Jump to content

Need help removing HJT


RobD
 Share

Recommended Posts

Hello RobD,

Going forward, always use NOTEPAD to Copy ALL lines of (any & all logs) then Copy & Paste the contents into main-body of reply-box.

If you wish, use 1 reply for each log.

But please do not "attach".

Restart your system and make sure it is in normal mode Windows.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Run a new run of DDS

Copy and Paste contents of DDS.txt , & Attach.txt + the last MBAM scan log

AND

tell me, What it is that you believe is the problem? Describe the suspect malware :excl:

Edited by Maurice Naggar
Link to post
Share on other sites

Thanks Maurice....I followed your directions and here are both logs from dds. MBAM initially found and quarantined 2 rogue.fakeHDD, 2 hijack.startmenu, and 1 hijack.displayproperties. My PC seems to be up and running now. My desktop was changed and I still do not see any programs under Windows-Start-Program Files, but looks like I just have to change properties there. ALSO I cant ENABLE MBAM Protection Module-get "PROGRAM_ERROR_PROTECTION_MODULE (1068, 0, ProtectionEnable) The dependancy service or group failed to start. Thanks again for your assistance !

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/4/2012 9:12:45 PM

System Uptime: 8/26/2012 10:24:13 AM (0 hours ago)

Motherboard: Dell Inc. | | 00JFW2

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 408.239 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP7: 6/19/2012 12:28:38 PM - Windows Update

RP8: 7/14/2012 2:39:17 PM - Windows Update

RP9: 7/25/2012 10:05:10 PM - Windows Backup

RP10: 7/25/2012 10:14:17 PM - Windows Update

RP11: 7/29/2012 11:25:37 PM - Windows Backup

RP12: 8/6/2012 4:07:34 PM - Windows Backup

RP13: 8/10/2012 5:59:23 PM - Installed Java 7 Update 5

RP14: 8/15/2012 2:58:46 PM - Windows Backup

==== Installed Programs ======================

Accidental Damage Services Agreement

Adobe AIR

Adobe Reader X MUI

Advanced Audio FX Engine

Banctec Service Agreement

Bejeweled 2 Deluxe

Bing Bar

Bing Rewards Client Installer

Blackhawk Striker 2

Blio

Bounce Symphony

Build-a-lot 2

Cake Mania

Chuzzle Deluxe

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

Cozi

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell VideoStage

Dell Webcam Central

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

eBay

ERUNT 1.1j

Escape Whisper Valley

Farm Frenzy

FATE

Final Drive Fury

Final Drive Nitro

High-Definition Video Playback

IDT Audio

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® WiDi

IP Camera

Java Auto Updater

Java 7 Update 1

Jewel Quest

Jewel Quest Solitaire 2

Junk Mail filter update

Luxor

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee SecurityCenter

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSVCRT_amd64

Namco All-Stars PAC-MAN

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Premium Service Agreement

QualxServ Service Agreement

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

Renesas Electronics USB 3.0 Host Controller Driver

Samantha Swift

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.5

SyncUP

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

Wedding Dash - Ready, Aim, Love!

WildTangent Games

WildTangent Games App (Dell Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

Zuma Deluxe

==== Event Viewer Messages From Past Week ========

8/26/2012 10:26:43 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

8/26/2012 10:26:33 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

8/26/2012 10:26:33 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

8/26/2012 10:26:14 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/26/2012 10:25:09 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .

8/25/2012 7:31:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

8/25/2012 7:31:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

8/25/2012 7:12:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

8/25/2012 7:10:13 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/25/2012 7:08:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/25/2012 7:08:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/25/2012 7:08:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/25/2012 7:08:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/25/2012 7:08:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/25/2012 7:08:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

8/25/2012 7:08:13 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/25/2012 7:08:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/25/2012 10:53:36 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSX64

Run by Rob at 10:33:03.28 on Sun 08/26/2012

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4753 [GMT -4:00]

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files\DellTPad\Apntex.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

F:\Malware\dds.scr

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://www.google.com/

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\common files\mcafee\systemcore\ScriptSn.20120709232450.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files (x86)\microsoft\bingbar\7.1.361.0\BingExt.dll"

mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [iAStorIcon] c:\program files (x86)\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [NUSB3MON] "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [NeroLauncher] c:\program files (x86)\nero\syncup\NeroLauncher.exe 900

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Dell DataSafe Online] c:\program files (x86)\dell\dell datasafe online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AccuWeatherWidget] "c:\program files (x86)\dell stage\dell stage\accuweather\accuweather.exe" "c:\program files (x86)\dell stage\dell stage\accuweather\start.umj" --startup

mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.4/codebase/DVM_IPCam2.ocx

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\McSnIePl.dll

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files (x86)\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\MSKAPB~1.DLL

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120709232450.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

mRun-x64: [igfxTray] c:\windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe

mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun-x64: [intelTBRunOnce] wscript.exe //b //nologo "c:\program files\intel\turboboost\RunTBGadgetOnce.vbs"

mRun-x64: [intelPAN] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PAN Tray

mRun-x64: [bTMTrayAgent] rundll32.exe "c:\program files (x86)\intel\bluetooth\btmshell.dll",TrayApp

mRun-x64: [DellStage] "c:\program files (x86)\dell stage\dell stage\stage_primary.exe" "c:\program files (x86)\dell stage\dell stage\start.umj" --startup

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-14 647208]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 289664]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-14 75936]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-9-15 1166848]

R2 BBSvc;BingBar Service;c:\program files (x86)\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\intel\bluetooth\devmonsrv.exe [2011-5-19 921664]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\intel\bluetooth\obexsrv.exe [2011-5-19 995392]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-6-3 134928]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-2-1 13336]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2012-6-11 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2012-6-11 249936]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2012-6-11 249936]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-2-1 199272]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-2-1 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-2-1 162192]

R2 NOBU;Dell DataSafe Online;c:\program files (x86)\dell\dell datasafe online\NOBuAgent.exe [2010-8-25 2823000]

R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2012-2-1 2655768]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-9-15 299008]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\intel\bluetooth\mediasrv.exe [2011-5-19 1335360]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 65264]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-2-1 176096]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-2-1 317440]

R3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-6-21 25496]

R3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2012-2-1 56344]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-14 229528]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 487296]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETwNs64.sys [2011-9-18 8604672]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2012-2-1 406632]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2012-8-10 655944]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-9-15 299008]

S3 BBUpdate;BBUpdate;c:\program files (x86)\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-5-19 51712]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\drivers\btmaux.sys [2011-5-19 53248]

S3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 282624]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-19 59904]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-6-21 34200]

S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2012-2-1 220528]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 100912]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-2-1 250984]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\intel\turboboost\TurboBoost.exe [2010-11-29 149504]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-12 1255736]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 25088]

S4 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AESTSr64.exe [2012-2-1 89600]

S4 GamesAppService;GamesAppService;c:\program files (x86)\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2012-6-11 249936]

S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2011-9-15 340240]

S4 NAUpdate;Nero Update;c:\program files (x86)\nero\update\NASvc.exe [2011-11-25 687400]

S4 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2012-2-1 1692480]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2012-08-11 02:24:04 6459563 ----a-w- c:\users\rob\MalwarebytesError.rtf

2012-08-11 01:30:21 0 d-----w- c:\users\rob\appdata\roaming\Malwarebytes

2012-08-11 01:30:07 0 d-----w- c:\programdata\Malwarebytes

2012-08-11 01:30:07 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-10 22:31:03 0 d-----w- c:\users\rob\appdata\roaming\Blio

2012-07-29 20:55:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== Find3M ====================

2012-06-12 03:08:36 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 04:41:00 12873728 ----a-w- c:\windows\syswow64\shell32.dll

2012-06-06 06:06:16 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\syswow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\syswow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\syswow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:01:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 09:07:00 12314624 ----a-w- c:\windows\syswow64\mshtml.dll

2012-06-02 08:43:51 9737728 ----a-w- c:\windows\syswow64\ieframe.dll

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\syswow64\jscript9.dll

2012-06-02 08:26:05 1103872 ----a-w- c:\windows\syswow64\urlmon.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\syswow64\wininet.dll

2012-06-02 08:23:26 231936 ----a-w- c:\windows\syswow64\url.dll

2012-06-02 08:21:51 65024 ----a-w- c:\windows\syswow64\jsproxy.dll

2012-06-02 08:20:33 142848 ----a-w- c:\windows\syswow64\ieUnatt.exe

2012-06-02 08:19:58 716800 ----a-w- c:\windows\syswow64\jscript.dll

2012-06-02 08:19:19 1793024 ----a-w- c:\windows\syswow64\iertutil.dll

2012-06-02 08:17:15 73216 ----a-w- c:\windows\syswow64\mshtmled.dll

2012-06-02 08:14:19 176640 ----a-w- c:\windows\syswow64\ieui.dll

2012-06-02 05:45:31 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- c:\windows\syswow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- c:\windows\syswow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\syswow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- c:\windows\syswow64\sspicli.dll

2010-11-21 07:06:44 31548 ---ha-w- c:\windows\inf\perflib\0409\perfd.dat

2010-11-21 07:06:44 31548 ---ha-w- c:\windows\inf\perflib\0409\perfc.dat

2010-11-21 07:06:44 291294 ---ha-w- c:\windows\inf\perflib\0409\perfi.dat

2010-11-21 07:06:44 291294 ---ha-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ---ha-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ---ha-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ---ha-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ---ha-w- c:\windows\inf\perflib\0000\perfc.dat

2011-11-16 18:59:26 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2011-11-16 19:03:07 262144 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe

============= FINISH: 10:39:58.74 ===============

RobD

Link to post
Share on other sites

These steps are for RobD only. If you are a casual viewer, do NOT try this on your system!

If you are not RobD and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

Please follow my guidance, and do NOT do anything else on your own. {no changes/no additions/no websurfing}

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 2

Please download the following program to your Desktop >> Unhide <<

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Step 3

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

I think I'm good now EXCEPT..I can not ENABLE the MBAM protection module. I get "PROGRAM_ERROR_PROTECTION_MODULE (1068, 0, ProtectionEnable) The dependancy service or group failed to start." I see many PC services set to "delayed start"...maybe this is irrelevant. here is the TDSSKiller Report..

12:56:33.0248 3460 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

12:56:35.0276 3460 ============================================================

12:56:35.0276 3460 Current date / time: 2012/08/26 12:56:35.0276

12:56:35.0276 3460 SystemInfo:

12:56:35.0276 3460

12:56:35.0276 3460 OS Version: 6.1.7601 ServicePack: 1.0

12:56:35.0276 3460 Product type: Workstation

12:56:35.0276 3460 ComputerName: LINDSAYS_DELL

12:56:36.0228 3460 UserName: Rob

12:56:36.0228 3460 Windows directory: C:\windows

12:56:36.0228 3460 System windows directory: C:\windows

12:56:36.0228 3460 Running under WOW64

12:56:36.0228 3460 Processor architecture: Intel x64

12:56:36.0228 3460 Number of processors: 4

12:56:36.0228 3460 Page size: 0x1000

12:56:36.0228 3460 Boot type: Normal boot

12:56:36.0228 3460 ============================================================

12:56:36.0493 3460 BG loaded

12:56:36.0976 3460 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A0

12:56:36.0992 3460 Drive \Device\Harddisk1\DR1 - Size: 0xF49D2200 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:56:37.0008 3460 ============================================================

12:56:37.0008 3460 \Device\Harddisk0\DR0:

12:56:37.0023 3460 MBR partitions:

12:56:37.0023 3460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

12:56:37.0023 3460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38600030

12:56:37.0023 3460 \Device\Harddisk1\DR1:

12:56:37.0023 3460 MBR partitions:

12:56:37.0023 3460 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xBE, BlocksNum 0x7A0F42

12:56:37.0023 3460 ============================================================

12:56:37.0101 3460 C: <-> \Device\Harddisk0\DR0\Partition2

12:56:37.0101 3460 ============================================================

12:56:37.0101 3460 Initialize success

12:56:37.0101 3460 ============================================================

12:57:07.0455 5004 ============================================================

12:57:07.0455 5004 Scan started

12:57:07.0455 5004 Mode: Manual;

12:57:07.0455 5004 ============================================================

12:57:26.0066 5004 ================ Scan system memory ========================

12:57:26.0066 5004 System memory - ok

12:57:26.0081 5004 ================ Scan services =============================

12:57:30.0532 5004 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

12:57:30.0545 5004 1394ohci - ok

12:57:30.0637 5004 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

12:57:30.0652 5004 ACPI - ok

12:57:30.0803 5004 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

12:57:30.0832 5004 AcpiPmi - ok

12:57:30.0984 5004 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

12:57:31.0051 5004 adp94xx - ok

12:57:31.0208 5004 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

12:57:31.0266 5004 adpahci - ok

12:57:31.0434 5004 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

12:57:31.0444 5004 adpu320 - ok

12:57:31.0492 5004 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

12:57:31.0495 5004 AeLookupSvc - ok

12:57:31.0864 5004 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

12:57:31.0894 5004 AESTFilters - ok

12:57:32.0246 5004 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

12:57:32.0255 5004 AFD - ok

12:57:32.0397 5004 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

12:57:32.0431 5004 agp440 - ok

12:57:32.0701 5004 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

12:57:32.0725 5004 ALG - ok

12:57:32.0952 5004 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

12:57:32.0962 5004 aliide - ok

12:57:33.0017 5004 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

12:57:33.0055 5004 amdide - ok

12:57:33.0142 5004 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

12:57:33.0162 5004 AmdK8 - ok

12:57:33.0198 5004 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

12:57:33.0219 5004 AmdPPM - ok

12:57:33.0245 5004 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

12:57:33.0252 5004 amdsata - ok

12:57:33.0342 5004 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

12:57:33.0368 5004 amdsbs - ok

12:57:33.0417 5004 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

12:57:33.0422 5004 amdxata - ok

12:57:33.0647 5004 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys

12:57:33.0653 5004 AMPPAL - ok

12:57:33.0818 5004 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys

12:57:33.0820 5004 AMPPALP - ok

12:57:34.0316 5004 [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

12:57:34.0327 5004 AMPPALR3 - ok

12:57:34.0637 5004 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys

12:57:34.0639 5004 ApfiltrService - ok

12:57:34.0738 5004 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

12:57:34.0765 5004 AppID - ok

12:57:34.0814 5004 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

12:57:34.0836 5004 AppIDSvc - ok

12:57:34.0879 5004 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

12:57:34.0898 5004 Appinfo - ok

12:57:34.0928 5004 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

12:57:34.0936 5004 arc - ok

12:57:34.0963 5004 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

12:57:34.0977 5004 arcsas - ok

12:57:35.0241 5004 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

12:57:35.0352 5004 aspnet_state - ok

12:57:35.0395 5004 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

12:57:35.0397 5004 AsyncMac - ok

12:57:35.0458 5004 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

12:57:35.0475 5004 atapi - ok

12:57:35.0634 5004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

12:57:35.0650 5004 AudioEndpointBuilder - ok

12:57:35.0667 5004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

12:57:35.0677 5004 AudioSrv - ok

12:57:35.0774 5004 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

12:57:35.0797 5004 AxInstSV - ok

12:57:35.0937 5004 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

12:57:35.0951 5004 b06bdrv - ok

12:57:36.0020 5004 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

12:57:36.0035 5004 b57nd60a - ok

12:57:36.0258 5004 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

12:57:36.0261 5004 BBSvc - ok

12:57:36.0377 5004 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

12:57:36.0394 5004 BBUpdate - ok

12:57:36.0465 5004 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

12:57:36.0488 5004 BDESVC - ok

12:57:36.0549 5004 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

12:57:36.0551 5004 Beep - ok

12:57:36.0757 5004 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

12:57:36.0780 5004 BFE - ok

12:57:36.0926 5004 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

12:57:36.0956 5004 BITS - ok

12:57:37.0000 5004 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

12:57:37.0002 5004 blbdrive - ok

12:57:37.0149 5004 [ 5FF7B9916A10E8E69E7C0D16F0B4787A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

12:57:37.0153 5004 Bluetooth Device Monitor - ok

12:57:37.0377 5004 [ E43D73CAF1023976EFBA1D0F0E69E271 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

12:57:37.0388 5004 Bluetooth Media Service - ok

12:57:37.0424 5004 [ 20427929646784A482DF34EF8C4FED23 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

12:57:37.0428 5004 Bluetooth OBEX Service - ok

12:57:37.0458 5004 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

12:57:37.0459 5004 bowser - ok

12:57:37.0525 5004 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

12:57:37.0527 5004 BrFiltLo - ok

12:57:37.0551 5004 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

12:57:37.0553 5004 BrFiltUp - ok

12:57:37.0622 5004 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll

12:57:37.0625 5004 Browser - ok

12:57:37.0737 5004 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

12:57:37.0765 5004 Brserid - ok

12:57:37.0790 5004 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

12:57:37.0791 5004 BrSerWdm - ok

12:57:37.0806 5004 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

12:57:37.0809 5004 BrUsbMdm - ok

12:57:37.0835 5004 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

12:57:37.0836 5004 BrUsbSer - ok

12:57:37.0858 5004 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys

12:57:37.0859 5004 BthEnum - ok

12:57:37.0885 5004 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

12:57:37.0886 5004 BTHMODEM - ok

12:57:37.0925 5004 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

12:57:37.0926 5004 BthPan - ok

12:57:37.0986 5004 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys

12:57:37.0993 5004 BTHPORT - ok

12:57:38.0028 5004 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

12:57:38.0033 5004 bthserv - ok

12:57:38.0067 5004 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

12:57:38.0068 5004 BTHSSecurityMgr - ok

12:57:38.0086 5004 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys

12:57:38.0087 5004 BTHUSB - ok

12:57:38.0118 5004 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\windows\system32\drivers\btmaud.sys

12:57:38.0118 5004 btmaudio - ok

12:57:38.0133 5004 [ 75EAB5AAF6E9F83739249CE60B4B9C39 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys

12:57:38.0133 5004 btmaux - ok

12:57:38.0179 5004 [ 0B1CC2221DC5990E4557A78CE9AFAD4F ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys

12:57:38.0185 5004 btmhsf - ok

12:57:38.0227 5004 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

12:57:38.0228 5004 cdfs - ok

12:57:38.0338 5004 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

12:57:38.0342 5004 cdrom - ok

12:57:38.0472 5004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

12:57:38.0483 5004 CertPropSvc - ok

12:57:38.0594 5004 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\windows\system32\drivers\cfwids.sys

12:57:38.0596 5004 cfwids - ok

12:57:38.0709 5004 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

12:57:38.0719 5004 circlass - ok

12:57:38.0800 5004 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

12:57:38.0811 5004 CLFS - ok

12:57:38.0994 5004 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:57:39.0007 5004 clr_optimization_v2.0.50727_32 - ok

12:57:39.0129 5004 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:57:39.0161 5004 clr_optimization_v2.0.50727_64 - ok

12:57:39.0247 5004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:57:39.0347 5004 clr_optimization_v4.0.30319_32 - ok

12:57:39.0374 5004 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:57:39.0427 5004 clr_optimization_v4.0.30319_64 - ok

12:57:39.0452 5004 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

12:57:39.0453 5004 CmBatt - ok

12:57:39.0476 5004 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

12:57:39.0478 5004 cmdide - ok

12:57:39.0512 5004 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

12:57:39.0522 5004 CNG - ok

12:57:39.0575 5004 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

12:57:39.0578 5004 Compbatt - ok

12:57:39.0622 5004 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

12:57:39.0623 5004 CompositeBus - ok

12:57:39.0642 5004 COMSysApp - ok

12:57:39.0676 5004 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

12:57:39.0685 5004 crcdisk - ok

12:57:39.0738 5004 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll

12:57:39.0742 5004 CryptSvc - ok

12:57:39.0823 5004 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys

12:57:39.0826 5004 CtClsFlt - ok

12:57:39.0884 5004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

12:57:39.0889 5004 DcomLaunch - ok

12:57:39.0919 5004 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

12:57:39.0923 5004 defragsvc - ok

12:57:39.0967 5004 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

12:57:39.0969 5004 DfsC - ok

12:57:40.0015 5004 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

12:57:40.0035 5004 Dhcp - ok

12:57:40.0083 5004 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

12:57:40.0084 5004 discache - ok

12:57:40.0135 5004 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

12:57:40.0137 5004 Disk - ok

12:57:40.0163 5004 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

12:57:40.0175 5004 Dnscache - ok

12:57:40.0198 5004 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

12:57:40.0206 5004 dot3svc - ok

12:57:40.0237 5004 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

12:57:40.0241 5004 DPS - ok

12:57:40.0305 5004 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

12:57:40.0318 5004 drmkaud - ok

12:57:40.0366 5004 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

12:57:40.0379 5004 DXGKrnl - ok

12:57:40.0422 5004 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

12:57:40.0437 5004 EapHost - ok

12:57:40.0570 5004 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

12:57:40.0649 5004 ebdrv - ok

12:57:40.0684 5004 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

12:57:40.0685 5004 EFS - ok

12:57:40.0776 5004 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

12:57:40.0787 5004 ehRecvr - ok

12:57:40.0793 5004 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

12:57:40.0796 5004 ehSched - ok

12:57:40.0854 5004 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

12:57:40.0859 5004 elxstor - ok

12:57:40.0861 5004 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

12:57:40.0862 5004 ErrDev - ok

12:57:40.0934 5004 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

12:57:40.0937 5004 EventSystem - ok

12:57:41.0046 5004 [ B20A788579E443F768AAB1A24F705D0A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

12:57:41.0069 5004 EvtEng - ok

12:57:41.0093 5004 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

12:57:41.0095 5004 exfat - ok

12:57:41.0133 5004 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

12:57:41.0137 5004 fastfat - ok

12:57:41.0193 5004 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

12:57:41.0204 5004 Fax - ok

12:57:41.0231 5004 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

12:57:41.0232 5004 fdc - ok

12:57:41.0252 5004 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

12:57:41.0253 5004 fdPHost - ok

12:57:41.0278 5004 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

12:57:41.0281 5004 FDResPub - ok

12:57:41.0323 5004 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

12:57:41.0326 5004 FileInfo - ok

12:57:41.0334 5004 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

12:57:41.0336 5004 Filetrace - ok

12:57:41.0377 5004 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

12:57:41.0379 5004 flpydisk - ok

12:57:41.0425 5004 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

12:57:41.0426 5004 FltMgr - ok

12:57:41.0544 5004 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

12:57:41.0556 5004 FontCache - ok

12:57:41.0623 5004 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:57:41.0631 5004 FontCache3.0.0.0 - ok

12:57:41.0651 5004 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

12:57:41.0654 5004 FsDepends - ok

12:57:41.0683 5004 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

12:57:41.0689 5004 Fs_Rec - ok

12:57:41.0714 5004 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

12:57:41.0723 5004 fvevol - ok

12:57:41.0736 5004 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

12:57:41.0746 5004 gagp30kx - ok

12:57:41.0795 5004 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

12:57:41.0801 5004 GamesAppService - ok

12:57:41.0844 5004 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

12:57:41.0848 5004 gpsvc - ok

12:57:41.0868 5004 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

12:57:41.0883 5004 hcw85cir - ok

12:57:41.0914 5004 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

12:57:41.0914 5004 HdAudAddService - ok

12:57:41.0946 5004 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

12:57:41.0946 5004 HDAudBus - ok

12:57:41.0961 5004 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

12:57:41.0961 5004 HidBatt - ok

12:57:41.0977 5004 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

12:57:41.0977 5004 HidBth - ok

12:57:41.0992 5004 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

12:57:41.0992 5004 HidIr - ok

12:57:42.0008 5004 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

12:57:42.0008 5004 hidserv - ok

12:57:42.0055 5004 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

12:57:42.0055 5004 HidUsb - ok

12:57:42.0086 5004 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

12:57:42.0102 5004 hkmsvc - ok

12:57:42.0133 5004 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

12:57:42.0148 5004 HomeGroupListener - ok

12:57:42.0211 5004 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

12:57:42.0226 5004 HomeGroupProvider - ok

12:57:42.0242 5004 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

12:57:42.0258 5004 HpSAMD - ok

12:57:42.0304 5004 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

12:57:42.0320 5004 HTTP - ok

12:57:42.0351 5004 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

12:57:42.0367 5004 hwpolicy - ok

12:57:42.0414 5004 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

12:57:42.0414 5004 i8042prt - ok

12:57:42.0570 5004 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

12:57:42.0570 5004 iaStor - ok

12:57:42.0632 5004 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

12:57:42.0632 5004 IAStorDataMgrSvc - ok

12:57:42.0694 5004 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

12:57:42.0694 5004 iaStorV - ok

12:57:42.0757 5004 [ 8A4EC1C3F10385181B1066120C610AE5 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys

12:57:42.0757 5004 iBtFltCoex - ok

12:57:42.0835 5004 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:57:42.0850 5004 idsvc - ok

12:57:44.0301 5004 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

12:57:44.0348 5004 igfx - ok

12:57:44.0379 5004 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

12:57:44.0395 5004 iirsp - ok

12:57:44.0426 5004 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

12:57:44.0442 5004 IKEEXT - ok

12:57:44.0504 5004 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys

12:57:44.0504 5004 intaud_WaveExtensible - ok

12:57:44.0566 5004 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

12:57:44.0566 5004 IntcDAud - ok

12:57:44.0582 5004 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

12:57:44.0598 5004 intelide - ok

12:57:44.0629 5004 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

12:57:44.0629 5004 intelppm - ok

12:57:44.0691 5004 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

12:57:44.0691 5004 IPBusEnum - ok

12:57:44.0738 5004 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

12:57:44.0738 5004 IpFilterDriver - ok

12:57:44.0754 5004 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

12:57:44.0754 5004 iphlpsvc - ok

12:57:44.0754 5004 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

12:57:44.0785 5004 IPMIDRV - ok

12:57:44.0816 5004 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

12:57:44.0816 5004 IPNAT - ok

12:57:44.0863 5004 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

12:57:44.0878 5004 IRENUM - ok

12:57:44.0878 5004 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

12:57:44.0878 5004 isapnp - ok

12:57:44.0910 5004 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

12:57:44.0910 5004 iScsiPrt - ok

12:57:44.0956 5004 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys

12:57:44.0956 5004 iwdbus - ok

12:57:44.0988 5004 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

12:57:44.0988 5004 kbdclass - ok

12:57:45.0019 5004 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

12:57:45.0034 5004 kbdhid - ok

12:57:45.0066 5004 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

12:57:45.0066 5004 KeyIso - ok

12:57:45.0112 5004 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

12:57:45.0128 5004 KSecDD - ok

12:57:45.0144 5004 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

12:57:45.0159 5004 KSecPkg - ok

12:57:45.0175 5004 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

12:57:45.0175 5004 ksthunk - ok

12:57:45.0253 5004 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

12:57:45.0268 5004 KtmRm - ok

12:57:45.0346 5004 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

12:57:45.0362 5004 LanmanServer - ok

12:57:45.0393 5004 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

12:57:45.0393 5004 LanmanWorkstation - ok

12:57:45.0424 5004 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

12:57:45.0440 5004 lltdio - ok

12:57:45.0456 5004 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

12:57:45.0471 5004 lltdsvc - ok

12:57:45.0487 5004 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

12:57:45.0502 5004 lmhosts - ok

12:57:45.0565 5004 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:57:45.0580 5004 LMS - ok

12:57:45.0627 5004 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

12:57:45.0627 5004 LSI_FC - ok

12:57:45.0658 5004 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

12:57:45.0658 5004 LSI_SAS - ok

12:57:45.0674 5004 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

12:57:45.0674 5004 LSI_SAS2 - ok

12:57:45.0705 5004 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

12:57:45.0705 5004 LSI_SCSI - ok

12:57:45.0721 5004 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

12:57:45.0721 5004 luafv - ok

12:57:45.0752 5004 MBAMProtector - ok

12:57:45.0799 5004 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:57:45.0814 5004 MBAMService - ok

12:57:45.0924 5004 [ B6BD99C3E23507A732C474CAA620C0D7 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe

12:57:45.0939 5004 McAWFwk - ok

12:57:46.0048 5004 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:57:46.0048 5004 McMPFSvc - ok

12:57:46.0080 5004 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:57:46.0080 5004 mcmscsvc - ok

12:57:46.0095 5004 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:57:46.0095 5004 McNaiAnn - ok

12:57:46.0126 5004 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:57:46.0126 5004 McNASvc - ok

12:57:46.0298 5004 [ DD2321925274F2902929D76CE2B0EB45 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe

12:57:46.0329 5004 McODS - ok

12:57:46.0329 5004 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:57:46.0345 5004 McOobeSv - ok

12:57:46.0360 5004 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

12:57:46.0360 5004 McProxy - ok

12:57:46.0423 5004 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

12:57:46.0423 5004 McShield - ok

12:57:46.0485 5004 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

12:57:46.0516 5004 Mcx2Svc - ok

12:57:46.0548 5004 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

12:57:46.0548 5004 megasas - ok

12:57:46.0626 5004 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

12:57:46.0626 5004 MegaSR - ok

12:57:46.0657 5004 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

12:57:46.0657 5004 MEIx64 - ok

12:57:46.0719 5004 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys

12:57:46.0719 5004 mfeapfk - ok

12:57:46.0766 5004 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys

12:57:46.0766 5004 mfeavfk - ok

12:57:46.0797 5004 mfeavfk01 - ok

12:57:46.0844 5004 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

12:57:46.0860 5004 mfefire - ok

12:57:46.0906 5004 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\windows\system32\drivers\mfefirek.sys

12:57:46.0922 5004 mfefirek - ok

12:57:46.0984 5004 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\windows\system32\drivers\mfehidk.sys

12:57:46.0984 5004 mfehidk - ok

12:57:47.0000 5004 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys

12:57:47.0000 5004 mfenlfk - ok

12:57:47.0031 5004 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\windows\system32\drivers\mferkdet.sys

12:57:47.0047 5004 mferkdet - ok

12:57:47.0109 5004 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe

12:57:47.0109 5004 mfevtp - ok

12:57:47.0156 5004 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys

12:57:47.0156 5004 mfewfpk - ok

12:57:47.0218 5004 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

12:57:47.0234 5004 MMCSS - ok

12:57:47.0250 5004 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

12:57:47.0265 5004 Modem - ok

12:57:47.0281 5004 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

12:57:47.0296 5004 monitor - ok

12:57:47.0312 5004 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

12:57:47.0312 5004 mouclass - ok

12:57:47.0343 5004 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

12:57:47.0343 5004 mouhid - ok

12:57:47.0390 5004 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

12:57:47.0406 5004 mountmgr - ok

12:57:47.0421 5004 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

12:57:47.0421 5004 mpio - ok

12:57:47.0468 5004 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

12:57:47.0468 5004 mpsdrv - ok

12:57:47.0671 5004 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

12:57:47.0686 5004 MpsSvc - ok

12:57:47.0733 5004 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

12:57:47.0733 5004 MRxDAV - ok

12:57:47.0764 5004 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

12:57:47.0780 5004 mrxsmb - ok

12:57:47.0858 5004 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

12:57:47.0858 5004 mrxsmb10 - ok

12:57:47.0889 5004 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

12:57:47.0889 5004 mrxsmb20 - ok

12:57:47.0905 5004 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

12:57:47.0905 5004 msahci - ok

12:57:47.0936 5004 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

12:57:47.0936 5004 msdsm - ok

12:57:47.0952 5004 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

12:57:47.0983 5004 MSDTC - ok

12:57:48.0014 5004 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

12:57:48.0014 5004 Msfs - ok

12:57:48.0014 5004 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

12:57:48.0014 5004 mshidkmdf - ok

12:57:48.0045 5004 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

12:57:48.0045 5004 msisadrv - ok

12:57:48.0061 5004 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

12:57:48.0076 5004 MSiSCSI - ok

12:57:48.0076 5004 msiserver - ok

12:57:48.0092 5004 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:57:48.0092 5004 MSK80Service - ok

12:57:48.0123 5004 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

12:57:48.0123 5004 MSKSSRV - ok

12:57:48.0123 5004 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

12:57:48.0123 5004 MSPCLOCK - ok

12:57:48.0123 5004 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

12:57:48.0123 5004 MSPQM - ok

12:57:48.0170 5004 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

12:57:48.0170 5004 MsRPC - ok

12:57:48.0201 5004 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

12:57:48.0201 5004 mssmbios - ok

12:57:48.0201 5004 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

12:57:48.0201 5004 MSTEE - ok

12:57:48.0217 5004 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

12:57:48.0217 5004 MTConfig - ok

12:57:48.0248 5004 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

12:57:48.0248 5004 Mup - ok

12:57:48.0388 5004 [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

12:57:48.0404 5004 MyWiFiDHCPDNS - ok

12:57:48.0544 5004 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

12:57:48.0560 5004 napagent - ok

12:57:48.0638 5004 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

12:57:48.0638 5004 NativeWifiP - ok

12:57:48.0856 5004 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

12:57:48.0872 5004 NAUpdate - ok

12:57:49.0044 5004 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys

12:57:49.0059 5004 NDIS - ok

12:57:49.0075 5004 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

12:57:49.0075 5004 NdisCap - ok

12:57:49.0106 5004 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

12:57:49.0106 5004 NdisTapi - ok

12:57:49.0137 5004 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

12:57:49.0137 5004 Ndisuio - ok

12:57:49.0184 5004 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

12:57:49.0184 5004 NdisWan - ok

12:57:49.0200 5004 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

12:57:49.0200 5004 NDProxy - ok

12:57:49.0231 5004 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

12:57:49.0231 5004 NetBIOS - ok

12:57:49.0246 5004 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

12:57:49.0262 5004 NetBT - ok

12:57:49.0278 5004 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

12:57:49.0278 5004 Netlogon - ok

12:57:49.0324 5004 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

12:57:49.0324 5004 Netman - ok

12:57:49.0340 5004 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:57:49.0387 5004 NetMsmqActivator - ok

12:57:49.0402 5004 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:57:49.0402 5004 NetPipeActivator - ok

12:57:49.0418 5004 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

12:57:49.0418 5004 netprofm - ok

12:57:49.0434 5004 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:57:49.0434 5004 NetTcpActivator - ok

12:57:49.0434 5004 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:57:49.0434 5004 NetTcpPortSharing - ok

12:57:50.0276 5004 [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys

12:57:50.0307 5004 NETwNs64 - ok

12:57:50.0370 5004 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

12:57:50.0385 5004 nfrd960 - ok

12:57:50.0479 5004 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

12:57:50.0494 5004 NlaSvc - ok

12:57:50.0713 5004 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

12:57:50.0728 5004 NOBU - ok

12:57:50.0744 5004 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

12:57:50.0744 5004 Npfs - ok

12:57:50.0775 5004 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

12:57:50.0791 5004 nsi - ok

12:57:50.0900 5004 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

12:57:50.0900 5004 nsiproxy - ok

12:57:51.0196 5004 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

12:57:51.0228 5004 Ntfs - ok

12:57:51.0274 5004 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

12:57:51.0274 5004 Null - ok

12:57:51.0337 5004 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys

12:57:51.0337 5004 nusb3hub - ok

12:57:51.0368 5004 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys

12:57:51.0368 5004 nusb3xhc - ok

12:57:51.0415 5004 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

12:57:51.0430 5004 nvraid - ok

12:57:51.0508 5004 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

12:57:51.0524 5004 nvstor - ok

12:57:51.0555 5004 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

12:57:51.0571 5004 nv_agp - ok

12:57:51.0586 5004 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

12:57:51.0586 5004 ohci1394 - ok

12:57:51.0618 5004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

12:57:51.0633 5004 p2pimsvc - ok

12:57:51.0727 5004 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

12:57:51.0727 5004 p2psvc - ok

12:57:51.0789 5004 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

12:57:51.0805 5004 Parport - ok

12:57:51.0852 5004 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

12:57:51.0852 5004 partmgr - ok

12:57:51.0898 5004 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

12:57:51.0914 5004 PcaSvc - ok

12:57:51.0945 5004 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

12:57:51.0961 5004 pci - ok

12:57:51.0976 5004 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

12:57:51.0992 5004 pciide - ok

12:57:52.0008 5004 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

12:57:52.0023 5004 pcmcia - ok

12:57:52.0054 5004 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

12:57:52.0054 5004 pcw - ok

12:57:52.0101 5004 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

12:57:52.0101 5004 PEAUTH - ok

12:57:52.0195 5004 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

12:57:52.0195 5004 PerfHost - ok

12:57:52.0288 5004 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

12:57:52.0304 5004 pla - ok

12:57:52.0382 5004 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

12:57:52.0398 5004 PlugPlay - ok

12:57:52.0444 5004 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

12:57:52.0476 5004 PNRPAutoReg - ok

12:57:52.0507 5004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

12:57:52.0507 5004 PNRPsvc - ok

12:57:52.0569 5004 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

12:57:52.0585 5004 PolicyAgent - ok

12:57:52.0616 5004 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll

12:57:52.0616 5004 Power - ok

12:57:52.0694 5004 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

12:57:52.0710 5004 PptpMiniport - ok

12:57:52.0756 5004 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

12:57:52.0772 5004 Processor - ok

12:57:52.0959 5004 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll

12:57:52.0959 5004 ProfSvc - ok

12:57:52.0990 5004 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

12:57:52.0990 5004 ProtectedStorage - ok

12:57:53.0131 5004 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

12:57:53.0146 5004 Psched - ok

12:57:53.0708 5004 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

12:57:53.0895 5004 ql2300 - ok

12:57:54.0067 5004 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

12:57:54.0082 5004 ql40xx - ok

12:57:54.0176 5004 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

12:57:54.0176 5004 QWAVE - ok

12:57:54.0238 5004 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

12:57:54.0238 5004 QWAVEdrv - ok

12:57:54.0270 5004 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

12:57:54.0285 5004 RasAcd - ok

12:57:54.0426 5004 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

12:57:54.0426 5004 RasAgileVpn - ok

12:57:54.0488 5004 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

12:57:54.0519 5004 RasAuto - ok

12:57:54.0582 5004 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

12:57:54.0597 5004 Rasl2tp - ok

12:57:54.0675 5004 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

12:57:54.0753 5004 RasMan - ok

12:57:54.0784 5004 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

12:57:54.0784 5004 RasPppoe - ok

12:57:54.0816 5004 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

12:57:54.0816 5004 RasSstp - ok

12:57:54.0831 5004 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

12:57:54.0847 5004 rdbss - ok

12:57:54.0925 5004 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

12:57:54.0940 5004 rdpbus - ok

12:57:54.0972 5004 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

12:57:54.0972 5004 RDPCDD - ok

12:57:55.0003 5004 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

12:57:55.0003 5004 RDPENCDD - ok

12:57:55.0034 5004 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

12:57:55.0034 5004 RDPREFMP - ok

12:57:55.0096 5004 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

12:57:55.0112 5004 RDPWD - ok

12:57:55.0174 5004 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

12:57:55.0174 5004 rdyboost - ok

12:57:55.0268 5004 [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

12:57:55.0284 5004 RegSrvc - ok

12:57:55.0315 5004 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

12:57:55.0346 5004 RemoteAccess - ok

12:57:55.0362 5004 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

12:57:55.0377 5004 RemoteRegistry - ok

12:57:55.0424 5004 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

12:57:55.0424 5004 RFCOMM - ok

12:57:55.0455 5004 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

12:57:55.0471 5004 RpcEptMapper - ok

12:57:55.0486 5004 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

12:57:55.0486 5004 RpcLocator - ok

12:57:55.0502 5004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

12:57:55.0502 5004 RpcSs - ok

12:57:55.0533 5004 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

12:57:55.0549 5004 rspndr - ok

12:57:55.0596 5004 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

12:57:55.0611 5004 RSUSBSTOR - ok

12:57:55.0658 5004 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

12:57:55.0658 5004 RTL8167 - ok

12:57:55.0658 5004 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

12:57:55.0658 5004 SamSs - ok

12:57:55.0674 5004 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

12:57:55.0674 5004 sbp2port - ok

12:57:55.0736 5004 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

12:57:55.0752 5004 SCardSvr - ok

12:57:55.0767 5004 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

12:57:55.0783 5004 scfilter - ok

12:57:55.0798 5004 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

12:57:55.0814 5004 Schedule - ok

12:57:55.0845 5004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

12:57:55.0845 5004 SCPolicySvc - ok

12:57:55.0908 5004 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

12:57:55.0923 5004 SDRSVC - ok

12:57:55.0970 5004 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

12:57:55.0970 5004 secdrv - ok

12:57:55.0986 5004 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

12:57:56.0001 5004 seclogon - ok

12:57:56.0032 5004 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

12:57:56.0032 5004 SENS - ok

12:57:56.0095 5004 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

12:57:56.0110 5004 SensrSvc - ok

12:57:56.0142 5004 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

12:57:56.0157 5004 Serenum - ok

12:57:56.0173 5004 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

12:57:56.0188 5004 Serial - ok

12:57:56.0204 5004 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

12:57:56.0204 5004 sermouse - ok

12:57:56.0235 5004 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

12:57:56.0251 5004 SessionEnv - ok

12:57:56.0251 5004 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

12:57:56.0266 5004 sffdisk - ok

12:57:56.0266 5004 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

12:57:56.0266 5004 sffp_mmc - ok

12:57:56.0266 5004 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

12:57:56.0266 5004 sffp_sd - ok

12:57:56.0266 5004 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

12:57:56.0266 5004 sfloppy - ok

12:57:56.0469 5004 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

12:57:56.0516 5004 SftService - ok

12:57:56.0578 5004 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

12:57:56.0610 5004 SharedAccess - ok

12:57:56.0703 5004 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

12:57:56.0703 5004 ShellHWDetection - ok

12:57:56.0734 5004 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

12:57:56.0734 5004 SiSRaid2 - ok

12:57:56.0766 5004 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

12:57:56.0766 5004 SiSRaid4 - ok

12:57:56.0766 5004 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

12:57:56.0766 5004 Smb - ok

12:57:56.0812 5004 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

12:57:56.0812 5004 SNMPTRAP - ok

12:57:56.0828 5004 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

12:57:56.0828 5004 spldr - ok

12:57:56.0844 5004 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe

12:57:56.0859 5004 Spooler - ok

12:57:56.0937 5004 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

12:57:56.0968 5004 sppsvc - ok

12:57:57.0000 5004 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

12:57:57.0000 5004 sppuinotify - ok

12:57:57.0046 5004 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

12:57:57.0046 5004 srv - ok

12:57:57.0124 5004 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

12:57:57.0124 5004 srv2 - ok

12:57:57.0140 5004 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

12:57:57.0140 5004 srvnet - ok

12:57:57.0202 5004 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

12:57:57.0202 5004 SSDPSRV - ok

12:57:57.0234 5004 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

12:57:57.0234 5004 SstpSvc - ok

12:57:57.0390 5004 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

12:57:57.0405 5004 STacSV - ok

12:57:57.0452 5004 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

12:57:57.0468 5004 stexstor - ok

12:57:57.0530 5004 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys

12:57:57.0530 5004 STHDA - ok

12:57:57.0592 5004 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

12:57:57.0592 5004 stisvc - ok

12:57:57.0608 5004 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

12:57:57.0608 5004 swenum - ok

12:57:57.0655 5004 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

12:57:57.0670 5004 swprv - ok

12:57:57.0748 5004 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

12:57:57.0764 5004 SysMain - ok

12:57:57.0780 5004 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

12:57:57.0795 5004 TabletInputService - ok

12:57:57.0811 5004 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

12:57:57.0811 5004 TapiSrv - ok

12:57:57.0826 5004 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

12:57:57.0826 5004 TBS - ok

12:57:57.0904 5004 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys

12:57:57.0936 5004 Tcpip - ok

12:57:57.0982 5004 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

12:57:57.0998 5004 TCPIP6 - ok

12:57:58.0045 5004 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

12:57:58.0045 5004 tcpipreg - ok

12:57:58.0060 5004 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

12:57:58.0076 5004 TDPIPE - ok

12:57:58.0107 5004 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

12:57:58.0107 5004 TDTCP - ok

12:57:58.0170 5004 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

12:57:58.0170 5004 tdx - ok

12:57:58.0201 5004 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

12:57:58.0216 5004 TermDD - ok

12:57:58.0357 5004 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

12:57:58.0372 5004 TermService - ok

12:57:58.0388 5004 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

12:57:58.0388 5004 Themes - ok

12:57:58.0435 5004 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

12:57:58.0435 5004 THREADORDER - ok

12:57:58.0513 5004 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

12:57:58.0528 5004 TrkWks - ok

12:57:58.0794 5004 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

12:57:58.0809 5004 TrustedInstaller - ok

12:57:58.0934 5004 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

12:57:58.0950 5004 tssecsrv - ok

12:57:59.0012 5004 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

12:57:59.0511 5004 TsUsbFlt - ok

12:57:59.0542 5004 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

12:57:59.0558 5004 TsUsbGD - ok

12:57:59.0636 5004 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

12:57:59.0636 5004 tunnel - ok

12:57:59.0730 5004 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys

12:57:59.0730 5004 TurboB - ok

12:57:59.0761 5004 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

12:57:59.0792 5004 TurboBoost - ok

12:57:59.0823 5004 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

12:57:59.0839 5004 uagp35 - ok

12:57:59.0917 5004 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

12:57:59.0932 5004 udfs - ok

12:57:59.0979 5004 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

12:58:00.0010 5004 UI0Detect - ok

12:58:00.0088 5004 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

12:58:00.0088 5004 uliagpkx - ok

12:58:00.0120 5004 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

12:58:00.0120 5004 umbus - ok

12:58:00.0182 5004 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

12:58:00.0198 5004 UmPass - ok

12:58:00.0525 5004 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:58:00.0697 5004 UNS - ok

12:58:00.0728 5004 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

12:58:00.0744 5004 upnphost - ok

12:58:00.0775 5004 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

12:58:00.0775 5004 usbccgp - ok

12:58:00.0790 5004 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

12:58:00.0790 5004 usbcir - ok

12:58:00.0822 5004 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

12:58:00.0822 5004 usbehci - ok

12:58:00.0931 5004 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

12:58:00.0931 5004 usbhub - ok

12:58:00.0962 5004 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

12:58:00.0962 5004 usbohci - ok

12:58:00.0993 5004 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys

12:58:01.0009 5004 usbprint - ok

12:58:01.0024 5004 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

12:58:01.0024 5004 USBSTOR - ok

12:58:01.0040 5004 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

12:58:01.0040 5004 usbuhci - ok

12:58:01.0118 5004 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

12:58:01.0118 5004 usbvideo - ok

12:58:01.0149 5004 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

12:58:01.0149 5004 UxSms - ok

12:58:01.0165 5004 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

12:58:01.0165 5004 VaultSvc - ok

12:58:01.0227 5004 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

12:58:01.0227 5004 vdrvroot - ok

12:58:01.0274 5004 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

12:58:01.0305 5004 vds - ok

12:58:01.0336 5004 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

12:58:01.0336 5004 vga - ok

12:58:01.0368 5004 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

12:58:01.0368 5004 VgaSave - ok

12:58:01.0383 5004 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

12:58:01.0399 5004 vhdmp - ok

12:58:01.0399 5004 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

12:58:01.0399 5004 viaide - ok

12:58:01.0414 5004 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

12:58:01.0430 5004 volmgr - ok

12:58:01.0461 5004 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

12:58:01.0477 5004 volmgrx - ok

12:58:01.0539 5004 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

12:58:01.0555 5004 volsnap - ok

12:58:01.0617 5004 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

12:58:01.0633 5004 vsmraid - ok

12:58:01.0695 5004 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

12:58:01.0758 5004 VSS - ok

12:58:01.0804 5004 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

12:58:01.0804 5004 vwifibus - ok

12:58:01.0851 5004 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

12:58:01.0851 5004 vwififlt - ok

12:58:01.0882 5004 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

12:58:01.0882 5004 vwifimp - ok

12:58:01.0976 5004 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

12:58:01.0992 5004 W32Time - ok

12:58:02.0023 5004 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

12:58:02.0038 5004 WacomPen - ok

12:58:02.0085 5004 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

12:58:02.0085 5004 WANARP - ok

12:58:02.0116 5004 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

12:58:02.0116 5004 Wanarpv6 - ok

12:58:02.0319 5004 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

12:58:02.0382 5004 WatAdminSvc - ok

12:58:02.0584 5004 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

12:58:02.0616 5004 wbengine - ok

12:58:02.0662 5004 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

12:58:02.0678 5004 WbioSrvc - ok

12:58:02.0725 5004 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

12:58:02.0740 5004 wcncsvc - ok

12:58:02.0756 5004 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

12:58:02.0787 5004 WcsPlugInService - ok

12:58:02.0834 5004 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

12:58:02.0834 5004 Wd - ok

12:58:02.0865 5004 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

12:58:02.0881 5004 Wdf01000 - ok

12:58:02.0912 5004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

12:58:02.0912 5004 WdiServiceHost - ok

12:58:02.0943 5004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

12:58:02.0943 5004 WdiSystemHost - ok

12:58:02.0990 5004 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

12:58:02.0990 5004 WebClient - ok

12:58:03.0052 5004 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

12:58:03.0068 5004 Wecsvc - ok

12:58:03.0084 5004 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

12:58:03.0099 5004 wercplsupport - ok

12:58:03.0146 5004 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

12:58:03.0146 5004 WerSvc - ok

12:58:03.0177 5004 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

12:58:03.0177 5004 WfpLwf - ok

12:58:03.0255 5004 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys

12:58:03.0271 5004 WimFltr - ok

12:58:03.0286 5004 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

12:58:03.0302 5004 WIMMount - ok

12:58:03.0318 5004 WinDefend - ok

12:58:03.0333 5004 WinHttpAutoProxySvc - ok

12:58:03.0567 5004 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

12:58:03.0583 5004 Winmgmt - ok

12:58:03.0739 5004 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

12:58:03.0754 5004 WinRM - ok

12:58:03.0817 5004 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

12:58:03.0817 5004 WinUsb - ok

12:58:03.0926 5004 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

12:58:03.0957 5004 Wlansvc - ok

12:58:04.0082 5004 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:58:04.0113 5004 wlcrasvc - ok

12:58:04.0394 5004 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:58:04.0394 5004 wlidsvc - ok

12:58:04.0472 5004 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

12:58:04.0472 5004 WmiAcpi - ok

12:58:04.0534 5004 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

12:58:04.0566 5004 wmiApSrv - ok

12:58:04.0612 5004 WMPNetworkSvc - ok

12:58:04.0628 5004 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

12:58:04.0644 5004 WPCSvc - ok

12:58:04.0659 5004 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

12:58:04.0659 5004 WPDBusEnum - ok

12:58:04.0706 5004 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

12:58:04.0706 5004 ws2ifsl - ok

12:58:04.0722 5004 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

12:58:04.0722 5004 wscsvc - ok

12:58:04.0753 5004 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys

12:58:04.0753 5004 WSDPrintDevice - ok

12:58:04.0768 5004 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys

12:58:04.0768 5004 WSDScan - ok

12:58:04.0768 5004 WSearch - ok

12:58:04.0846 5004 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

12:58:04.0878 5004 wuauserv - ok

12:58:04.0893 5004 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys

12:58:04.0893 5004 WudfPf - ok

12:58:04.0924 5004 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

12:58:04.0924 5004 WUDFRd - ok

12:58:04.0956 5004 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

12:58:04.0956 5004 wudfsvc - ok

12:58:05.0002 5004 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

12:58:05.0002 5004 WwanSvc - ok

12:58:05.0049 5004 ================ Scan global ===============================

12:58:05.0096 5004 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

12:58:05.0314 5004 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

12:58:05.0330 5004 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

12:58:05.0346 5004 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

12:58:05.0392 5004 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

12:58:05.0392 5004 [Global] - ok

12:58:05.0392 5004 ================ Scan MBR ==================================

12:58:05.0408 5004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

12:58:05.0408 5004 Suspicious mbr (Forged): \Device\Harddisk0\DR0

12:58:05.0455 5004 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected

12:58:05.0455 5004 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)

12:58:05.0455 5004 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

12:58:05.0470 5004 \Device\Harddisk1\DR1 - ok

12:58:05.0470 5004 ================ Scan VBR ==================================

12:58:05.0502 5004 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1

12:58:05.0502 5004 \Device\Harddisk0\DR0\Partition1 - ok

12:58:05.0517 5004 [ 2A54B23487CFB982C16606B54CEB95F0 ] \Device\Harddisk0\DR0\Partition2

12:58:05.0517 5004 \Device\Harddisk0\DR0\Partition2 - ok

12:58:05.0533 5004 [ 36B0D8876857F106246C901959649F81 ] \Device\Harddisk1\DR1\Partition1

12:58:05.0533 5004 \Device\Harddisk1\DR1\Partition1 - ok

12:58:05.0533 5004 ============================================================

12:58:05.0533 5004 Scan finished

12:58:05.0533 5004 ============================================================

12:58:05.0533 4972 Detected object count: 1

12:58:05.0533 4972 Actual detected object count: 1

12:59:18.0193 4972 \Device\Harddisk0\DR0\# - copied to quarantine

12:59:18.0200 4972 \Device\Harddisk0\DR0 - copied to quarantine

12:59:18.0380 4972 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

12:59:18.0396 4972 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine

12:59:18.0401 4972 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

12:59:18.0408 4972 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

12:59:18.0413 4972 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

12:59:18.0421 4972 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

12:59:18.0429 4972 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

12:59:18.0433 4972 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

12:59:18.0437 4972 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

12:59:18.0441 4972 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

12:59:18.0527 4972 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

12:59:18.0566 4972 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

12:59:18.0571 4972 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

12:59:18.0593 4972 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

12:59:18.0596 4972 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine

12:59:18.0620 4972 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine

12:59:18.0626 4972 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine

12:59:18.0630 4972 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

12:59:18.0632 4972 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

12:59:18.0681 4972 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine

12:59:18.0814 4972 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

12:59:18.0877 4972 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

12:59:18.0948 4972 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine

12:59:19.0028 4972 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine

12:59:19.0043 4972 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

12:59:19.0634 4972 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

12:59:19.0820 4972 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

12:59:19.0876 4972 \Device\Harddisk0\DR0 - ok

12:59:20.0137 4972 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

13:01:32.0975 3140 Deinitialize success

Link to post
Share on other sites

Trojan warning:TDSS

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

IF you decide to attempt cleaning, then start with the following.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member RobD only. If you are a casual viewer, do NOT try this on your system!

If you are not RobD and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.