:08.0899 1920  CLFS - ok
12:47:08.0979 1920  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:47:08.0984 1920  clr_optimization_v2.0.50727_32 - ok
12:47:09.0034 1920  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:47:09.0034 1920  clr_optimization_v2.0.50727_64 - ok
12:47:09.0099 1920  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:47:09.0144 1920  clr_optimization_v4.0.30319_32 - ok
12:47:09.0179 1920  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:47:09.0179 1920  clr_optimization_v4.0.30319_64 - ok
12:47:09.0209 1920  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:47:09.0209 1920  CmBatt - ok
12:47:09.0259 1920  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
12:47:09.0259 1920  cmdide - ok
12:47:09.0299 1920  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:47:09.0314 1920  CNG - ok
12:47:09.0334 1920  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:47:09.0334 1920  Compbatt - ok
12:47:09.0359 1920  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:47:09.0359 1920  CompositeBus - ok
12:47:09.0374 1920  COMSysApp - ok
12:47:09.0409 1920  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:47:09.0414 1920  crcdisk - ok
12:47:09.0454 1920  [ F02786B66375292E58C8777082D4396D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:47:09.0459 1920  CryptSvc - ok
12:47:09.0494 1920  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:47:09.0494 1920  CtClsFlt - ok
12:47:09.0534 1920  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:47:09.0549 1920  DcomLaunch - ok
12:47:09.0594 1920  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:47:09.0599 1920  defragsvc - ok
12:47:09.0639 1920  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:47:09.0639 1920  DfsC - ok
12:47:09.0659 1920  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:47:09.0664 1920  Dhcp - ok
12:47:09.0679 1920  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:47:09.0679 1920  discache - ok
12:47:09.0719 1920  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:47:09.0719 1920  Disk - ok
12:47:09.0749 1920  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:47:09.0749 1920  Dnscache - ok
12:47:09.0804 1920  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
12:47:09.0804 1920  DockLoginService - ok
12:47:09.0824 1920  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
12:47:09.0829 1920  dot3svc - ok
12:47:09.0864 1920  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:47:09.0869 1920  Dot4 - ok
12:47:09.0889 1920  [ 85135AD27E79B689335C08167D917CDE ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:47:09.0889 1920  Dot4Print - ok
12:47:09.0909 1920  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:47:09.0909 1920  dot4usb - ok
12:47:09.0919 1920  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
12:47:09.0919 1920  DPS - ok
12:47:09.0949 1920  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:47:09.0954 1920  drmkaud - ok
12:47:09.0999 1920  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:47:10.0034 1920  DXGKrnl - ok
12:47:10.0069 1920  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:47:10.0069 1920  EapHost - ok
12:47:10.0154 1920  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:47:10.0239 1920  ebdrv - ok
12:47:10.0284 1920  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
12:47:10.0284 1920  EFS - ok
12:47:10.0349 1920  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:47:10.0364 1920  ehRecvr - ok
12:47:10.0404 1920  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:47:10.0404 1920  ehSched - ok
12:47:10.0439 1920  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:47:10.0454 1920  elxstor - ok
12:47:10.0499 1920  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
12:47:10.0499 1920  ErrDev - ok
12:47:10.0549 1920  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:47:10.0564 1920  EventSystem - ok
12:47:10.0614 1920  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:47:10.0614 1920  exfat - ok
12:47:10.0634 1920  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:47:10.0639 1920  fastfat - ok
12:47:10.0674 1920  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
12:47:10.0689 1920  Fax - ok
12:47:10.0739 1920  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:47:10.0739 1920  fdc - ok
12:47:10.0764 1920  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:47:10.0764 1920  fdPHost - ok
12:47:10.0774 1920  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:47:10.0779 1920  FDResPub - ok
12:47:10.0794 1920  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:47:10.0794 1920  FileInfo - ok
12:47:10.0814 1920  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:47:10.0814 1920  Filetrace - ok
12:47:10.0834 1920  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:47:10.0834 1920  flpydisk - ok
12:47:10.0854 1920  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:47:10.0859 1920  FltMgr - ok
12:47:10.0909 1920  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
12:47:10.0939 1920  FontCache - ok
12:47:10.0984 1920  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:47:10.0984 1920  FontCache3.0.0.0 - ok
12:47:10.0994 1920  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:47:10.0994 1920  FsDepends - ok
12:47:11.0034 1920  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:47:11.0034 1920  Fs_Rec - ok
12:47:11.0069 1920  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:47:11.0074 1920  fvevol - ok
12:47:11.0089 1920  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:47:11.0089 1920  gagp30kx - ok
12:47:11.0119 1920  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:47:11.0119 1920  GEARAspiWDM - ok
12:47:11.0164 1920  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:47:11.0164 1920  GoToAssist - ok
12:47:11.0199 1920  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
12:47:11.0224 1920  gpsvc - ok
12:47:11.0239 1920  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:47:11.0239 1920  hcw85cir - ok
12:47:11.0279 1920  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:47:11.0284 1920  HdAudAddService - ok
12:47:11.0314 1920  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:47:11.0314 1920  HDAudBus - ok
12:47:11.0334 1920  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:47:11.0339 1920  HidBatt - ok
12:47:11.0359 1920  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:47:11.0359 1920  HidBth - ok
12:47:11.0384 1920  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:47:11.0384 1920  HidIr - ok
12:47:11.0404 1920  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:47:11.0404 1920  hidserv - ok
12:47:11.0449 1920  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:47:11.0449 1920  HidUsb - ok
12:47:11.0474 1920  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:47:11.0479 1920  hkmsvc - ok
12:47:11.0509 1920  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:47:11.0514 1920  HomeGroupListener - ok
12:47:11.0539 1920  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:47:11.0544 1920  HomeGroupProvider - ok
12:47:11.0674 1920  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:47:11.0679 1920  hpqcxs08 - ok
12:47:11.0689 1920  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:47:11.0694 1920  hpqddsvc - ok
12:47:11.0734 1920  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
12:47:11.0734 1920  HpSAMD - ok
12:47:11.0769 1920  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:47:11.0794 1920  HTTP - ok
12:47:11.0819 1920  hwdatacard - ok
12:47:11.0849 1920  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:47:11.0849 1920  hwpolicy - ok
12:47:11.0859 1920  hwusbfake - ok
12:47:11.0899 1920  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:47:11.0899 1920  i8042prt - ok
12:47:11.0934 1920  [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:47:11.0949 1920  IAANTMON - ok
12:47:11.0994 1920  [ BE7D72FCF442C26975942007E0831241 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:47:11.0994 1920  iaStor - ok
12:47:12.0024 1920  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:47:12.0029 1920  iaStorV - ok
12:47:12.0069 1920  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:47:12.0099 1920  idsvc - ok
12:47:12.0359 1920  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:47:12.0584 1920  igfx - ok
12:47:12.0614 1920  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:47:12.0619 1920  iirsp - ok
12:47:12.0664 1920  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
12:47:12.0689 1920  IKEEXT - ok
12:47:12.0779 1920  [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:47:12.0824 1920  IntcAzAudAddService - ok
12:47:12.0859 1920  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:47:12.0864 1920  IntcHdmiAddService - ok
12:47:12.0884 1920  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
12:47:12.0884 1920  intelide - ok
12:47:12.0909 1920  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:47:12.0914 1920  intelppm - ok
12:47:12.0924 1920  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:47:12.0929 1920  IPBusEnum - ok
12:47:12.0954 1920  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:47:12.0954 1920  IpFilterDriver - ok
12:47:12.0989 1920  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:47:12.0989 1920  IPMIDRV - ok
12:47:13.0009 1920  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:47:13.0014 1920  IPNAT - ok
12:47:13.0074 1920  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:47:13.0099 1920  iPod Service - ok
12:47:13.0119 1920  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:47:13.0119 1920  IRENUM - ok
12:47:13.0144 1920  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
12:47:13.0149 1920  isapnp - ok
12:47:13.0174 1920  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:47:13.0174 1920  iScsiPrt - ok
12:47:13.0204 1920  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:47:13.0204 1920  kbdclass - ok
12:47:13.0234 1920  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:47:13.0234 1920  kbdhid - ok
12:47:13.0244 1920  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
12:47:13.0249 1920  KeyIso - ok
12:47:13.0284 1920  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:47:13.0284 1920  KSecDD - ok
12:47:13.0319 1920  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:47:13.0319 1920  KSecPkg - ok
12:47:13.0339 1920  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:47:13.0339 1920  ksthunk - ok
12:47:13.0374 1920  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:47:13.0379 1920  KtmRm - ok
12:47:13.0419 1920  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:47:13.0424 1920  LanmanServer - ok
12:47:13.0459 1920  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:47:13.0464 1920  LanmanWorkstation - ok
12:47:13.0484 1920  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:47:13.0489 1920  lltdio - ok
12:47:13.0524 1920  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:47:13.0529 1920  lltdsvc - ok
12:47:13.0549 1920  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:47:13.0549 1920  lmhosts - ok
12:47:13.0584 1920  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:47:13.0584 1920  LSI_FC - ok
12:47:13.0619 1920  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:47:13.0624 1920  LSI_SAS - ok
12:47:13.0629 1920  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:47:13.0629 1920  LSI_SAS2 - ok
12:47:13.0664 1920  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:47:13.0664 1920  LSI_SCSI - ok
12:47:13.0689 1920  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:47:13.0694 1920  luafv - ok
12:47:13.0774 1920  [ 652D2AFB3E0785C7158CD71496811A58 ] mcmscsvc        C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
12:47:13.0784 1920  mcmscsvc - ok
12:47:13.0884 1920  [ 2DBD66025339C2540EFECFFBB5EB2380 ] McNASvc         C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
12:47:13.0944 1920  McNASvc - ok
12:47:13.0964 1920  McODS - ok
12:47:13.0984 1920  [ 447FA93BB3E0AD783B1AD39B60C843E8 ] McProxy         C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
12:47:13.0989 1920  McProxy - ok
12:47:14.0019 1920  [ 86275173C8145FEB39EA1148738F236A ] McShield        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
12:47:14.0024 1920  McShield - ok
12:47:14.0049 1920  [ A6DFA048299D05BDDB08FC59FFE090F6 ] McSysmon        C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
12:47:14.0064 1920  McSysmon - ok
12:47:14.0089 1920  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:47:14.0089 1920  Mcx2Svc - ok
12:47:14.0129 1920  [ A3B8F49446F15931E46380151E73221F ] mdmxsdk         C:\Windows\system32\DRIVERS\ACFSDK64.sys
12:47:14.0129 1920  mdmxsdk - ok
12:47:14.0159 1920  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:47:14.0164 1920  megasas - ok
12:47:14.0199 1920  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:47:14.0204 1920  MegaSR - ok
12:47:14.0229 1920  [ 088620DA20B98578BFC4B97043F24042 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
12:47:14.0229 1920  mfeavfk - ok
12:47:14.0244 1920  [ DD7B52227DA36F2718306C98E474B51B ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
12:47:14.0244 1920  mfebopk - ok
12:47:14.0264 1920  [ 239E677E3E9047550C18B30C26C3BA3E ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
12:47:14.0269 1920  mfehidk - ok
12:47:14.0289 1920  [ BB6BDC9029CA71D652EADC40FF78F7CB ] mferkdk         C:\Windows\system32\drivers\mferkdk.sys
12:47:14.0289 1920  mferkdk - ok
12:47:14.0309 1920  [ 1F56E31DB436287581CBE9A5C4C70E0E ] mfesmfk         C:\Windows\system32\drivers\mfesmfk.sys
12:47:14.0309 1920  mfesmfk - ok
12:47:14.0334 1920  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:47:14.0339 1920  MMCSS - ok
12:47:14.0364 1920  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:47:14.0369 1920  Modem - ok
12:47:14.0394 1920  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:47:14.0394 1920  monitor - ok
12:47:14.0424 1920  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:47:14.0429 1920  mouclass - ok
12:47:14.0454 1920  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:47:14.0459 1920  mouhid - ok
12:47:14.0474 1920  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:47:14.0474 1920  mountmgr - ok
12:47:14.0539 1920  [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:47:14.0539 1920  MozillaMaintenance - ok
12:47:14.0559 1920  [ AE2E68527013EB4F761ECCC630F7F1A3 ] MPFP            C:\Windows\system32\Drivers\Mpfp.sys
12:47:14.0564 1920  MPFP - ok
12:47:14.0624 1920  [ DDF8E1BA0C7502BC02FB5F904D049E52 ] MpfService      C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
12:47:14.0649 1920  MpfService - ok
12:47:14.0674 1920  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
12:47:14.0679 1920  mpio - ok
12:47:14.0694 1920  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:47:14.0694 1920  mpsdrv - ok
12:47:14.0704 1920  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:47:14.0709 1920  MRxDAV - ok
12:47:14.0739 1920  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:47:14.0739 1920  mrxsmb - ok
12:47:14.0764 1920  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:47:14.0769 1920  mrxsmb10 - ok
12:47:14.0784 1920  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:47:14.0789 1920  mrxsmb20 - ok
12:47:14.0814 1920  [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
12:47:14.0814 1920  msahci - ok
12:47:14.0854 1920  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
12:47:14.0859 1920  msdsm - ok
12:47:14.0874 1920  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:47:14.0879 1920  MSDTC - ok
12:47:14.0904 1920  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:47:14.0904 1920  Msfs - ok
12:47:14.0914 1920  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:47:14.0914 1920  mshidkmdf - ok
12:47:14.0929 1920  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
12:47:14.0929 1920  msisadrv - ok
12:47:14.0959 1920  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:47:14.0959 1920  MSiSCSI - ok
12:47:14.0969 1920  msiserver - ok
12:47:15.0014 1920  [ C75E30539519B83CD041F8F057269D5C ] MSK80Service    C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
12:47:15.0019 1920  MSK80Service - ok
12:47:15.0044 1920  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:47:15.0044 1920  MSKSSRV - ok
12:47:15.0059 1920  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:47:15.0064 1920  MSPCLOCK - ok
12:47:15.0074 1920  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:47:15.0074 1920  MSPQM - ok
12:47:15.0104 1920  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:47:15.0114 1920  MsRPC - ok
12:47:15.0139 1920  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:47:15.0139 1920  mssmbios - ok
12:47:15.0159 1920  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:47:15.0159 1920  MSTEE - ok
12:47:15.0174 1920  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:47:15.0174 1920  MTConfig - ok
12:47:15.0199 1920  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:47:15.0199 1920  Mup - ok
12:47:15.0239 1920  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
12:47:15.0249 1920  napagent - ok
12:47:15.0279 1920  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:47:15.0284 1920  NativeWifiP - ok
12:47:15.0329 1920  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:47:15.0354 1920  NDIS - ok
12:47:15.0379 1920  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:47:15.0379 1920  NdisCap - ok
12:47:15.0404 1920  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:15.0404 1920  NdisTapi - ok
12:47:15.0429 1920  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:15.0429 1920  Ndisuio - ok
12:47:15.0444 1920  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:15.0449 1920  NdisWan - ok
12:47:15.0469 1920  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:47:15.0474 1920  NDProxy - ok
12:47:15.0539 1920  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:47:15.0544 1920  Net Driver HPZ12 - ok
12:47:15.0559 1920  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:47:15.0559 1920  NetBIOS - ok
12:47:15.0574 1920  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:47:15.0579 1920  NetBT - ok
12:47:15.0609 1920  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
12:47:15.0609 1920  Netlogon - ok
12:47:15.0654 1920  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:47:15.0659 1920  Netman - ok
12:47:15.0694 1920  [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:47:15.0694 1920  NetMsmqActivator - ok
12:47:15.0699 1920  [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:47:15.0704 1920  NetPipeActivator - ok
12:47:15.0734 1920  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:47:15.0749 1920  netprofm - ok
12:47:15.0754 1920  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:47:15.0754 1920  NetTcpActivator - ok
12:47:15.0764 1920  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:47:15.0764 1920  NetTcpPortSharing - ok
12:47:15.0919 1920  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
12:47:16.0044 1920  netw5v64 - ok
12:47:16.0079 1920  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:47:16.0079 1920  nfrd960 - ok
12:47:16.0104 1920  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:47:16.0109 1920  NlaSvc - ok
12:47:16.0124 1920  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:47:16.0129 1920  Npfs - ok
12:47:16.0144 1920  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:47:16.0149 1920  nsi - ok
12:47:16.0159 1920  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:47:16.0159 1920  nsiproxy - ok
12:47:16.0239 1920  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:47:16.0289 1920  Ntfs - ok
12:47:16.0304 1920  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:47:16.0304 1920  Null - ok
12:47:16.0349 1920  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:47:16.0354 1920  nvraid - ok
12:47:16.0389 1920  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:47:16.0394 1920  nvstor - ok
12:47:16.0419 1920  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
12:47:16.0424 1920  nv_agp - ok
12:47:16.0444 1920  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:47:16.0444 1920  ohci1394 - ok
12:47:16.0514 1920  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:47:16.0519 1920  ose - ok
12:47:16.0679 1920  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:47:16.0789 1920  osppsvc - ok
12:47:16.0829 1920  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:47:16.0839 1920  p2pimsvc - ok
12:47:16.0864 1920  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:47:16.0874 1920  p2psvc - ok
12:47:16.0899 1920  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:47:16.0904 1920  Parport - ok
12:47:16.0929 1920  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:47:16.0929 1920  partmgr - ok
12:47:16.0949 1920  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:47:16.0954 1920  PcaSvc - ok
12:47:16.0969 1920  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
12:47:16.0969 1920  pci - ok
12:47:17.0004 1920  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
12:47:17.0004 1920  pciide - ok
12:47:17.0039 1920  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:47:17.0044 1920  pcmcia - ok
12:47:17.0079 1920  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:47:17.0079 1920  pcw - ok
12:47:17.0109 1920  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:47:17.0124 1920  PEAUTH - ok
12:47:17.0189 1920  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:47:17.0229 1920  PerfHost - ok
12:47:17.0279 1920  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
12:47:17.0314 1920  pla - ok
12:47:17.0364 1920  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:47:17.0379 1920  PlugPlay - ok
12:47:17.0454 1920  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:47:17.0454 1920  Pml Driver HPZ12 - ok
12:47:17.0479 1920  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:47:17.0484 1920  PNRPAutoReg - ok
12:47:17.0504 1920  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:47:17.0509 1920  PNRPsvc - ok
12:47:17.0539 1920  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:47:17.0554 1920  PolicyAgent - ok
12:47:17.0584 1920  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:47:17.0589 1920  Power - ok
12:47:17.0619 1920  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:47:17.0624 1920  PptpMiniport - ok
12:47:17.0644 1920  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:47:17.0644 1920  Processor - ok
12:47:17.0684 1920  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
12:47:17.0689 1920  ProfSvc - ok
12:47:17.0704 1920  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:47:17.0709 1920  ProtectedStorage - ok
12:47:17.0734 1920  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:47:17.0739 1920  Psched - ok
12:47:17.0784 1920  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:47:17.0819 1920  ql2300 - ok
12:47:17.0849 1920  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:47:17.0849 1920  ql40xx - ok
12:47:17.0869 1920  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:47:17.0874 1920  QWAVE - ok
12:47:17.0889 1920  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:47:17.0889 1920  QWAVEdrv - ok
12:47:17.0909 1920  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:47:17.0909 1920  RasAcd - ok
12:47:17.0924 1920  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:17.0924 1920  RasAgileVpn - ok
12:47:17.0944 1920  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:47:17.0944 1920  RasAuto - ok
12:47:17.0969 1920  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:17.0974 1920  Rasl2tp - ok
12:47:17.0989 1920  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
12:47:18.0004 1920  RasMan - ok
12:47:18.0019 1920  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:18.0019 1920  RasPppoe - ok
12:47:18.0034 1920  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:47:18.0034 1920  RasSstp - ok
12:47:18.0054 1920  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:47:18.0059 1920  rdbss - ok
12:47:18.0064 1920  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:47:18.0064 1920  rdpbus - ok
12:47:18.0079 1920  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:18.0084 1920  RDPCDD - ok
12:47:18.0109 1920  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:47:18.0109 1920  RDPENCDD - ok
12:47:18.0124 1920  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:47:18.0124 1920  RDPREFMP - ok
12:47:18.0164 1920  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:47:18.0164 1920  RDPWD - ok
12:47:18.0184 1920  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:47:18.0189 1920  rdyboost - ok
12:47:18.0224 1920  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:47:18.0224 1920  RemoteAccess - ok
12:47:18.0234 1920  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:47:18.0239 1920  RemoteRegistry - ok
12:47:18.0289 1920  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:47:18.0294 1920  RFCOMM - ok
12:47:18.0309 1920  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:47:18.0314 1920  RpcEptMapper - ok
12:47:18.0339 1920  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:47:18.0339 1920  RpcLocator - ok
12:47:18.0374 1920  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
12:47:18.0379 1920  RpcSs - ok
12:47:18.0404 1920  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:47:18.0404 1920  rspndr - ok
12:47:18.0444 1920  [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:47:18.0449 1920  RSUSBSTOR - ok
12:47:18.0484 1920  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:47:18.0489 1920  RTL8167 - ok
12:47:18.0494 1920  RtsUIR - ok
12:47:18.0504 1920  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
12:47:18.0504 1920  SamSs - ok
12:47:18.0529 1920  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
12:47:18.0534 1920  sbp2port - ok
12:47:18.0559 1920  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:47:18.0564 1920  SCardSvr - ok
12:47:18.0579 1920  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:47:18.0579 1920  scfilter - ok
12:47:18.0634 1920  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
12:47:18.0669 1920  Schedule - ok
12:47:18.0724 1920  SCManager - ok
12:47:18.0749 1920  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:47:18.0749 1920  SCPolicySvc - ok
12:47:18.0769 1920  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:47:18.0774 1920  SDRSVC - ok
12:47:18.0794 1920  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:47:18.0799 1920  secdrv - ok
12:47:18.0814 1920  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
12:47:18.0814 1920  seclogon - ok
12:47:18.0834 1920  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:47:18.0839 1920  SENS - ok
12:47:18.0849 1920  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:47:18.0854 1920  SensrSvc - ok
12:47:18.0874 1920  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:47:18.0874 1920  Serenum - ok
12:47:18.0899 1920  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:47:18.0899 1920  Serial - ok
12:47:18.0924 1920  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:47:18.0929 1920  sermouse - ok
12:47:18.0944 1920  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
12:47:18.0949 1920  SessionEnv - ok
12:47:18.0969 1920  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
12:47:18.0974 1920  sffdisk - ok
12:47:18.0989 1920  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:47:18.0989 1920  sffp_mmc - ok
12:47:18.0999 1920  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
12:47:18.0999 1920  sffp_sd - ok
12:47:19.0029 1920  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:47:19.0029 1920  sfloppy - ok
12:47:19.0089 1920  [ E1974A92AC0914A3859359A0A8C82C68 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:47:19.0114 1920  SftService - ok
12:47:19.0139 1920  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:47:19.0154 1920  ShellHWDetection - ok
12:47:19.0184 1920  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:19.0184 1920  SiSRaid2 - ok
12:47:19.0209 1920  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:47:19.0214 1920  SiSRaid4 - ok
12:47:19.0244 1920  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:47:19.0244 1920  Smb - ok
12:47:19.0284 1920  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:47:19.0284 1920  SNMPTRAP - ok
12:47:19.0299 1920  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:47:19.0299 1920  spldr - ok
12:47:19.0349 1920  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
12:47:19.0359 1920  Spooler - ok
12:47:19.0449 1920  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:47:19.0529 1920  sppsvc - ok
12:47:19.0549 1920  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:47:19.0554 1920  sppuinotify - ok
12:47:19.0584 1920  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
12:47:19.0589 1920  sprtsvc_DellSupportCenter - ok
12:47:19.0624 1920  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:47:19.0639 1920  srv - ok
12:47:19.0664 1920  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:47:19.0679 1920  srv2 - ok
12:47:19.0709 1920  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:47:19.0709 1920  srvnet - ok
12:47:19.0739 1920  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:47:19.0744 1920  SSDPSRV - ok
12:47:19.0754 1920  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:47:19.0759 1920  SstpSvc - ok
12:47:19.0789 1920  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:47:19.0789 1920  stexstor - ok
12:47:19.0829 1920  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
12:47:19.0854 1920  stisvc - ok
12:47:19.0874 1920  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:47:19.0874 1920  swenum - ok
12:47:19.0904 1920  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:47:19.0929 1920  swprv - ok
12:47:19.0964 1920  [ 0C74C9CBF970FBBF9FA059F5D9CDB7B5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:47:19.0969 1920  SynTP - ok
12:47:20.0014 1920  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
12:47:20.0059 1920  SysMain - ok
12:47:20.0079 1920  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:47:20.0084 1920  TabletInputService - ok
12:47:20.0104 1920  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:47:20.0119 1920  TapiSrv - ok
12:47:20.0134 1920  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:47:20.0134 1920  TBS - ok
12:47:20.0204 1920  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:47:20.0219 1920  Tcpip - ok
12:47:20.0279 1920  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:47:20.0294 1920  TCPIP6 - ok
12:47:20.0319 1920  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:47:20.0324 1920  tcpipreg - ok
12:47:20.0349 1920  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:47:20.0349 1920  TDPIPE - ok
12:47:20.0379 1920  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:47:20.0379 1920  TDTCP - ok
12:47:20.0399 1920  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:47:20.0404 1920  tdx - ok
12:47:20.0414 1920  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:47:20.0414 1920  TermDD - ok
12:47:20.0449 1920  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
12:47:20.0479 1920  TermService - ok
12:47:20.0494 1920  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:47:20.0494 1920  Themes - ok
12:47:20.0509 1920  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:47:20.0509 1920  THREADORDER - ok
12:47:20.0529 1920  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:47:20.0534 1920  TrkWks - ok
12:47:20.0579 1920  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:47:20.0584 1920  TrustedInstaller - ok
12:47:20.0599 1920  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:20.0604 1920  tssecsrv - ok
12:47:20.0629 1920  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:47:20.0634 1920  tunnel - ok
12:47:20.0654 1920  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:47:20.0654 1920  uagp35 - ok
12:47:20.0689 1920  [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:47:20.0694 1920  udfs - ok
12:47:20.0714 1920  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:47:20.0719 1920  UI0Detect - ok
12:47:20.0734 1920  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
12:47:20.0739 1920  uliagpkx - ok
12:47:20.0764 1920  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:47:20.0769 1920  umbus - ok
12:47:20.0794 1920  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:47:20.0799 1920  UmPass - ok
12:47:20.0819 1920  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:47:20.0834 1920  upnphost - ok
12:47:20.0874 1920  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:47:20.0874 1920  USBAAPL64 - ok
12:47:20.0914 1920  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:47:20.0919 1920  usbaudio - ok
12:47:20.0944 1920  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:20.0949 1920  usbccgp - ok
12:47:20.0954 1920  USBCCID - ok
12:47:20.0979 1920  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
12:47:20.0984 1920  usbcir - ok
12:47:21.0009 1920  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:47:21.0014 1920  usbehci - ok
12:47:21.0054 1920  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:47:21.0059 1920  usbhub - ok
12:47:21.0084 1920  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:47:21.0084 1920  usbohci - ok
12:47:21.0114 1920  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:47:21.0114 1920  usbprint - ok
12:47:21.0149 1920  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:47:21.0149 1920  usbscan - ok
12:47:21.0174 1920  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
12:47:21.0174 1920  usbser - ok
12:47:21.0194 1920  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:21.0194 1920  USBSTOR - ok
12:47:21.0229 1920  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:47:21.0229 1920  usbuhci - ok
12:47:21.0264 1920  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:47:21.0269 1920  usbvideo - ok
12:47:21.0279 1920  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:47:21.0284 1920  UxSms - ok
12:47:21.0294 1920  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
12:47:21.0294 1920  VaultSvc - ok
12:47:21.0319 1920  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
12:47:21.0324 1920  vdrvroot - ok
12:47:21.0349 1920  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
12:47:21.0364 1920  vds - ok
12:47:21.0399 1920  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:21.0399 1920  vga - ok
12:47:21.0424 1920  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:47:21.0424 1920  VgaSave - ok
12:47:21.0449 1920  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
12:47:21.0454 1920  vhdmp - ok
12:47:21.0484 1920  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
12:47:21.0484 1920  viaide - ok
12:47:21.0509 1920  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
12:47:21.0509 1920  volmgr - ok
12:47:21.0529 1920  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:47:21.0534 1920  volmgrx - ok
12:47:21.0574 1920  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
12:47:21.0579 1920  volsnap - ok
12:47:21.0614 1920  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:21.0614 1920  vsmraid - ok
12:47:21.0669 1920  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
12:47:21.0714 1920  VSS - ok
12:47:21.0729 1920  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:47:21.0729 1920  vwifibus - ok
12:47:21.0749 1920  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:47:21.0749 1920  vwififlt - ok
12:47:21.0779 1920  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:47:21.0779 1920  vwifimp - ok
12:47:21.0804 1920  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:47:21.0824 1920  W32Time - ok
12:47:21.0884 1920  [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
12:47:21.0899 1920  W3SVC - ok
12:47:21.0924 1920  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:47:21.0929 1920  WacomPen - ok
12:47:21.0949 1920  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:47:21.0954 1920  WANARP - ok
12:47:21.0959 1920  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:47:21.0959 1920  Wanarpv6 - ok
12:47:21.0974 1920  [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
12:47:21.0979 1920  WAS - ok
12:47:22.0044 1920  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:47:22.0079 1920  WatAdminSvc - ok
12:47:22.0134 1920  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
12:47:22.0179 1920  wbengine - ok
12:47:22.0189 1920  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:47:22.0194 1920  WbioSrvc - ok
12:47:22.0239 1920  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:47:22.0259 1920  wcncsvc - ok
12:47:22.0264 1920  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:47:22.0269 1920  WcsPlugInService - ok
12:47:22.0299 1920  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:47:22.0299 1920  Wd - ok
12:47:22.0349 1920  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
12:47:22.0349 1920  WDC_SAM - ok
12:47:22.0384 1920  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:47:22.0409 1920  Wdf01000 - ok
12:47:22.0429 1920  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:47:22.0434 1920  WdiServiceHost - ok
12:47:22.0439 1920  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:47:22.0439 1920  WdiSystemHost - ok
12:47:22.0484 1920  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
12:47:22.0494 1920  WebClient - ok
12:47:22.0504 1920  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:47:22.0514 1920  Wecsvc - ok
12:47:22.0539 1920  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:47:22.0544 1920  wercplsupport - ok
12:47:22.0569 1920  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:47:22.0574 1920  WerSvc - ok
12:47:22.0579 1920  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:22.0584 1920  WfpLwf - ok
12:47:22.0614 1920  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
12:47:22.0619 1920  WimFltr - ok
12:47:22.0634 1920  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:47:22.0634 1920  WIMMount - ok
12:47:22.0644 1920  WinHttpAutoProxySvc - ok
12:47:22.0694 1920  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:47:22.0699 1920  Winmgmt - ok
12:47:22.0759 1920  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:47:22.0804 1920  WinRM - ok
12:47:22.0864 1920  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:47:22.0864 1920  WinUsb - ok
12:47:22.0894 1920  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:47:22.0929 1920  Wlansvc - ok
12:47:23.0014 1920  [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
12:47:23.0019 1920  wltrysvc - ok
12:47:23.0049 1920  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:47:23.0054 1920  WmiAcpi - ok
12:47:23.0074 1920  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:47:23.0074 1920  wmiApSrv - ok
12:47:23.0099 1920  WMPNetworkSvc - ok
12:47:23.0109 1920  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:47:23.0114 1920  WPCSvc - ok
12:47:23.0129 1920  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:47:23.0134 1920  WPDBusEnum - ok
12:47:23.0154 1920  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:47:23.0159 1920  ws2ifsl - ok
12:47:23.0164 1920  WSearch - ok
12:47:23.0249 1920  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:47:23.0309 1920  wuauserv - ok
12:47:23.0324 1920  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:47:23.0324 1920  WudfPf - ok
12:47:23.0344 1920  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:23.0349 1920  WUDFRd - ok
12:47:23.0369 1920  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:47:23.0374 1920  wudfsvc - ok
12:47:23.0399 1920  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:47:23.0404 1920  WwanSvc - ok
12:47:23.0414 1920  [ 747006E7B4029EFEF3E975F1DE09B4DA ] XAudio          C:\Windows\system32\DRIVERS\ACFXAU64.sys
12:47:23.0414 1920  XAudio - ok
12:47:23.0449 1920  ================ Scan global ===============================
12:47:23.0479 1920  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:47:23.0499 1920  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:47:23.0514 1920  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:47:23.0549 1920  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:47:23.0574 1920  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:47:23.0579 1920  [Global] - ok
12:47:23.0579 1920  ================ Scan MBR ==================================
12:47:23.0594 1920  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:47:23.0919 1920  \Device\Harddisk0\DR0 - ok
12:47:23.0919 1920  ================ Scan VBR ==================================
12:47:23.0949 1920  [ 8F005D6A9C114BCFEF50B55305030E2A ] \Device\Harddisk0\DR0\Partition1
12:47:23.0954 1920  \Device\Harddisk0\DR0\Partition1 - ok
12:47:23.0959 1920  [ 411AE70954A966A19C5438DF4993B8F6 ] \Device\Harddisk0\DR0\Partition2
12:47:23.0959 1920  \Device\Harddisk0\DR0\Partition2 - ok
12:47:23.0979 1920  [ 6C6A4A8CBF52FEBB26F943168F976563 ] \Device\Harddisk0\DR0\Partition3
12:47:23.0984 1920  \Device\Harddisk0\DR0\Partition3 - ok
12:47:23.0984 1920  ============================================================
12:47:23.0984 1920  Scan finished
12:47:23.0984 1920  ============================================================
12:47:23.0999 1956  Detected object count: 0
12:47:23.0999 1956  Actual detected object count: 0
12:47:55.0064 1608  Deinitialize success
 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.02.05

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
slaney :: SLANEY-PC [administrator]

3/06/2013 7:09:04 PM
mbam-log-2013-06-03 (19-09-04).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 458082
Time elapsed: 49 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ababy (IPH.Trojan.Zbot.REPS) -> Data: C:\Users\slaney\AppData\Roaming\Uxlim\quba.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|aposrs (Trojan.Agent) -> Data: rundll32.exe "C:\Users\slaney\AppData\Roaming\aposrs.dll",EndSession -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XSECVA (Trojan.Agent) -> Data: C:\Users\slaney\AppData\Roaming\xsecva\xsecva.exe -s -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|semgin (Trojan.RedirRdll2.Gen) -> Data: "C:\Windows\System32\rundll32.exe" "C:\Users\slaney\AppData\Roaming\semgin.dll",CreateCompressedAnimationSet -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\WinDefender (Rogue.WinDefender) -> Quarantined and deleted successfully.

Files Detected: 19
C:\Users\slaney\AppData\Roaming\Uxlim\quba.exe (IPH.Trojan.Zbot.REPS) -> Quarantined and deleted successfully.
C:\Users\slaney\AppData\Roaming\aposrs.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Windows\msseedir.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\slaney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DOVEKFF\calc[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\slaney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DOVEKFF\load_49[1].exe (Trojan.Agent.BVXGen) -> Quarantined and deleted successfully.
C:\Users\slaney\AppData\Local\Temp\1jfuweif.exe (Trojan.LockScreen) -> Quarantined and deleted successfully.
C:\Users\slaney\AppData\Local\Temp\acrobat.dll (Trojan.Phex.THAGen2) -> Quarantined and deleted successfully.
C:\Users\slaney\AppData\Local\Temp\wpbt0.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\slaney\AppData\Local\{ef5404db-763c-b09a-372c-323f5878fea9}\n (Rootkit.0Access) -> Delete on reboot.
C:\Users\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\64f527a9-3d0083eb (Trojan.Phex.THAGen2) -> Quarantined and deleted successfully.
C:\Users\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\2e06c8b9-3a72f081 (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ef5404db-763c-b09a-372c-323f5878fea9}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ef5404db-763c-b09a-372c-323f5878fea9}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ef5404db-763c-b09a-372c-323f5878fea9}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ef5404db-763c-b09a-372c-323f5878fea9}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Windows\xessmsxe.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WinDefender\wdfender.exe (Rogue.WinDefender) -> Quarantined and deleted successfully.

(end)
 

 

 

 

 

 

 

 

 

 

C:\Documents and Settings\slaney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APCAHQUL\1[1].class    a variant of Java/TrojanDownloader.Agent.AH trojan    
C:\Documents and Settings\slaney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQCUEWCX\ix86d[1]    a variant of Win32/Kryptik.AIWI trojan    
C:\Documents and Settings\slaney\AppData\Local\Temp\1.class    a variant of Java/TrojanDownloader.Agent.AH trojan    
C:\Documents and Settings\slaney\AppData\Local\Temp\eoeapvqf.dll    a variant of Win32/Kryptik.AIWI trojan    
C:\Documents and Settings\slaney\AppData\Local\Temp\V.class    a variant of Java/Exploit.CVE-2011-3544.BQ trojan    
C:\Documents and Settings\slaney\AppData\Local\{2649F492-CF49-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul    JS/Redirector.NIQ trojan    
C:\Documents and Settings\slaney\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\APCAHQUL\1[1].class    a variant of Java/TrojanDownloader.Agent.AH trojan    
C:\Documents and Settings\slaney\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQCUEWCX\ix86d[1]    a variant of Win32/Kryptik.AIWI trojan    
C:\Documents and Settings\slaney\Local Settings\Temp\1.class    a variant of Java/TrojanDownloader.Agent.AH trojan    
C:\Documents and Settings\slaney\Local Settings\Temp\eoeapvqf.dll    a variant of Win32/Kryptik.AIWI trojan    
C:\Documents and Settings\slaney\Local Settings\Temp\V.class    a variant of Java/Exploit.CVE-2011-3544.BQ trojan    
C:\Documents and Settings\slaney\Local Settings\{2649F492-CF49-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul    JS/Redirector.NIQ trojan    
C:\Users\slaney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APCAHQUL\1[1].class    a variant of Java/TrojanDownloader.Agent.AH trojan    
C:\Users\slaney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQCUEWCX\ix86d[1]    a variant of Win32/Kryptik.AIWI trojan    
C:\Users\slaney\AppData\Local\Temp\1.class    a variant of Java/TrojanDownloader.Agent.AH trojan    
C:\Users\slaney\AppData\Local\Temp\eoeapvqf.dll    a variant of Win32/Kryptik.AIWI trojan    
C:\Users\slaney\AppData\Local\Temp\V.class    a variant of Java/Exploit.CVE-2011-3544.BQ trojan    
C:\Users\slaney\AppData\Local\{2649F492-CF49-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul    JS/Redirector.NIQ trojan    
C:\Users\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-7767a9e9    a variant of Java/Agent.DT trojan    
C:\Users\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\fe48b4f-24916072    a variant of Java/Exploit.CVE-2010-4452.B trojan    
C:\Users\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\b39ceb0-567f4650    probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan    
C:\Users\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\44dc2e06-14c72b80    a variant of Java/Agent.DT trojan    
C:\Users\slaney\AppData\Roaming\semgin.dll    a variant of Win32/Medfos.AR trojan    
C:\Users\slaney\AppData\Roaming\Mozilla\Firefox\Profiles\myzn38ea.default\user.js    JS/SecurityDisabler.A.Gen application    
C:\Users\slaney\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\APCAHQUL\1[1].class    a variant of Java/TrojanDownloader.Agent.AH trojan    
C:\Users\slaney\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQCUEWCX\ix86d[1]    a variant of Win32/Kryptik.AIWI trojan    
C:\Users\slaney\Local Settings\Temp\1.class    a variant of Java/TrojanDownloader.Agent.AH trojan    
C:\Users\slaney\Local Settings\Temp\eoeapvqf.dll    a variant of Win32/Kryptik.AIWI trojan    
C:\Users\slaney\Local Settings\Temp\V.class    a variant of Java/Exploit.CVE-2011-3544.BQ trojan    
C:\Users\slaney\Local Settings\{2649F492-CF49-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul    JS/Redirector.NIQ trojan    
C:\Documents and Settings\slaney\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\APCAHQUL\1[1].class    a variant of Java/TrojanDownloader.Agent.AH trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQCUEWCX\ix86d[1]    a variant of Win32/Kryptik.AIWI trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\Local\Application Data\Temp\1.class    a variant of Java/TrojanDownloader.Agent.AH trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\Local\Application Data\Temp\eoeapvqf.dll    a variant of Win32/Kryptik.AIWI trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\Local\Application Data\Temp\V.class    a variant of Java/Exploit.CVE-2011-3544.BQ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\Local\Application Data\{2649F492-CF49-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul    JS/Redirector.NIQ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-7767a9e9    a variant of Java/Agent.DT trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\fe48b4f-24916072    a variant of Java/Exploit.CVE-2010-4452.B trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\b39ceb0-567f4650    probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\44dc2e06-14c72b80    a variant of Java/Agent.DT trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\Roaming\semgin.dll    a variant of Win32/Medfos.AR trojan    cleaned by deleting - quarantined
C:\Documents and Settings\slaney\AppData\Roaming\Mozilla\Firefox\Profiles\myzn38ea.default\user.js    JS/SecurityDisabler.A.Gen application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Windows\Installer\{ef5404db-763c-b09a-372c-323f5878fea9}\U\00000004.@    Win64/Conedex.C trojan    cleaned by deleting - quarantined
C:\Windows\Installer\{ef5404db-763c-b09a-372c-323f5878fea9}\U\80000000.@    Win64/Sirefef.AE trojan    cleaned by deleting - quarantined
C:\Windows\Installer\{ef5404db-763c-b09a-372c-323f5878fea9}\U\80000064.@    Win64/Sirefef.AN trojan    cleaned by deleting - quarantined

 

 

 

 

Let me know what your thoughts are and thanks again for your help. 

 

popdog.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 03 June 2013 - 02:59 PM

Hello, some ugly stuff that steals personal info.
 

Trojan.Zbot, also called Zeus, is a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet. The Trojan is created using a Trojan-building toolkit.

Infection
The Trojan.Zbot files that are used to compromise computers are generated using a toolkit that is available in marketplaces for online criminals. The toolkit allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers.

The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft. The message body warns the user of a problem with their financial information, online account, or software and suggests they visit a link provided in the email. The computer is compromised if the user visits the link, if it is not protected.... Symantec

 
 
If you do banking on here you need to call your bank and tell them you had a info stealing infection to watch your accounts.
 
Now change your passwords on here.



Empty your temp folders using TFC (Temporary File Cleaner)

◾Please download TFC by Old Timer and save it to your desktop.

◾Save any unsaved work. (TFC will close ALL open programs including your browser!)
◾Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
◾Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
◾Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.



Open MBAM again ad select More Tools. then select and run Antirootkit.


Finally run..Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


Edited by boopme, 03 June 2013 - 03:01 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 popdog

popdog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 03 June 2013 - 03:35 PM

Thanks boopme

 

Scary stuff.  Here is the first log, I'll post the others as they complete. 

 

 

TFC:

 

 

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: slaney
->Temp folder emptied: 405822875 bytes
->Temporary Internet Files folder emptied: 61671087 bytes
->Java cache emptied: 2747157 bytes
->FireFox cache emptied: 71640395 bytes
->Flash cache emptied: 37619 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 741366 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532062367 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 141431439 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 69812 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 14316426190 bytes
Process complete!
 
Total Files Cleaned = 14,813.00 mb

 

 



#6 popdog

popdog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 03 June 2013 - 04:24 PM

I tried the MBAM Anti-Tootkit but it froze on the screen "scanning physical sectors of unpartioned space on drive 0". 



#7 popdog

popdog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 03 June 2013 - 04:32 PM

I ran the adw cleaner, when the computer restarted in booted normally for the first time - so clearly it's working better.  (It used to boot only in safe mode). 

 

 

# AdwCleaner v2.301 - Logfile created 06/04/2013 at 19:29:11
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : slaney - SLANEY-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\slaney\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Search Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16447

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-GB)

File : C:\Users\slaney\AppData\Roaming\Mozilla\Firefox\Profiles\myzn38ea.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1324 octets] - [04/06/2013 19:29:11]

########## EOF - C:\AdwCleaner[S1].txt - [1384 octets] ##########
 

 

 

 

How does this leave me.  Thanks again for your help!



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 04 June 2013 - 10:03 AM

Let's try aswMBR instead....
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 popdog

popdog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 04 June 2013 - 05:52 PM

Is it safe to use the computer as normal or should I wait until we've cleaned it before resuming normal use?

 

Just ran aswMBR - here's the log. 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-05 08:22:15
-----------------------------
08:22:15.222    OS Version: Windows x64 6.1.7600
08:22:15.222    Number of processors: 2 586 0x170A
08:22:15.224    ComputerName: SLANEY-PC  UserName: slaney
08:22:16.166    Initialize success
08:26:10.667    AVAST engine defs: 13060401
08:30:54.837    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:30:54.837    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
08:30:54.946    Disk 0 MBR read successfully
08:30:54.962    Disk 0 MBR scan
08:30:54.962    Disk 0 Windows 7 default MBR code
08:30:54.977    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      100 MB offset 2048
08:30:55.008    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10000 MB offset 206848
08:30:55.040    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS        60000 MB offset 20686848
08:30:55.071    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       235143 MB offset 143566848
08:30:55.118    Disk 0 scanning C:\Windows\system32\drivers
08:31:43.755    Service scanning
08:32:41.605    Modules scanning
08:32:41.605    Disk 0 trace - called modules:
08:32:41.652    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:32:41.667    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057012d0]
08:32:41.667    3 CLASSPNP.SYS[fffff880010ad43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471b050]
08:32:43.258    AVAST engine scan C:\Windows
08:32:48.594    AVAST engine scan C:\Windows\system32
08:38:47.642    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
08:38:52.026    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
08:41:57.644    AVAST engine scan C:\Windows\system32\drivers
08:42:34.978    AVAST engine scan C:\Users\slaney
08:45:11.577    AVAST engine scan C:\ProgramData
08:47:59.591    Scan finished successfully
08:49:44.033    Disk 0 MBR has been saved successfully to "C:\Users\slaney\Desktop\MBR.dat"
08:49:44.033    The log file has been saved successfully to "C:\Users\slaney\Desktop\aswMBR.txt"

 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 04 June 2013 - 07:41 PM

You can use it, DO Not Bank or put a Credit card order thru here until cleaned. You still have a persistent infection.
We need stronger tools. Start a new topic named " Win32:Sirefef-PL [Rtk]"

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users