TechSpot

PRS for music virus

Solved
By Dan James
Sep 30, 2012
  1. Hi,

    I have a virus, when I turn on my computer the only thing I can see on my screen is a PRS for music message from "the metropolitan police" saying my computer has been locked due to illegally downloading music. Please can someone guide me on how to remove this virus!

    Thanks,

    Dan
     
  2. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    I am really worried as I cannot access anything, if Broni or someone like him is about I'd really appreciate the help!

    A big thankyou to anyone who replies.
     
  3. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Start with this guide: http://www.bleepingcomputer.com/virus-removal/remove-police-central-e-crime-unit-reveton-ransomware

    Let me know how it went.
     
    UNKNOWN9122 likes this.
  4. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    My virus is not the same as this one, the screen looks different and I can't even get onto my computer in safe mode with networking as the screen that says "your computer has been locked" still appears. Shall I take a photo of what the screen looks like?
     
  5. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

  6. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    I found the above picture on the internet and this is what the screen looks like...
     
  7. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    What Windows version is it?
     
  8. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    Windows 7
     
  9. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
    UNKNOWN9122 likes this.
  10. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01
    Ran by SYSTEM at 03-10-2012 20:31:34
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-14] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6486120 2010-09-03] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2120808 2010-09-03] (Realtek Semiconductor)
    HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [283240 2010-08-12] (NVIDIA Corporation)
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-04] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [518640 2010-09-03] ()
    HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [86184 2010-10-08] (Absolute Software)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [jICc7n9BYxBTRVw] C:\Users\Alex Skittery\AppData\Roaming\wsf3CmCT.exe [291687 2012-09-29] ()
    HKU\Alex Skittery\...\Run: [jICc7n9BYxBTRVw] C:\Users\Alex Skittery\AppData\Roaming\wsf3CmCT.exe [291687 2012-09-29] ()
    HKU\Alex Skittery\...\Policies\system: [DisableTaskMgr] 1
    HKU\Alex Skittery\...\Winlogon: [Shell] C:\Users\Alex Skittery\AppData\Roaming\wsf3CmCT.exe [291687 2012-09-29] ()
    Tcpip\Parameters: [DhcpNameServer] 194.74.65.68 194.74.65.69
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll
    Startup: C:\Users\Alex Skittery\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ==================== Services (Whitelisted) ===================
    2 AbsoluteNotifier; "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe" [10408 2010-10-08] (Microsoft)
    2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
    4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
    2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1301088 2012-05-29] (Secunia)
    2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [681056 2012-05-29] (Secunia)
    ==================== Drivers (Whitelisted) =====================
    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
    1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
    0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [367912 2011-11-14] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2011-12-01] (PC Tools)
    0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096688 2011-12-01] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [230952 2012-02-24] (PC Tools)
    2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-09-30 07:17 - 2012-09-30 14:21 - 00000000 ____D C:\29588b5f190039290a92
    2012-09-29 17:07 - 2012-09-29 17:07 - 00291687 ____A C:\Users\Alex Skittery\ms.exe
    2012-09-29 17:07 - 2012-09-29 17:07 - 00291687 ____A C:\Users\Alex Skittery\Application Data\wsf3CmCT.exe
    2012-09-29 17:07 - 2012-09-29 17:07 - 00291687 ____A C:\Users\Alex Skittery\AppData\Roaming\wsf3CmCT.exe
    2012-09-26 02:43 - 2012-09-26 02:44 - 00711432 ____A C:\Windows\Minidump\092612-21793-01.dmp
    2012-09-25 05:16 - 2012-09-25 05:17 - 06135536 ____A C:\Users\Alex Skittery\Downloads\aGUP4870.part
    2012-09-25 04:51 - 2012-09-25 04:58 - 78574576 ____A C:\Users\Alex Skittery\Downloads\Tokyo Police Club - 10x10x10 (2011).rar
    2012-09-25 03:56 - 2012-08-24 05:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-25 03:56 - 2012-08-24 05:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-25 03:56 - 2012-08-24 05:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-25 03:56 - 2012-08-24 05:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-25 03:56 - 2012-08-24 05:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-25 03:56 - 2012-08-24 05:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-25 03:56 - 2012-08-24 05:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-25 03:56 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-25 03:56 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-25 03:56 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-25 03:56 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-25 03:56 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-25 03:56 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-25 03:56 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-25 03:56 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-25 03:55 - 2012-08-24 06:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-25 03:55 - 2012-08-24 05:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-25 03:55 - 2012-08-24 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-25 03:55 - 2012-08-24 05:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-25 03:55 - 2012-08-24 05:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-25 03:55 - 2012-08-24 05:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-25 03:55 - 2012-08-24 05:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-25 03:55 - 2012-08-24 05:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-25 03:55 - 2012-08-24 05:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-25 03:55 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-25 03:55 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-25 03:55 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-25 03:55 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-25 03:55 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-25 03:55 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-25 03:55 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-25 03:55 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-22 14:02 - 2012-09-22 14:02 - 00002172 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2012-09-22 14:02 - 2012-09-22 14:02 - 00002172 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk
    2012-09-22 14:02 - 2012-09-22 14:02 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
    2012-09-22 14:02 - 2012-09-22 14:02 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
    2012-09-22 14:02 - 2012-09-22 14:02 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
    2012-09-20 11:32 - 2012-09-28 15:57 - 00009892 ____A C:\Users\Alex Skittery\Desktop\work.xlsx
    2012-09-12 01:55 - 2012-08-02 12:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-12 01:55 - 2012-08-02 12:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    ==================== 3 Months Modified Files ==================
    2012-10-01 14:18 - 2009-07-14 00:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-30 08:22 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-30 08:22 - 2009-07-13 23:51 - 00064207 ____A C:\Windows\setupact.log
    2012-09-30 07:16 - 2009-07-14 00:10 - 01835738 ____A C:\Windows\WindowsUpdate.log
    2012-09-29 17:07 - 2012-09-29 17:07 - 00291687 ____A C:\Users\Alex Skittery\ms.exe
    2012-09-29 17:07 - 2012-09-29 17:07 - 00291687 ____A C:\Users\Alex Skittery\Application Data\wsf3CmCT.exe
    2012-09-29 17:07 - 2012-09-29 17:07 - 00291687 ____A C:\Users\Alex Skittery\AppData\Roaming\wsf3CmCT.exe
    2012-09-29 17:04 - 2012-06-16 15:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-28 16:07 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-28 16:07 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-28 15:57 - 2012-09-20 11:32 - 00009892 ____A C:\Users\Alex Skittery\Desktop\work.xlsx
    2012-09-26 02:44 - 2012-09-26 02:43 - 00711432 ____A C:\Windows\Minidump\092612-21793-01.dmp
    2012-09-26 02:43 - 2011-12-03 11:17 - 670479582 ____A C:\Windows\MEMORY.DMP
    2012-09-25 05:49 - 2010-12-30 15:34 - 00027974 ____A C:\Windows\PFRO.log
    2012-09-25 05:17 - 2012-09-25 05:16 - 06135536 ____A C:\Users\Alex Skittery\Downloads\aGUP4870.part
    2012-09-25 04:58 - 2012-09-25 04:51 - 78574576 ____A C:\Users\Alex Skittery\Downloads\Tokyo Police Club - 10x10x10 (2011).rar
    2012-09-25 03:57 - 2012-03-20 13:33 - 02084982 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-09-23 08:58 - 2011-01-04 16:16 - 00090112 ____A C:\Users\Alex Skittery\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-23 08:58 - 2011-01-04 16:16 - 00090112 ____A C:\Users\Alex Skittery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-23 08:58 - 2011-01-04 16:16 - 00090112 ____A C:\Users\Alex Skittery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-22 15:04 - 2012-06-16 15:08 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-22 15:04 - 2011-11-29 16:49 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-22 14:02 - 2012-09-22 14:02 - 00002172 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2012-09-22 14:02 - 2012-09-22 14:02 - 00002172 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk
    2012-09-10 14:37 - 2012-07-26 05:02 - 00009473 ____A C:\Users\Alex Skittery\Desktop\job search.xlsx
    2012-08-24 06:15 - 2012-09-25 03:55 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 05:39 - 2012-09-25 03:55 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 05:31 - 2012-09-25 03:55 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 05:22 - 2012-09-25 03:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 05:21 - 2012-09-25 03:55 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 05:20 - 2012-09-25 03:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 05:18 - 2012-09-25 03:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 05:17 - 2012-09-25 03:55 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 05:14 - 2012-09-25 03:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 05:14 - 2012-09-25 03:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 05:13 - 2012-09-25 03:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 05:12 - 2012-09-25 03:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 05:11 - 2012-09-25 03:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 05:10 - 2012-09-25 03:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 05:09 - 2012-09-25 03:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 05:04 - 2012-09-25 03:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-24 02:27 - 2012-09-25 03:55 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-24 02:03 - 2012-09-25 03:55 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-24 01:59 - 2012-09-25 03:55 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-24 01:51 - 2012-09-25 03:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-24 01:51 - 2012-09-25 03:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-24 01:51 - 2012-09-25 03:55 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-24 01:49 - 2012-09-25 03:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-24 01:48 - 2012-09-25 03:55 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-24 01:47 - 2012-09-25 03:56 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-24 01:47 - 2012-09-25 03:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-24 01:47 - 2012-09-25 03:55 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-24 01:45 - 2012-09-25 03:55 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-24 01:44 - 2012-09-25 03:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-24 01:44 - 2012-09-25 03:55 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-24 01:43 - 2012-09-25 03:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-24 01:40 - 2012-09-25 03:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-21 11:33 - 2012-08-21 11:33 - 00285760 ____A C:\Windows\Minidump\082112-32619-01.dmp
    2012-08-18 04:41 - 2009-07-13 23:45 - 00355392 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-02 12:55 - 2012-09-12 01:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 12:05 - 2012-09-12 01:55 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-08-01 08:11 - 2012-08-01 08:11 - 00000165 ___AH C:\Users\Alex Skittery\Desktop\~$job search.xlsx
    2012-07-22 06:26 - 2012-07-22 06:26 - 00691312 ____A C:\Windows\Minidump\072212-20077-01.dmp
    2012-07-18 12:31 - 2012-08-15 11:50 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-13 21:05 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-07 09:22 - 2012-07-07 09:22 - 00703184 ____A C:\Windows\Minidump\070712-25006-01.dmp

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-09-16 13:24:49
    Restore point made on: 2012-09-20 11:48:55
    Restore point made on: 2012-09-24 04:46:01
    Restore point made on: 2012-09-25 03:54:03
    Restore point made on: 2012-09-29 04:20:56
    Restore point made on: 2012-09-30 07:17:00
    ==================== Memory info ===========================
    Percentage of memory in use: 15%
    Total physical RAM: 3828.3 MB
    Available physical RAM: 3224.34 MB
    Total Pagefile: 3826.45 MB
    Available Pagefile: 3208.02 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:424.16 GB) NTFS
    3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 960 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 39 MB
    Partition 3 Primary 581 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 E RECOVERY NTFS Partition 14 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 581 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 960 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 960 MB Healthy
    =========================================================
    Last Boot: 2012-09-26 07:49
    ==================== End Of Log =============================
     
  11. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    Farbar Recovery Scan Tool (x64) Version: 02-10-2012 01
    Ran by SYSTEM at 2012-10-03 20:33:51
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\ERDNT\cache64\services.exe
    [2012-06-14 03:47] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally and let me know if the computer behaves better.

    If so....
    .
    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  13. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2012 01
    Ran by SYSTEM at 2012-10-04 16:30:22 Run:2
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\jICc7n9BYxBTRVw Value deleted successfully.
    C:\Users\Alex Skittery\AppData\Roaming\wsf3CmCT.exe moved successfully.
    HKEY_USERS\Alex Skittery\Software\Microsoft\Windows\CurrentVersion\Run\\jICc7n9BYxBTRVw Value deleted successfully.
    HKEY_USERS\Alex Skittery\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully.
    HKEY_USERS\Alex Skittery\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
    ==== End of Fixlog ====
     
  14. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    It seems to be working normally at this point!
     
  15. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    16:48:13.0745 6284 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    16:48:15.0745 6284 ============================================================
    16:48:15.0745 6284 Current date / time: 2012/10/04 16:48:15.0745
    16:48:15.0745 6284 SystemInfo:
    16:48:15.0745 6284
    16:48:15.0745 6284 OS Version: 6.1.7600 ServicePack: 0.0
    16:48:15.0745 6284 Product type: Workstation
    16:48:15.0745 6284 ComputerName: DM-LAPTOP
    16:48:15.0745 6284 UserName: Alex Skittery
    16:48:15.0745 6284 Windows directory: C:\Windows
    16:48:15.0745 6284 System windows directory: C:\Windows
    16:48:15.0745 6284 Running under WOW64
    16:48:15.0745 6284 Processor architecture: Intel x64
    16:48:15.0745 6284 Number of processors: 4
    16:48:15.0745 6284 Page size: 0x1000
    16:48:15.0745 6284 Boot type: Normal boot
    16:48:15.0745 6284 ============================================================
    16:48:17.0005 6284 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:48:17.0015 6284 ============================================================
    16:48:17.0015 6284 \Device\Harddisk0\DR0:
    16:48:17.0015 6284 MBR partitions:
    16:48:17.0015 6284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
    16:48:17.0015 6284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x48AF80EB
    16:48:17.0015 6284 ============================================================
    16:48:17.0055 6284 C: <-> \Device\Harddisk0\DR0\Partition2
    16:48:17.0055 6284 ============================================================
    16:48:17.0055 6284 Initialize success
    16:48:17.0055 6284 ============================================================
    16:48:18.0615 4580 ============================================================
    16:48:18.0615 4580 Scan started
    16:48:18.0615 4580 Mode: Manual;
    16:48:18.0615 4580 ============================================================
    16:48:18.0925 4580 ================ Scan system memory ========================
    16:48:18.0925 4580 System memory - ok
    16:48:18.0925 4580 ================ Scan services =============================
    16:48:19.0175 4580 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    16:48:19.0185 4580 1394ohci - ok
    16:48:19.0325 4580 [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    16:48:19.0335 4580 AbsoluteNotifier - ok
    16:48:19.0375 4580 [ 7A505465BBB1EB8B5AD4D76E8749383B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
    16:48:19.0375 4580 Acceler - ok
    16:48:19.0435 4580 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    16:48:19.0445 4580 ACPI - ok
    16:48:19.0495 4580 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    16:48:19.0495 4580 AcpiPmi - ok
    16:48:19.0665 4580 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:48:19.0665 4580 AdobeFlashPlayerUpdateSvc - ok
    16:48:19.0725 4580 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    16:48:19.0725 4580 adp94xx - ok
    16:48:19.0755 4580 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    16:48:19.0765 4580 adpahci - ok
    16:48:19.0796 4580 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    16:48:19.0796 4580 adpu320 - ok
    16:48:19.0836 4580 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:48:19.0836 4580 AeLookupSvc - ok
    16:48:19.0946 4580 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    16:48:19.0946 4580 AERTFilters - ok
    16:48:20.0006 4580 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    16:48:20.0016 4580 AFD - ok
    16:48:20.0096 4580 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    16:48:20.0096 4580 agp440 - ok
    16:48:20.0136 4580 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    16:48:20.0136 4580 ALG - ok
    16:48:20.0206 4580 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    16:48:20.0206 4580 aliide - ok
    16:48:20.0246 4580 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    16:48:20.0246 4580 amdide - ok
    16:48:20.0306 4580 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    16:48:20.0306 4580 AmdK8 - ok
    16:48:20.0326 4580 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    16:48:20.0336 4580 AmdPPM - ok
    16:48:20.0396 4580 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    16:48:20.0396 4580 amdsata - ok
    16:48:20.0436 4580 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    16:48:20.0436 4580 amdsbs - ok
    16:48:20.0466 4580 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    16:48:20.0466 4580 amdxata - ok
    16:48:20.0516 4580 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    16:48:20.0516 4580 AppID - ok
    16:48:20.0566 4580 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    16:48:20.0566 4580 AppIDSvc - ok
    16:48:20.0576 4580 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    16:48:20.0576 4580 Appinfo - ok
    16:48:20.0716 4580 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:48:20.0726 4580 Apple Mobile Device - ok
    16:48:20.0776 4580 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    16:48:20.0786 4580 arc - ok
    16:48:20.0786 4580 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    16:48:20.0786 4580 arcsas - ok
    16:48:20.0826 4580 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:48:20.0826 4580 AsyncMac - ok
    16:48:20.0886 4580 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    16:48:20.0886 4580 atapi - ok
    16:48:20.0946 4580 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:48:20.0956 4580 AudioEndpointBuilder - ok
    16:48:20.0966 4580 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    16:48:20.0976 4580 AudioSrv - ok
    16:48:21.0026 4580 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    16:48:21.0026 4580 AxInstSV - ok
    16:48:21.0136 4580 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    16:48:21.0136 4580 b06bdrv - ok
    16:48:21.0166 4580 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:48:21.0176 4580 b57nd60a - ok
    16:48:21.0346 4580 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
    16:48:21.0346 4580 BBSvc - ok
    16:48:21.0436 4580 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    16:48:21.0436 4580 BBUpdate - ok
    16:48:21.0456 4580 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    16:48:21.0456 4580 BDESVC - ok
    16:48:21.0486 4580 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:48:21.0486 4580 Beep - ok
    16:48:21.0586 4580 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    16:48:21.0596 4580 BFE - ok
    16:48:21.0656 4580 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
    16:48:21.0666 4580 BITS - ok
    16:48:21.0716 4580 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    16:48:21.0716 4580 blbdrive - ok
    16:48:21.0806 4580 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:48:21.0816 4580 Bonjour Service - ok
    16:48:21.0866 4580 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:48:21.0866 4580 bowser - ok
    16:48:21.0906 4580 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:48:21.0916 4580 BrFiltLo - ok
    16:48:21.0936 4580 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:48:21.0936 4580 BrFiltUp - ok
    16:48:21.0966 4580 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    16:48:21.0966 4580 BridgeMP - ok
    16:48:22.0056 4580 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    16:48:22.0066 4580 Browser - ok
    16:48:22.0096 4580 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    16:48:22.0106 4580 Brserid - ok
    16:48:22.0136 4580 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    16:48:22.0136 4580 BrSerWdm - ok
    16:48:22.0176 4580 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:48:22.0176 4580 BrUsbMdm - ok
    16:48:22.0186 4580 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    16:48:22.0186 4580 BrUsbSer - ok
    16:48:22.0226 4580 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    16:48:22.0226 4580 BTHMODEM - ok
    16:48:22.0276 4580 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    16:48:22.0276 4580 bthserv - ok
    16:48:22.0316 4580 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:48:22.0316 4580 cdfs - ok
    16:48:22.0366 4580 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:48:22.0376 4580 cdrom - ok
    16:48:22.0416 4580 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    16:48:22.0426 4580 CertPropSvc - ok
    16:48:22.0476 4580 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
    16:48:22.0476 4580 cfwids - ok
    16:48:22.0536 4580 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    16:48:22.0546 4580 circlass - ok
    16:48:22.0606 4580 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    16:48:22.0616 4580 CLFS - ok
    16:48:22.0756 4580 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:48:22.0756 4580 clr_optimization_v2.0.50727_32 - ok
    16:48:22.0876 4580 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:48:22.0876 4580 clr_optimization_v2.0.50727_64 - ok
    16:48:22.0986 4580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:48:22.0986 4580 clr_optimization_v4.0.30319_32 - ok
    16:48:23.0026 4580 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:48:23.0026 4580 clr_optimization_v4.0.30319_64 - ok
    16:48:23.0086 4580 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    16:48:23.0086 4580 CmBatt - ok
    16:48:23.0136 4580 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    16:48:23.0136 4580 cmdide - ok
    16:48:23.0186 4580 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    16:48:23.0196 4580 CNG - ok
    16:48:23.0276 4580 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    16:48:23.0276 4580 Compbatt - ok
    16:48:23.0316 4580 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    16:48:23.0326 4580 CompositeBus - ok
    16:48:23.0336 4580 COMSysApp - ok
    16:48:23.0366 4580 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    16:48:23.0366 4580 crcdisk - ok
    16:48:23.0426 4580 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:48:23.0426 4580 CryptSvc - ok
    16:48:23.0516 4580 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
    16:48:23.0526 4580 CtClsFlt - ok
    16:48:23.0576 4580 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:48:23.0586 4580 DcomLaunch - ok
    16:48:23.0646 4580 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    16:48:23.0646 4580 defragsvc - ok
    16:48:23.0726 4580 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:48:23.0726 4580 DfsC - ok
    16:48:23.0776 4580 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    16:48:23.0776 4580 Dhcp - ok
    16:48:23.0786 4580 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    16:48:23.0796 4580 discache - ok
    16:48:23.0876 4580 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    16:48:23.0876 4580 Disk - ok
    16:48:23.0926 4580 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:48:23.0926 4580 Dnscache - ok
    16:48:24.0056 4580 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    16:48:24.0056 4580 DockLoginService - ok
    16:48:24.0096 4580 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    16:48:24.0106 4580 dot3svc - ok
    16:48:24.0156 4580 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    16:48:24.0156 4580 DPS - ok
    16:48:24.0216 4580 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:48:24.0216 4580 drmkaud - ok
    16:48:24.0306 4580 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:48:24.0316 4580 DXGKrnl - ok
    16:48:24.0366 4580 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    16:48:24.0366 4580 EapHost - ok
    16:48:24.0456 4580 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    16:48:24.0496 4580 ebdrv - ok
    16:48:24.0546 4580 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    16:48:24.0546 4580 EFS - ok
    16:48:24.0666 4580 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:48:24.0676 4580 ehRecvr - ok
    16:48:24.0716 4580 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    16:48:24.0716 4580 ehSched - ok
    16:48:24.0786 4580 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    16:48:24.0796 4580 elxstor - ok
    16:48:24.0837 4580 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    16:48:24.0837 4580 ErrDev - ok
    16:48:24.0907 4580 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    16:48:24.0917 4580 EventSystem - ok
    16:48:25.0057 4580 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    16:48:25.0077 4580 EvtEng - ok
    16:48:25.0137 4580 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    16:48:25.0137 4580 exfat - ok
    16:48:25.0187 4580 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:48:25.0187 4580 fastfat - ok
    16:48:25.0247 4580 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    16:48:25.0257 4580 Fax - ok
    16:48:25.0277 4580 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    16:48:25.0277 4580 fdc - ok
    16:48:25.0317 4580 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    16:48:25.0317 4580 fdPHost - ok
    16:48:25.0327 4580 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    16:48:25.0327 4580 FDResPub - ok
    16:48:25.0347 4580 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:48:25.0347 4580 FileInfo - ok
    16:48:25.0357 4580 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:48:25.0357 4580 Filetrace - ok
    16:48:25.0417 4580 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    16:48:25.0417 4580 flpydisk - ok
    16:48:25.0467 4580 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:48:25.0467 4580 FltMgr - ok
    16:48:25.0537 4580 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    16:48:25.0557 4580 FontCache - ok
    16:48:25.0647 4580 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:48:25.0657 4580 FontCache3.0.0.0 - ok
    16:48:25.0687 4580 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    16:48:25.0687 4580 FsDepends - ok
    16:48:25.0737 4580 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:48:25.0737 4580 Fs_Rec - ok
    16:48:25.0797 4580 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    16:48:25.0797 4580 fvevol - ok
    16:48:25.0868 4580 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:48:25.0868 4580 gagp30kx - ok
    16:48:25.0918 4580 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:48:25.0918 4580 GEARAspiWDM - ok
    16:48:25.0998 4580 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    16:48:26.0008 4580 gpsvc - ok
    16:48:26.0068 4580 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:48:26.0068 4580 gusvc - ok
    16:48:26.0118 4580 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    16:48:26.0128 4580 hcw85cir - ok
    16:48:26.0158 4580 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:48:26.0168 4580 HDAudBus - ok
    16:48:26.0218 4580 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    16:48:26.0218 4580 HECIx64 - ok
    16:48:26.0278 4580 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    16:48:26.0278 4580 HidBatt - ok
    16:48:26.0318 4580 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    16:48:26.0318 4580 HidBth - ok
    16:48:26.0368 4580 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    16:48:26.0368 4580 HidIr - ok
    16:48:26.0388 4580 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    16:48:26.0388 4580 hidserv - ok
    16:48:26.0428 4580 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:48:26.0438 4580 HidUsb - ok
    16:48:26.0478 4580 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:48:26.0478 4580 hkmsvc - ok
    16:48:26.0528 4580 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:48:26.0528 4580 HomeGroupListener - ok
    16:48:26.0568 4580 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:48:26.0578 4580 HomeGroupProvider - ok
    16:48:26.0618 4580 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    16:48:26.0618 4580 HpSAMD - ok
    16:48:26.0688 4580 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:48:26.0698 4580 HTTP - ok
    16:48:26.0718 4580 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:48:26.0718 4580 hwpolicy - ok
    16:48:26.0818 4580 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    16:48:26.0828 4580 i8042prt - ok
    16:48:26.0858 4580 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    16:48:26.0858 4580 iaStor - ok
    16:48:26.0978 4580 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    16:48:26.0978 4580 IAStorDataMgrSvc - ok
    16:48:27.0018 4580 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:48:27.0018 4580 iaStorV - ok
    16:48:27.0088 4580 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:48:27.0108 4580 idsvc - ok
    16:48:27.0368 4580 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    16:48:27.0468 4580 igfx - ok
    16:48:27.0528 4580 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    16:48:27.0528 4580 iirsp - ok
    16:48:27.0608 4580 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    16:48:27.0618 4580 IKEEXT - ok
    16:48:27.0678 4580 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    16:48:27.0688 4580 Impcd - ok
    16:48:27.0788 4580 [ 491DADCC74327FABC85E0AB80AF8F204 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    16:48:27.0798 4580 IntcAzAudAddService - ok
    16:48:27.0838 4580 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    16:48:27.0848 4580 IntcDAud - ok
    16:48:27.0888 4580 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    16:48:27.0888 4580 intelide - ok
    16:48:27.0908 4580 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    16:48:27.0908 4580 intelppm - ok
    16:48:27.0918 4580 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:48:27.0928 4580 IPBusEnum - ok
    16:48:27.0968 4580 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:48:27.0968 4580 IpFilterDriver - ok
    16:48:27.0998 4580 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    16:48:28.0008 4580 iphlpsvc - ok
    16:48:28.0028 4580 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    16:48:28.0028 4580 IPMIDRV - ok
    16:48:28.0058 4580 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:48:28.0068 4580 IPNAT - ok
    16:48:28.0158 4580 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:48:28.0178 4580 iPod Service - ok
    16:48:28.0208 4580 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:48:28.0208 4580 IRENUM - ok
    16:48:28.0228 4580 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    16:48:28.0228 4580 isapnp - ok
    16:48:28.0268 4580 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    16:48:28.0268 4580 iScsiPrt - ok
    16:48:28.0318 4580 [ 08ED99A8271CF0B808C595D88ECEE779 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
    16:48:28.0318 4580 JMCR - ok
    16:48:28.0358 4580 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:48:28.0358 4580 kbdclass - ok
    16:48:28.0408 4580 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    16:48:28.0408 4580 kbdhid - ok
    16:48:28.0448 4580 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    16:48:28.0448 4580 KeyIso - ok
    16:48:28.0488 4580 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:48:28.0488 4580 KSecDD - ok
    16:48:28.0508 4580 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:48:28.0508 4580 KSecPkg - ok
    16:48:28.0518 4580 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    16:48:28.0518 4580 ksthunk - ok
    16:48:28.0568 4580 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:48:28.0568 4580 KtmRm - ok
    16:48:28.0608 4580 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
    16:48:28.0618 4580 LanmanServer - ok
    16:48:28.0678 4580 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:48:28.0678 4580 LanmanWorkstation - ok
    16:48:28.0718 4580 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:48:28.0718 4580 lltdio - ok
    16:48:28.0788 4580 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:48:28.0788 4580 lltdsvc - ok
    16:48:28.0808 4580 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:48:28.0808 4580 lmhosts - ok
    16:48:28.0918 4580 [ 23D990150D56B670A62B21B9ABDD45EE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    16:48:28.0918 4580 LMS - ok
    16:48:28.0958 4580 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:48:28.0968 4580 LSI_FC - ok
    16:48:28.0978 4580 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:48:28.0988 4580 LSI_SAS - ok
    16:48:28.0998 4580 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:48:28.0998 4580 LSI_SAS2 - ok
    16:48:29.0038 4580 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:48:29.0048 4580 LSI_SCSI - ok
    16:48:29.0068 4580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    16:48:29.0068 4580 luafv - ok
    16:48:29.0218 4580 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:48:29.0218 4580 McAfee SiteAdvisor Service - ok
    16:48:29.0368 4580 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
    16:48:29.0378 4580 McComponentHostService - ok
    16:48:29.0398 4580 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:48:29.0398 4580 McMPFSvc - ok
    16:48:29.0438 4580 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    16:48:29.0438 4580 mcmscsvc - ok
    16:48:29.0448 4580 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    16:48:29.0448 4580 McNaiAnn - ok
    16:48:29.0478 4580 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    16:48:29.0478 4580 McNASvc - ok
    16:48:29.0548 4580 [ DD01BF24DD6BF70A90549F9A7BB2D1EB ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
    16:48:29.0558 4580 McODS - ok
    16:48:29.0568 4580 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    16:48:29.0568 4580 McOobeSv - ok
    16:48:29.0578 4580 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    16:48:29.0578 4580 McProxy - ok
    16:48:29.0688 4580 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    16:48:29.0688 4580 McShield - ok
    16:48:29.0738 4580 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:48:29.0738 4580 Mcx2Svc - ok
    16:48:29.0758 4580 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    16:48:29.0758 4580 megasas - ok
    16:48:29.0788 4580 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    16:48:29.0798 4580 MegaSR - ok
    16:48:29.0848 4580 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    16:48:29.0848 4580 mfeapfk - ok
    16:48:29.0888 4580 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    16:48:29.0888 4580 mfeavfk - ok
    16:48:29.0938 4580 mfeavfk01 - ok
    16:48:29.0968 4580 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    16:48:29.0968 4580 mfefire - ok
    16:48:30.0038 4580 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    16:48:30.0038 4580 mfefirek - ok
    16:48:30.0078 4580 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    16:48:30.0078 4580 mfehidk - ok
    16:48:30.0108 4580 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
    16:48:30.0118 4580 mfenlfk - ok
    16:48:30.0198 4580 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    16:48:30.0198 4580 mferkdet - ok
    16:48:30.0218 4580 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    16:48:30.0228 4580 mfevtp - ok
    16:48:30.0268 4580 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    16:48:30.0268 4580 mfewfpk - ok
    16:48:30.0328 4580 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    16:48:30.0328 4580 MMCSS - ok
    16:48:30.0348 4580 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    16:48:30.0348 4580 Modem - ok
    16:48:30.0388 4580 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:48:30.0388 4580 monitor - ok
    16:48:30.0428 4580 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:48:30.0428 4580 mouclass - ok
    16:48:30.0488 4580 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:48:30.0488 4580 mouhid - ok
    16:48:30.0538 4580 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:48:30.0538 4580 mountmgr - ok
    16:48:30.0628 4580 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:48:30.0628 4580 MozillaMaintenance - ok
    16:48:30.0678 4580 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    16:48:30.0678 4580 MpFilter - ok
    16:48:30.0748 4580 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    16:48:30.0758 4580 mpio - ok
    16:48:30.0768 4580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:48:30.0778 4580 mpsdrv - ok
    16:48:30.0818 4580 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    16:48:30.0829 4580 MpsSvc - ok
    16:48:30.0849 4580 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:48:30.0849 4580 MRxDAV - ok
    16:48:30.0899 4580 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:48:30.0909 4580 mrxsmb - ok
    16:48:30.0959 4580 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:48:30.0969 4580 mrxsmb10 - ok
    16:48:31.0019 4580 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:48:31.0019 4580 mrxsmb20 - ok
    16:48:31.0069 4580 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    16:48:31.0079 4580 msahci - ok
    16:48:31.0099 4580 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    16:48:31.0099 4580 msdsm - ok
    16:48:31.0109 4580 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    16:48:31.0119 4580 MSDTC - ok
    16:48:31.0149 4580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:48:31.0159 4580 Msfs - ok
    16:48:31.0199 4580 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:48:31.0199 4580 mshidkmdf - ok
    16:48:31.0239 4580 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    16:48:31.0239 4580 msisadrv - ok
    16:48:31.0279 4580 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:48:31.0289 4580 MSiSCSI - ok
    16:48:31.0289 4580 msiserver - ok
    16:48:31.0339 4580 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
     
  16. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    16:48:31.0339 4580 MSKSSRV - ok
    16:48:31.0449 4580 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    16:48:31.0449 4580 MsMpSvc - ok
    16:48:31.0469 4580 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:48:31.0469 4580 MSPCLOCK - ok
    16:48:31.0499 4580 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:48:31.0499 4580 MSPQM - ok
    16:48:31.0579 4580 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:48:31.0589 4580 MsRPC - ok
    16:48:31.0609 4580 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    16:48:31.0609 4580 mssmbios - ok
    16:48:31.0619 4580 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:48:31.0619 4580 MSTEE - ok
    16:48:31.0649 4580 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    16:48:31.0659 4580 MTConfig - ok
    16:48:31.0689 4580 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:48:31.0689 4580 Mup - ok
    16:48:31.0739 4580 [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    16:48:31.0749 4580 MyWiFiDHCPDNS - ok
    16:48:31.0809 4580 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    16:48:31.0819 4580 napagent - ok
    16:48:31.0939 4580 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:48:31.0949 4580 NativeWifiP - ok
    16:48:31.0989 4580 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:48:31.0999 4580 NDIS - ok
    16:48:32.0049 4580 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:48:32.0049 4580 NdisCap - ok
    16:48:32.0139 4580 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:48:32.0139 4580 NdisTapi - ok
    16:48:32.0149 4580 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:48:32.0149 4580 Ndisuio - ok
    16:48:32.0169 4580 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:48:32.0179 4580 NdisWan - ok
    16:48:32.0219 4580 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:48:32.0219 4580 NDProxy - ok
    16:48:32.0259 4580 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:48:32.0269 4580 NetBIOS - ok
    16:48:32.0289 4580 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:48:32.0299 4580 NetBT - ok
    16:48:32.0339 4580 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    16:48:32.0339 4580 Netlogon - ok
    16:48:32.0389 4580 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    16:48:32.0399 4580 Netman - ok
    16:48:32.0429 4580 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    16:48:32.0449 4580 netprofm - ok
    16:48:32.0499 4580 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:48:32.0499 4580 NetTcpPortSharing - ok
    16:48:32.0879 4580 [ 18555F48844C2861D9DCE8F2B7223AE5 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
    16:48:32.0949 4580 NETw5s64 - ok
    16:48:32.0989 4580 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    16:48:32.0989 4580 nfrd960 - ok
    16:48:33.0079 4580 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    16:48:33.0089 4580 NisDrv - ok
    16:48:33.0249 4580 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    16:48:33.0259 4580 NisSrv - ok
    16:48:33.0409 4580 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:48:33.0429 4580 NlaSvc - ok
    16:48:33.0489 4580 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:48:33.0499 4580 Npfs - ok
    16:48:33.0549 4580 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:48:33.0599 4580 nsi - ok
    16:48:33.0619 4580 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:48:33.0639 4580 nsiproxy - ok
    16:48:33.0719 4580 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:48:33.0779 4580 Ntfs - ok
    16:48:33.0799 4580 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    16:48:33.0809 4580 Null - ok
    16:48:33.0909 4580 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
    16:48:33.0909 4580 nusb3hub - ok
    16:48:33.0979 4580 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
    16:48:33.0979 4580 nusb3xhc - ok
    16:48:34.0089 4580 [ E20ABD5B229760158F753CA90B97E090 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    16:48:34.0099 4580 NVHDA - ok
    16:48:34.0659 4580 [ 011F0596D167D073E6813AE88E7947A9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    16:48:34.0719 4580 nvlddmkm - ok
    16:48:34.0749 4580 [ 2BCC53E4BA1ACC9B63595C4AE7361AD3 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
    16:48:34.0749 4580 nvpciflt - ok
    16:48:34.0829 4580 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:48:34.0829 4580 nvraid - ok
    16:48:34.0850 4580 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:48:34.0860 4580 nvstor - ok
    16:48:34.0910 4580 [ E72422F9C55078DFA298AC7AA0A87970 ] nvsvc C:\Windows\system32\nvvsvc.exe
    16:48:34.0910 4580 nvsvc - ok
    16:48:35.0050 4580 [ 6DF10645A794878776DC8F5338427388 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    16:48:35.0060 4580 nvUpdatusService - ok
    16:48:35.0110 4580 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    16:48:35.0120 4580 nv_agp - ok
    16:48:35.0250 4580 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:48:35.0260 4580 odserv - ok
    16:48:35.0320 4580 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    16:48:35.0320 4580 ohci1394 - ok
    16:48:35.0380 4580 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:48:35.0380 4580 ose - ok
    16:48:35.0480 4580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:48:35.0490 4580 p2pimsvc - ok
    16:48:35.0520 4580 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:48:35.0520 4580 p2psvc - ok
    16:48:35.0570 4580 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:48:35.0580 4580 Parport - ok
    16:48:35.0640 4580 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:48:35.0640 4580 partmgr - ok
    16:48:35.0650 4580 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:48:35.0660 4580 PcaSvc - ok
    16:48:35.0710 4580 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    16:48:35.0720 4580 pci - ok
    16:48:35.0800 4580 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    16:48:35.0810 4580 pciide - ok
    16:48:35.0830 4580 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:48:35.0840 4580 pcmcia - ok
    16:48:35.0960 4580 [ D48BD0FF27AFB97005B33C9B6D26DA3F ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
    16:48:35.0960 4580 PCTCore - ok
    16:48:36.0070 4580 [ 1335454528ADFA13E1D3C4FA3FDBDC42 ] pctDS C:\Windows\system32\drivers\pctDS64.sys
    16:48:36.0080 4580 pctDS - ok
    16:48:36.0140 4580 [ DF2A2505F17319DADA4B204688CEC0C2 ] pctEFA C:\Windows\system32\drivers\pctEFA64.sys
    16:48:36.0150 4580 pctEFA - ok
    16:48:36.0250 4580 [ 9B7670B21E7FCBE9DA9C4A751F31CCA6 ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys
    16:48:36.0250 4580 PCTSD - ok
    16:48:36.0300 4580 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:48:36.0300 4580 pcw - ok
    16:48:36.0320 4580 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:48:36.0330 4580 PEAUTH - ok
    16:48:36.0450 4580 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:48:36.0450 4580 PerfHost - ok
    16:48:36.0540 4580 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    16:48:36.0560 4580 pla - ok
    16:48:36.0610 4580 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:48:36.0620 4580 PlugPlay - ok
    16:48:36.0630 4580 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:48:36.0640 4580 PNRPAutoReg - ok
    16:48:36.0660 4580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:48:36.0660 4580 PNRPsvc - ok
    16:48:36.0730 4580 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:48:36.0740 4580 PolicyAgent - ok
    16:48:36.0780 4580 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    16:48:36.0790 4580 Power - ok
    16:48:36.0820 4580 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:48:36.0830 4580 PptpMiniport - ok
    16:48:36.0850 4580 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    16:48:36.0850 4580 Processor - ok
    16:48:36.0900 4580 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    16:48:36.0900 4580 ProfSvc - ok
    16:48:36.0920 4580 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:48:36.0920 4580 ProtectedStorage - ok
    16:48:36.0970 4580 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:48:36.0970 4580 Psched - ok
    16:48:37.0050 4580 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
    16:48:37.0050 4580 PSI - ok
    16:48:37.0100 4580 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    16:48:37.0100 4580 PxHlpa64 - ok
    16:48:37.0150 4580 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
    16:48:37.0150 4580 qicflt - ok
    16:48:37.0220 4580 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    16:48:37.0240 4580 ql2300 - ok
    16:48:37.0240 4580 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    16:48:37.0250 4580 ql40xx - ok
    16:48:37.0280 4580 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:48:37.0280 4580 QWAVE - ok
    16:48:37.0300 4580 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:48:37.0300 4580 QWAVEdrv - ok
    16:48:37.0320 4580 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:48:37.0330 4580 RasAcd - ok
    16:48:37.0370 4580 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:48:37.0380 4580 RasAgileVpn - ok
    16:48:37.0390 4580 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:48:37.0390 4580 RasAuto - ok
    16:48:37.0430 4580 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:48:37.0430 4580 Rasl2tp - ok
    16:48:37.0490 4580 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    16:48:37.0500 4580 RasMan - ok
    16:48:37.0550 4580 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:48:37.0550 4580 RasPppoe - ok
    16:48:37.0570 4580 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:48:37.0570 4580 RasSstp - ok
    16:48:37.0610 4580 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:48:37.0610 4580 rdbss - ok
    16:48:37.0630 4580 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    16:48:37.0630 4580 rdpbus - ok
    16:48:37.0650 4580 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:48:37.0650 4580 RDPCDD - ok
    16:48:37.0680 4580 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:48:37.0690 4580 RDPENCDD - ok
    16:48:37.0730 4580 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:48:37.0730 4580 RDPREFMP - ok
    16:48:37.0770 4580 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:48:37.0780 4580 RDPWD - ok
    16:48:37.0800 4580 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:48:37.0800 4580 rdyboost - ok
    16:48:37.0900 4580 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    16:48:37.0920 4580 RegSrvc - ok
    16:48:37.0980 4580 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:48:37.0980 4580 RemoteAccess - ok
    16:48:38.0030 4580 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:48:38.0030 4580 RemoteRegistry - ok
    16:48:38.0200 4580 [ BDDC447AB46625A54619808575D5CB46 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    16:48:38.0210 4580 RoxMediaDB12OEM - ok
    16:48:38.0260 4580 [ CE203243ADF512540249DF9C264F12DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    16:48:38.0260 4580 RoxWatch12 - ok
    16:48:38.0270 4580 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:48:38.0270 4580 RpcEptMapper - ok
    16:48:38.0310 4580 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    16:48:38.0320 4580 RpcLocator - ok
    16:48:38.0340 4580 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    16:48:38.0350 4580 RpcSs - ok
    16:48:38.0400 4580 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:48:38.0400 4580 rspndr - ok
    16:48:38.0480 4580 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:48:38.0490 4580 RTL8167 - ok
    16:48:38.0500 4580 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    16:48:38.0500 4580 SamSs - ok
    16:48:38.0520 4580 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    16:48:38.0520 4580 sbp2port - ok
    16:48:38.0580 4580 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:48:38.0590 4580 SCardSvr - ok
    16:48:38.0600 4580 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:48:38.0600 4580 scfilter - ok
    16:48:38.0670 4580 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    16:48:38.0690 4580 Schedule - ok
    16:48:38.0730 4580 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:48:38.0730 4580 SCPolicySvc - ok
    16:48:38.0780 4580 [ 84E00908975FAF79E91282ED8FB88C2F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    16:48:38.0780 4580 sdbus - ok
    16:48:38.0820 4580 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:48:38.0830 4580 SDRSVC - ok
    16:48:38.0860 4580 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:48:38.0860 4580 secdrv - ok
    16:48:38.0880 4580 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    16:48:38.0880 4580 seclogon - ok
    16:48:38.0970 4580 [ 917F46C42022FE1AAEF81E41EA4631AA ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    16:48:38.0990 4580 Secunia PSI Agent - ok
    16:48:39.0010 4580 [ 06762237FBC23FE5732FBB0C8E47CC42 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
    16:48:39.0010 4580 Secunia Update Agent - ok
    16:48:39.0030 4580 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    16:48:39.0030 4580 SENS - ok
    16:48:39.0040 4580 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:48:39.0040 4580 SensrSvc - ok
    16:48:39.0090 4580 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:48:39.0100 4580 Serenum - ok
    16:48:39.0110 4580 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:48:39.0110 4580 Serial - ok
    16:48:39.0150 4580 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    16:48:39.0160 4580 sermouse - ok
    16:48:39.0200 4580 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    16:48:39.0210 4580 SessionEnv - ok
    16:48:39.0250 4580 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    16:48:39.0250 4580 sffdisk - ok
    16:48:39.0270 4580 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    16:48:39.0270 4580 sffp_mmc - ok
    16:48:39.0310 4580 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    16:48:39.0320 4580 sffp_sd - ok
    16:48:39.0330 4580 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    16:48:39.0330 4580 sfloppy - ok
    16:48:39.0410 4580 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    16:48:39.0440 4580 SftService - ok
    16:48:39.0540 4580 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    16:48:39.0550 4580 SharedAccess - ok
    16:48:39.0580 4580 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:48:39.0590 4580 ShellHWDetection - ok
    16:48:39.0670 4580 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:48:39.0670 4580 SiSRaid2 - ok
    16:48:39.0740 4580 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    16:48:39.0740 4580 SiSRaid4 - ok
    16:48:39.0850 4580 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    16:48:39.0850 4580 SkypeUpdate - ok
    16:48:39.0910 4580 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:48:39.0920 4580 Smb - ok
    16:48:40.0000 4580 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:48:40.0000 4580 SNMPTRAP - ok
    16:48:40.0010 4580 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:48:40.0020 4580 spldr - ok
    16:48:40.0090 4580 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    16:48:40.0100 4580 Spooler - ok
    16:48:40.0190 4580 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    16:48:40.0220 4580 sppsvc - ok
    16:48:40.0250 4580 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:48:40.0250 4580 sppuinotify - ok
    16:48:40.0350 4580 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    16:48:40.0350 4580 sprtsvc_DellSupportCenter - ok
    16:48:40.0410 4580 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:48:40.0420 4580 srv - ok
    16:48:40.0440 4580 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:48:40.0440 4580 srv2 - ok
    16:48:40.0480 4580 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:48:40.0480 4580 srvnet - ok
    16:48:40.0540 4580 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:48:40.0540 4580 SSDPSRV - ok
    16:48:40.0570 4580 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:48:40.0570 4580 SstpSvc - ok
    16:48:40.0630 4580 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
    16:48:40.0630 4580 stdcfltn - ok
    16:48:40.0660 4580 [ C6539A0CB1EBFF488D3D4B070C4F17F8 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    16:48:40.0670 4580 Stereo Service - ok
    16:48:40.0700 4580 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    16:48:40.0700 4580 stexstor - ok
    16:48:40.0790 4580 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    16:48:40.0800 4580 stisvc - ok
    16:48:40.0880 4580 [ 9E182DD94496550A22A392CC1A8E0F52 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    16:48:40.0940 4580 stllssvr - ok
    16:48:40.0970 4580 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    16:48:40.0970 4580 swenum - ok
    16:48:41.0030 4580 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    16:48:41.0040 4580 swprv - ok
    16:48:41.0106 4580 [ 36F506C894E1EA59C65FAF6398BDF49A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    16:48:41.0106 4580 SynTP - ok
    16:48:41.0153 4580 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    16:48:41.0168 4580 SysMain - ok
    16:48:41.0200 4580 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:48:41.0200 4580 TabletInputService - ok
    16:48:41.0246 4580 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:48:41.0262 4580 TapiSrv - ok
    16:48:41.0278 4580 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    16:48:41.0278 4580 TBS - ok
    16:48:41.0356 4580 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:48:41.0387 4580 Tcpip - ok
    16:48:41.0418 4580 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:48:41.0434 4580 TCPIP6 - ok
    16:48:41.0465 4580 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:48:41.0480 4580 tcpipreg - ok
    16:48:41.0512 4580 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:48:41.0512 4580 TDPIPE - ok
    16:48:41.0558 4580 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:48:41.0558 4580 TDTCP - ok
    16:48:41.0574 4580 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:48:41.0574 4580 tdx - ok
    16:48:41.0605 4580 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    16:48:41.0605 4580 TermDD - ok
    16:48:41.0794 4580 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    16:48:41.0814 4580 TermService - ok
    16:48:41.0874 4580 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    16:48:41.0884 4580 Themes - ok
    16:48:41.0944 4580 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    16:48:41.0944 4580 THREADORDER - ok
    16:48:42.0024 4580 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    16:48:42.0034 4580 TrkWks - ok
    16:48:42.0144 4580 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:48:42.0154 4580 TrustedInstaller - ok
    16:48:42.0234 4580 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:48:42.0234 4580 tssecsrv - ok
    16:48:42.0324 4580 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:48:42.0324 4580 tunnel - ok
    16:48:42.0394 4580 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
    16:48:42.0414 4580 TurboB - ok
    16:48:42.0574 4580 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    16:48:42.0634 4580 TurboBoost - ok
    16:48:42.0664 4580 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    16:48:42.0664 4580 uagp35 - ok
    16:48:42.0714 4580 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:48:42.0724 4580 udfs - ok
    16:48:42.0784 4580 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:48:42.0794 4580 UI0Detect - ok
    16:48:42.0854 4580 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    16:48:42.0854 4580 uliagpkx - ok
    16:48:42.0894 4580 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    16:48:42.0894 4580 umbus - ok
    16:48:42.0944 4580 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    16:48:42.0954 4580 UmPass - ok
    16:48:43.0234 4580 [ CBDEE152D73200EE49031A26310B9D3E ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    16:48:43.0244 4580 UNS - ok
    16:48:43.0284 4580 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    16:48:43.0294 4580 upnphost - ok
    16:48:43.0364 4580 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    16:48:43.0374 4580 USBAAPL64 - ok
    16:48:43.0434 4580 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:48:43.0434 4580 usbccgp - ok
    16:48:43.0454 4580 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    16:48:43.0464 4580 usbcir - ok
    16:48:43.0484 4580 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
    16:48:43.0484 4580 usbehci - ok
    16:48:43.0594 4580 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:48:43.0604 4580 usbhub - ok
    16:48:43.0624 4580 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    16:48:43.0624 4580 usbohci - ok
    16:48:43.0664 4580 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:48:43.0674 4580 usbprint - ok
    16:48:43.0734 4580 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:48:43.0754 4580 USBSTOR - ok
    16:48:43.0774 4580 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    16:48:43.0784 4580 usbuhci - ok
    16:48:43.0814 4580 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    16:48:43.0824 4580 usbvideo - ok
    16:48:43.0874 4580 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    16:48:43.0874 4580 UxSms - ok
    16:48:43.0914 4580 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    16:48:43.0914 4580 VaultSvc - ok
    16:48:43.0994 4580 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    16:48:43.0994 4580 vdrvroot - ok
    16:48:44.0044 4580 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    16:48:44.0054 4580 vds - ok
    16:48:44.0074 4580 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:48:44.0074 4580 vga - ok
    16:48:44.0094 4580 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:48:44.0094 4580 VgaSave - ok
    16:48:44.0134 4580 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    16:48:44.0144 4580 vhdmp - ok
    16:48:44.0184 4580 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    16:48:44.0184 4580 viaide - ok
    16:48:44.0214 4580 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    16:48:44.0224 4580 volmgr - ok
    16:48:44.0264 4580 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:48:44.0264 4580 volmgrx - ok
    16:48:44.0314 4580 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
    16:48:44.0314 4580 volsnap - ok
    16:48:44.0374 4580 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    16:48:44.0384 4580 vsmraid - ok
    16:48:44.0434 4580 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    16:48:44.0454 4580 VSS - ok
    16:48:44.0484 4580 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    16:48:44.0484 4580 vwifibus - ok
    16:48:44.0574 4580 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    16:48:44.0584 4580 vwififlt - ok
    16:48:44.0624 4580 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    16:48:44.0624 4580 vwifimp - ok
    16:48:44.0724 4580 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    16:48:44.0734 4580 W32Time - ok
    16:48:44.0754 4580 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    16:48:44.0754 4580 WacomPen - ok
    16:48:44.0764 4580 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:48:44.0764 4580 WANARP - ok
    16:48:44.0784 4580 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:48:44.0784 4580 Wanarpv6 - ok
    16:48:44.0884 4580 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:48:44.0904 4580 WatAdminSvc - ok
    16:48:44.0954 4580 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    16:48:44.0974 4580 wbengine - ok
    16:48:45.0024 4580 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:48:45.0034 4580 WbioSrvc - ok
    16:48:45.0094 4580 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:48:45.0094 4580 wcncsvc - ok
    16:48:45.0114 4580 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:48:45.0124 4580 WcsPlugInService - ok
    16:48:45.0174 4580 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    16:48:45.0174 4580 Wd - ok
    16:48:45.0234 4580 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:48:45.0244 4580 Wdf01000 - ok
    16:48:45.0254 4580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:48:45.0264 4580 WdiServiceHost - ok
    16:48:45.0264 4580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:48:45.0264 4580 WdiSystemHost - ok
    16:48:45.0304 4580 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    16:48:45.0314 4580 WebClient - ok
    16:48:45.0354 4580 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:48:45.0354 4580 Wecsvc - ok
    16:48:45.0374 4580 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:48:45.0374 4580 wercplsupport - ok
    16:48:45.0434 4580 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:48:45.0434 4580 WerSvc - ok
    16:48:45.0484 4580 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:48:45.0484 4580 WfpLwf - ok
    16:48:45.0514 4580 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    16:48:45.0524 4580 WimFltr - ok
    16:48:45.0534 4580 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:48:45.0544 4580 WIMMount - ok
    16:48:45.0584 4580 WinDefend - ok
    16:48:45.0594 4580 WinHttpAutoProxySvc - ok
    16:48:45.0684 4580 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:48:45.0684 4580 Winmgmt - ok
    16:48:45.0774 4580 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    16:48:45.0804 4580 WinRM - ok
    16:48:45.0905 4580 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    16:48:45.0905 4580 WinUsb - ok
    16:48:45.0965 4580 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:48:45.0985 4580 Wlansvc - ok
    16:48:46.0045 4580 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:48:46.0045 4580 wlcrasvc - ok
    16:48:46.0225 4580 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:48:46.0245 4580 wlidsvc - ok
    16:48:46.0295 4580 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    16:48:46.0295 4580 WmiAcpi - ok
    16:48:46.0415 4580 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:48:46.0415 4580 wmiApSrv - ok
    16:48:46.0475 4580 WMPNetworkSvc - ok
    16:48:46.0525 4580 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:48:46.0535 4580 WPCSvc - ok
    16:48:46.0575 4580 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:48:46.0575 4580 WPDBusEnum - ok
    16:48:46.0585 4580 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:48:46.0585 4580 ws2ifsl - ok
    16:48:46.0635 4580 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
    16:48:46.0645 4580 wscsvc - ok
    16:48:46.0655 4580 WSearch - ok
    16:48:46.0735 4580 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    16:48:46.0755 4580 wuauserv - ok
    16:48:46.0795 4580 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:48:46.0795 4580 WudfPf - ok
    16:48:46.0845 4580 [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:48:46.0845 4580 WUDFRd - ok
    16:48:46.0865 4580 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:48:46.0875 4580 wudfsvc - ok
    16:48:46.0885 4580 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:48:46.0895 4580 WwanSvc - ok
    16:48:46.0925 4580 ================ Scan global ===============================
    16:48:46.0945 4580 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    16:48:47.0025 4580 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    16:48:47.0045 4580 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    16:48:47.0085 4580 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    16:48:47.0135 4580 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    16:48:47.0145 4580 [Global] - ok
    16:48:47.0145 4580 ================ Scan MBR ==================================
    16:48:47.0165 4580 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    16:48:47.0385 4580 \Device\Harddisk0\DR0 - ok
    16:48:47.0385 4580 ================ Scan VBR ==================================
    16:48:47.0395 4580 [ DF589A791D97731CB3862355E99B411E ] \Device\Harddisk0\DR0\Partition1
    16:48:47.0395 4580 \Device\Harddisk0\DR0\Partition1 - ok
    16:48:47.0425 4580 [ 301A8E98BD808BB60594B10E31B70270 ] \Device\Harddisk0\DR0\Partition2
    16:48:47.0425 4580 \Device\Harddisk0\DR0\Partition2 - ok
    16:48:47.0425 4580 ============================================================
    16:48:47.0425 4580 Scan finished
    16:48:47.0425 4580 ============================================================
    16:48:47.0435 6792 Detected object count: 0
    16:48:47.0435 6792 Actual detected object count: 0
     
  17. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Alex Skittery [Admin rights]
    Mode : Remove -- Date : 10/04/2012 16:55:06

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HM640JJ +++++
    --- User ---
    [MBR] 2505843aa939947e2bfae47555ac832e
    [BSP] fd634e9fab3a83954d641575909685a5 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 595440 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  18. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.04.04

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Alex Skittery :: DM-LAPTOP [administrator]

    04/10/2012 16:57:49
    mbam-log-2012-10-04 (16-57-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227134
    Time elapsed: 4 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  19. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-04 17:20:22
    -----------------------------
    17:20:22.411 OS Version: Windows x64 6.1.7600
    17:20:22.411 Number of processors: 4 586 0x2505
    17:20:22.411 ComputerName: DM-LAPTOP UserName:
    17:20:23.701 Initialize success
    12:23:30.035 AVAST engine defs: 12100302
    12:23:40.138 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:23:40.138 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 610480MB BusType: 3
    12:23:40.169 Disk 0 MBR read successfully
    12:23:40.169 Disk 0 MBR scan
    12:23:40.185 Disk 0 Windows VISTA default MBR code
    12:23:40.185 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    12:23:40.201 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
    12:23:40.232 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595440 MB offset 30800325
    12:23:40.294 Disk 0 scanning C:\Windows\system32\drivers
    12:23:56.329 Service scanning
    12:24:31.324 Modules scanning
    12:24:31.334 Disk 0 trace - called modules:
    12:24:31.354 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys PCTCore64.sys iaStor.sys hal.dll
    12:24:31.694 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005263060]
    12:24:31.694 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa80050fb960]
    12:24:31.704 5 stdcfltn.sys[fffff88001d87c52] -> nt!IofCallDriver -> [0xfffffa80050fbcf0]
    12:24:31.714 7 PCTCore64.sys[fffff88001334f38] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f81050]
    12:24:33.034 AVAST engine scan C:\Windows
    12:24:36.628 AVAST engine scan C:\Windows\system32
    12:27:23.103 Disk 0 MBR has been saved successfully to "C:\Users\Alex Skittery\Desktop\MBR.dat"
    12:27:23.183 The log file has been saved successfully to "C:\Users\Alex Skittery\Desktop\aswMBR.txt"
    12:29:31.398 AVAST engine scan C:\Windows\system32\drivers
    12:29:52.760 AVAST engine scan C:\Users\Alex Skittery
    12:41:45.631 AVAST engine scan C:\ProgramData
    12:44:27.123 Scan finished successfully
    12:45:11.672 Disk 0 MBR has been saved successfully to "C:\Users\Alex Skittery\Desktop\MBR.dat"
    12:45:11.678 The log file has been saved successfully to "C:\Users\Alex Skittery\Desktop\aswMBR.txt"
     
  20. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    Ok I think that is everything you asked for!
     
  21. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

  22. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    Ok so although that screen appeared on my computer once, after restarting it, it seems to have gone now so I am unsure what is going on. I'll wait for you to reply before I do anything I think!
     
  23. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Cool :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  24. Dan James

    Dan James TS Rookie Topic Starter Posts: 80

    ComboFix 12-10-04.02 - Alex Skittery 07/10/2012 18:30:24.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3828.2413 [GMT 1:00]
    Running from: c:\users\Alex Skittery\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\0tbpw.pad
    c:\programdata\lsass.exe
    c:\users\Alex Skittery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    c:\users\Alex Skittery\AppData\Roaming\Roaming
    c:\users\Alex Skittery\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#konugani.com\settings.sol
    c:\users\Alex Skittery\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-07 to 2012-10-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-07 17:41 . 2012-10-07 17:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-10-07 17:41 . 2012-10-07 17:41 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-10-07 17:41 . 2012-10-07 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-06 16:18 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E425E57-3408-4E95-AD79-F21DD8E88E22}\mpengine.dll
    2012-10-05 14:37 . 2012-10-05 14:37 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD3BFA6D-2BD5-4DBA-9CD8-DC7E5A17F553}\gapaengine.dll
    2012-10-05 14:37 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-04 15:48 . 2012-10-04 15:48 208216 ----a-w- c:\windows\system32\drivers\76671082.sys
    2012-09-30 12:17 . 2012-09-30 19:21 -------- d-----w- C:\29588b5f190039290a92
    2012-09-25 08:55 . 2012-08-24 10:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-09-22 19:02 . 2012-09-22 19:02 -------- d-----w- c:\programdata\McAfee Security Scan
    2012-09-22 19:02 . 2012-10-06 00:56 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2012-09-17 12:52 . 2012-09-17 12:52 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-09-12 06:55 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 06:55 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-22 20:04 . 2012-06-16 20:08 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-22 20:04 . 2011-11-29 21:49 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-07 16:04 . 2012-06-16 20:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 21:03 . 2012-03-20 19:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-07-18 17:31 . 2012-08-15 16:50 3146752 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    c:\users\Alex Skittery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-5-29 562272]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-09-27 169048]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-17 114144]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-05 1255736]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-12 24680]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-11-14 367912]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2011-12-01 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2011-12-01 1096688]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-02-24 230952]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-12 1620584]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-05-29 1301088]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-05-29 681056]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-12 235624]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-06-30 2533400]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-19 27760]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-16 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-20 287232]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-12 29288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NISDRV
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 20:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-03 6486120]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-03 2120808]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-02 415256]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 194.74.65.68 194.74.65.69
    FF - ProfilePath - c:\users\Alex Skittery\AppData\Roaming\Mozilla\Firefox\Profiles\sk4g8nvv.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-07 19:02:41
    ComboFix-quarantined-files.txt 2012-10-07 18:02
    .
    Pre-Run: 455,630,995,456 bytes free
    Post-Run: 458,145,177,600 bytes free
    .
    - - End Of File - - B6F160E3ED78FE998A7B02038E7908E4
     
  25. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Looks good.

    Any current issues?

    ========================

    You're running two AV programs, McAfee and MSE.
    You must uninstall one of them.
    If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

    Next...

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.