Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Accessing HD & Internet - CPU 100%!


  • Please log in to reply
47 replies to this topic

#1 NHGuy

NHGuy

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 January 2012 - 03:44 PM

Hello,

I've been fighting this problem for quite a while but now it has become very bad!

Using Process explore System PID 4 is now constantly accessing hard drive for 10 minutes + during turn on.

CPU use very high during these periods - laptop freezes

Problem began a few days ago with Firefox being re-directed on a number of sites.

I don't know what to do next

Please help

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:36 AM

Posted 18 January 2012 - 03:45 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 January 2012 - 04:54 PM

Hi Cryptodan,

Included is the check log. Also earlier today I ran GMER and a Quick Scan of MBAM. I will include these since I have not changed anything since these scans.

If you require a Full Scan in MBAM it will take 5-6 hours and I will perform it over night. Please let me know how to proceed.

Thank you for your generous efforts.

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 30
Adobe Flash Player 11.1.102.55
Mozilla Firefox (9.0.1)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-18 07:45:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC7DP
Running: rw5cwmwd.exe; Driver: C:\Users\User\AppData\Local\Temp\pwldapob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3492] ntdll.dll!DbgBreakPoint 77C3878E 1 Byte [90]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E978E60-11B0-9E0B-FF4C-8F22D224EA9E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E978E60-11B0-9E0B-FF4C-8F22D224EA9E}@nagplcinnbafddhphghdbpeihdfg 0x6B 0x61 0x65 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E978E60-11B0-9E0B-FF4C-8F22D224EA9E}@oaapnebjccibdiphimkbeapcmkphil 0x6B 0x61 0x65 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9F8F5F5-F073-8CF0-A52C-9A50410506BE}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9F8F5F5-F073-8CF0-A52C-9A50410506BE}@pamcgjbbappmdghnjieboepbkljefcfc 0x6B 0x61 0x69 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9F8F5F5-F073-8CF0-A52C-9A50410506BE}@oagciiffdlnepeniemheimplnpmkkm 0x6B 0x61 0x69 0x6E ...


---- EOF - GMER 1.0.15 ----


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.18.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

1/18/2012 7:00:56 AM
mbam-log-2012-01-18 (07-00-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 166693
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Regards,

John (NH Guy)

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:36 AM

Posted 18 January 2012 - 04:57 PM

Run complete scans with Mbam and Super Anti-spyware.

#5 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 January 2012 - 04:59 PM

Will do and send results by tomorrow morning or sooner.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:36 AM

Posted 18 January 2012 - 05:05 PM

Roger that, and in the mean time remove ccleaner per:

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

#7 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 January 2012 - 05:20 PM

CCleaner ...now gone!

#8 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 January 2012 - 09:00 PM

OK. It took less time than I thought.

Here are MBAM full scan log and SUPERAntiSpyware Scan Log

They didn't find a lot.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.18.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

1/18/2012 5:57:31 PM
mbam-log-2012-01-18 (17-57-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342777
Time elapsed: 1 hour(s), 39 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2012 at 08:48 PM

Application Version : 5.0.1142

Core Rules Database Version : 8144
Trace Rules Database Version: 5956

Scan type : Complete Scan
Total Scan Time : 00:51:57

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 614
Memory threats detected : 0
Registry items scanned : 37618
Registry threats detected : 0
File items scanned : 51439
File threats detected : 1

Adware.Tracking Cookie
msnbcmedia.msn.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2E5CJCWK ]


I'll wait to hear your analysis
Good luck!

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:36 AM

Posted 18 January 2012 - 09:30 PM

Please download and run TDSSKiller and if it asks you to fix anything, please DO NOT FIX ANYTHING. Click the report button in the upper right hand corner of the screen and post the log it creates.

Edited by cryptodan, 18 January 2012 - 09:30 PM.


#10 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 January 2012 - 10:33 PM

It found nothing.

22:11:10.0691 3684 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
22:11:11.0157 3684 ============================================================
22:11:11.0157 3684 Current date / time: 2012/01/18 22:11:11.0157
22:11:11.0157 3684 SystemInfo:
22:11:11.0157 3684
22:11:11.0157 3684 OS Version: 6.0.6002 ServicePack: 2.0
22:11:11.0157 3684 Product type: Workstation
22:11:11.0157 3684 ComputerName: USER-PC
22:11:11.0158 3684 UserName: User
22:11:11.0158 3684 Windows directory: C:\Windows
22:11:11.0158 3684 System windows directory: C:\Windows
22:11:11.0158 3684 Processor architecture: Intel x86
22:11:11.0158 3684 Number of processors: 2
22:11:11.0158 3684 Page size: 0x1000
22:11:11.0158 3684 Boot type: Normal boot
22:11:11.0158 3684 ============================================================
22:11:13.0259 3684 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:11:14.0018 3684 Initialize success
22:11:15.0922 2016 ============================================================
22:11:15.0923 2016 Scan started
22:11:15.0923 2016 Mode: Manual;
22:11:15.0923 2016 ============================================================
22:11:17.0761 2016 a2acc - ok
22:11:18.0037 2016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:11:18.0040 2016 ACPI - ok
22:11:18.0143 2016 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:11:18.0147 2016 adp94xx - ok
22:11:18.0514 2016 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:11:18.0736 2016 adpahci - ok
22:11:19.0225 2016 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:11:19.0226 2016 adpu160m - ok
22:11:19.0668 2016 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:11:19.0672 2016 adpu320 - ok
22:11:19.0846 2016 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:11:19.0849 2016 AFD - ok
22:11:19.0931 2016 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
22:11:19.0952 2016 AgereSoftModem - ok
22:11:20.0097 2016 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:11:20.0098 2016 agp440 - ok
22:11:20.0126 2016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:11:20.0128 2016 aic78xx - ok
22:11:20.0164 2016 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:11:20.0166 2016 aliide - ok
22:11:20.0194 2016 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:11:20.0195 2016 amdagp - ok
22:11:20.0314 2016 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:11:20.0317 2016 amdide - ok
22:11:20.0366 2016 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:11:20.0368 2016 AmdK7 - ok
22:11:20.0400 2016 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:11:20.0401 2016 AmdK8 - ok
22:11:20.0574 2016 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:11:20.0575 2016 arc - ok
22:11:20.0616 2016 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:11:20.0618 2016 arcsas - ok
22:11:20.0667 2016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:20.0668 2016 AsyncMac - ok
22:11:20.0785 2016 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:11:20.0786 2016 atapi - ok
22:11:20.0858 2016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:11:20.0859 2016 Beep - ok
22:11:20.0977 2016 blbdrive - ok
22:11:21.0019 2016 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:11:21.0020 2016 bowser - ok
22:11:21.0070 2016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:11:21.0072 2016 BrFiltLo - ok
22:11:21.0103 2016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:11:21.0105 2016 BrFiltUp - ok
22:11:21.0223 2016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:11:21.0225 2016 Brserid - ok
22:11:21.0263 2016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:11:21.0264 2016 BrSerWdm - ok
22:11:21.0305 2016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:11:21.0306 2016 BrUsbMdm - ok
22:11:21.0338 2016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:11:21.0339 2016 BrUsbSer - ok
22:11:21.0480 2016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:11:21.0482 2016 BTHMODEM - ok
22:11:21.0587 2016 catchme - ok
22:11:21.0722 2016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:11:21.0723 2016 cdfs - ok
22:11:21.0778 2016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:11:21.0780 2016 cdrom - ok
22:11:21.0840 2016 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:11:21.0841 2016 circlass - ok
22:11:21.0965 2016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:11:21.0968 2016 CLFS - ok
22:11:22.0038 2016 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:22.0040 2016 CmBatt - ok
22:11:22.0085 2016 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:11:22.0086 2016 cmdide - ok
22:11:22.0256 2016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:11:22.0256 2016 Compbatt - ok
22:11:22.0276 2016 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:11:22.0277 2016 crcdisk - ok
22:11:22.0306 2016 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:11:22.0307 2016 Crusoe - ok
22:11:22.0357 2016 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:11:22.0360 2016 DfsC - ok
22:11:22.0477 2016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:11:22.0479 2016 disk - ok
22:11:22.0590 2016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:11:22.0592 2016 drmkaud - ok
22:11:22.0697 2016 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:11:22.0710 2016 DXGKrnl - ok
22:11:22.0800 2016 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:11:22.0802 2016 E1G60 - ok
22:11:22.0924 2016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:11:22.0928 2016 Ecache - ok
22:11:23.0085 2016 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:11:23.0087 2016 ElbyCDIO - ok
22:11:23.0223 2016 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:11:23.0225 2016 elxstor - ok
22:11:23.0319 2016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:11:23.0323 2016 exfat - ok
22:11:23.0397 2016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:11:23.0401 2016 fastfat - ok
22:11:23.0525 2016 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:11:23.0526 2016 fdc - ok
22:11:23.0591 2016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:11:23.0593 2016 FileInfo - ok
22:11:23.0635 2016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:11:23.0637 2016 Filetrace - ok
22:11:23.0660 2016 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:23.0660 2016 flpydisk - ok
22:11:23.0788 2016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:11:23.0793 2016 FltMgr - ok
22:11:23.0870 2016 FSProFilter (3528c9ec493ca524a877d217c7d51600) C:\Windows\system32\Drivers\FSPFltd.sys
22:11:23.0871 2016 FSProFilter - ok
22:11:23.0991 2016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:11:23.0992 2016 Fs_Rec - ok
22:11:24.0046 2016 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:11:24.0048 2016 FwLnk - ok
22:11:24.0072 2016 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:11:24.0073 2016 gagp30kx - ok
22:11:24.0120 2016 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:11:24.0126 2016 HdAudAddService - ok
22:11:24.0336 2016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:11:24.0349 2016 HDAudBus - ok
22:11:24.0430 2016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:11:24.0432 2016 HidBth - ok
22:11:24.0483 2016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:11:24.0484 2016 HidIr - ok
22:11:24.0582 2016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:11:24.0583 2016 HidUsb - ok
22:11:24.0658 2016 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:11:24.0659 2016 HpCISSs - ok
22:11:24.0729 2016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:11:24.0738 2016 HTTP - ok
22:11:24.0801 2016 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:11:24.0803 2016 i2omp - ok
22:11:24.0917 2016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:11:24.0919 2016 i8042prt - ok
22:11:25.0051 2016 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:11:25.0070 2016 ialm - ok
22:11:25.0245 2016 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:11:25.0247 2016 iaStorV - ok
22:11:25.0384 2016 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:11:25.0407 2016 igfx - ok
22:11:25.0516 2016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:11:25.0517 2016 iirsp - ok
22:11:25.0641 2016 IntcAzAudAddService (f92f433a1b38041b365bfd4b021e42d2) C:\Windows\system32\drivers\RTKVHDA.sys
22:11:25.0656 2016 IntcAzAudAddService - ok
22:11:25.0796 2016 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:11:25.0797 2016 intelide - ok
22:11:25.0840 2016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:11:25.0841 2016 intelppm - ok
22:11:25.0904 2016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:25.0906 2016 IpFilterDriver - ok
22:11:26.0009 2016 IpInIp - ok
22:11:26.0051 2016 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:11:26.0052 2016 IPMIDRV - ok
22:11:26.0097 2016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:11:26.0100 2016 IPNAT - ok
22:11:26.0134 2016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:11:26.0136 2016 IRENUM - ok
22:11:26.0251 2016 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:11:26.0253 2016 isapnp - ok
22:11:26.0317 2016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:11:26.0321 2016 iScsiPrt - ok
22:11:26.0349 2016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:11:26.0350 2016 iteatapi - ok
22:11:26.0386 2016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:11:26.0388 2016 iteraid - ok
22:11:26.0467 2016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:11:26.0468 2016 kbdclass - ok
22:11:26.0537 2016 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
22:11:26.0539 2016 kbdhid - ok
22:11:26.0586 2016 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
22:11:26.0588 2016 KR10I - ok
22:11:26.0628 2016 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
22:11:26.0630 2016 KR10N - ok
22:11:26.0764 2016 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
22:11:26.0774 2016 KR3NPXP - ok
22:11:26.0907 2016 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:11:26.0917 2016 KSecDD - ok
22:11:27.0065 2016 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\Windows\system32\drivers\libusb0.sys
22:11:27.0066 2016 libusb0 - ok
22:11:27.0111 2016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:11:27.0113 2016 lltdio - ok
22:11:27.0169 2016 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:11:27.0172 2016 LSI_FC - ok
22:11:27.0191 2016 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:11:27.0194 2016 LSI_SAS - ok
22:11:27.0337 2016 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:11:27.0339 2016 LSI_SCSI - ok
22:11:27.0395 2016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:11:27.0397 2016 luafv - ok
22:11:27.0429 2016 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:11:27.0431 2016 megasas - ok
22:11:27.0493 2016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:11:27.0494 2016 Modem - ok
22:11:27.0637 2016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:11:27.0639 2016 monitor - ok
22:11:27.0680 2016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:11:27.0682 2016 mouclass - ok
22:11:27.0716 2016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:11:27.0718 2016 mouhid - ok
22:11:27.0764 2016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:11:27.0766 2016 MountMgr - ok
22:11:27.0887 2016 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
22:11:27.0890 2016 MpFilter - ok
22:11:27.0947 2016 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:11:27.0949 2016 mpio - ok
22:11:28.0026 2016 MpKslc698e606 - ok
22:11:28.0459 2016 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:11:28.0460 2016 MpNWMon - ok
22:11:28.0713 2016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:11:28.0715 2016 mpsdrv - ok
22:11:28.0797 2016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:11:28.0798 2016 Mraid35x - ok
22:11:28.0849 2016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:11:28.0852 2016 MRxDAV - ok
22:11:28.0889 2016 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:28.0892 2016 mrxsmb - ok
22:11:28.0977 2016 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:28.0982 2016 mrxsmb10 - ok
22:11:29.0048 2016 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:29.0051 2016 mrxsmb20 - ok
22:11:29.0089 2016 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:11:29.0090 2016 msahci - ok
22:11:29.0114 2016 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:11:29.0116 2016 msdsm - ok
22:11:29.0214 2016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:11:29.0216 2016 Msfs - ok
22:11:29.0325 2016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:11:29.0326 2016 msisadrv - ok
22:11:29.0375 2016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:11:29.0376 2016 MSKSSRV - ok
22:11:29.0476 2016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:29.0477 2016 MSPCLOCK - ok
22:11:29.0562 2016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:11:29.0563 2016 MSPQM - ok
22:11:29.0630 2016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:11:29.0635 2016 MsRPC - ok
22:11:29.0681 2016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:11:29.0683 2016 mssmbios - ok
22:11:29.0750 2016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:11:29.0752 2016 MSTEE - ok
22:11:29.0837 2016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:11:29.0839 2016 Mup - ok
22:11:29.0898 2016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:11:29.0902 2016 NativeWifiP - ok
22:11:30.0004 2016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:11:30.0009 2016 NDIS - ok
22:11:30.0109 2016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:30.0111 2016 NdisTapi - ok
22:11:30.0144 2016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:30.0146 2016 Ndisuio - ok
22:11:30.0232 2016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:30.0235 2016 NdisWan - ok
22:11:30.0324 2016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:11:30.0326 2016 NDProxy - ok
22:11:30.0392 2016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:11:30.0396 2016 NetBIOS - ok
22:11:30.0494 2016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:11:30.0498 2016 netbt - ok
22:11:30.0686 2016 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
22:11:30.0702 2016 NETw3v32 - ok
22:11:30.0958 2016 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
22:11:30.0990 2016 NETw5v32 - ok
22:11:31.0106 2016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:11:31.0107 2016 nfrd960 - ok
22:11:31.0185 2016 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
22:11:31.0186 2016 NPF - ok
22:11:31.0246 2016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:11:31.0248 2016 Npfs - ok
22:11:31.0366 2016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:11:31.0368 2016 nsiproxy - ok
22:11:31.0453 2016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:11:31.0464 2016 Ntfs - ok
22:11:31.0572 2016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:11:31.0574 2016 ntrigdigi - ok
22:11:31.0617 2016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:11:31.0618 2016 Null - ok
22:11:31.0659 2016 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:11:31.0661 2016 nvraid - ok
22:11:31.0703 2016 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:11:31.0705 2016 nvstor - ok
22:11:31.0737 2016 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:11:31.0739 2016 nv_agp - ok
22:11:31.0832 2016 NwlnkFlt - ok
22:11:31.0849 2016 NwlnkFwd - ok
22:11:31.0900 2016 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:11:31.0902 2016 ohci1394 - ok
22:11:31.0967 2016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:11:31.0968 2016 Parport - ok
22:11:32.0085 2016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:11:32.0087 2016 partmgr - ok
22:11:32.0137 2016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:11:32.0139 2016 Parvdm - ok
22:11:32.0209 2016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:11:32.0213 2016 pci - ok
22:11:32.0406 2016 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
22:11:32.0407 2016 pciide - ok
22:11:32.0500 2016 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
22:11:32.0504 2016 pcmcia - ok
22:11:32.0698 2016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:11:32.0716 2016 PEAUTH - ok
22:11:32.0932 2016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:11:32.0934 2016 PptpMiniport - ok
22:11:33.0003 2016 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:11:33.0004 2016 Processor - ok
22:11:33.0098 2016 PROCEXP151 - ok
22:11:33.0192 2016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:11:33.0194 2016 PSched - ok
22:11:33.0261 2016 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
22:11:33.0263 2016 PxHelp20 - ok
22:11:33.0408 2016 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:11:33.0416 2016 ql2300 - ok
22:11:33.0548 2016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:11:33.0550 2016 ql40xx - ok
22:11:33.0599 2016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:11:33.0601 2016 QWAVEdrv - ok
22:11:33.0647 2016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:11:33.0649 2016 RasAcd - ok
22:11:33.0933 2016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:11:33.0936 2016 Rasl2tp - ok
22:11:33.0982 2016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:11:33.0984 2016 RasPppoe - ok
22:11:34.0024 2016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:11:34.0027 2016 RasSstp - ok
22:11:34.0156 2016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:11:34.0161 2016 rdbss - ok
22:11:34.0185 2016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:11:34.0187 2016 RDPCDD - ok
22:11:34.0287 2016 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:11:34.0290 2016 rdpdr - ok
22:11:34.0387 2016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:11:34.0389 2016 RDPENCDD - ok
22:11:34.0469 2016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:11:34.0473 2016 RDPWD - ok
22:11:34.0542 2016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:11:34.0544 2016 rspndr - ok
22:11:34.0628 2016 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:11:34.0628 2016 SASDIFSV - ok
22:11:34.0648 2016 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:11:34.0649 2016 SASKUTIL - ok
22:11:34.0770 2016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:11:34.0771 2016 sbp2port - ok
22:11:34.0838 2016 SCDEmu (9feb2026a460916d1a1198b460632630) C:\Windows\system32\drivers\SCDEmu.sys
22:11:34.0840 2016 SCDEmu - ok
22:11:34.0986 2016 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:11:34.0989 2016 sdbus - ok
22:11:35.0026 2016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:11:35.0028 2016 secdrv - ok
22:11:35.0064 2016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:11:35.0065 2016 Serenum - ok
22:11:35.0088 2016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:11:35.0089 2016 Serial - ok
22:11:35.0219 2016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:11:35.0221 2016 sermouse - ok
22:11:35.0278 2016 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
22:11:35.0279 2016 sffdisk - ok
22:11:35.0321 2016 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:11:35.0322 2016 sffp_mmc - ok
22:11:35.0342 2016 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:11:35.0344 2016 sffp_sd - ok
22:11:35.0462 2016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:11:35.0463 2016 sfloppy - ok
22:11:35.0500 2016 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:11:35.0502 2016 sisagp - ok
22:11:35.0527 2016 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:11:35.0528 2016 SiSRaid2 - ok
22:11:35.0559 2016 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:11:35.0561 2016 SiSRaid4 - ok
22:11:35.0616 2016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:11:35.0618 2016 Smb - ok
22:11:35.0744 2016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:11:35.0745 2016 spldr - ok
22:11:35.0810 2016 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:11:35.0817 2016 srv - ok
22:11:35.0932 2016 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:11:35.0936 2016 srv2 - ok
22:11:35.0973 2016 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:11:35.0976 2016 srvnet - ok
22:11:36.0040 2016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:11:36.0041 2016 swenum - ok
22:11:36.0095 2016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:11:36.0096 2016 Symc8xx - ok
22:11:36.0225 2016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:11:36.0226 2016 Sym_hi - ok
22:11:36.0259 2016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:11:36.0260 2016 Sym_u3 - ok
22:11:36.0303 2016 SynTP (a93e77225d7b32d270fbb6acc3df119b) C:\Windows\system32\DRIVERS\SynTP.sys
22:11:36.0305 2016 SynTP - ok
22:11:36.0401 2016 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:11:36.0420 2016 Tcpip - ok
22:11:36.0590 2016 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:11:36.0599 2016 Tcpip6 - ok
22:11:36.0712 2016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:11:36.0714 2016 tcpipreg - ok
22:11:36.0767 2016 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:11:36.0768 2016 tdcmdpst - ok
22:11:36.0808 2016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:11:36.0810 2016 TDPIPE - ok
22:11:36.0921 2016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:11:36.0923 2016 TDTCP - ok
22:11:36.0960 2016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:11:36.0963 2016 tdx - ok
22:11:36.0998 2016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:11:37.0000 2016 TermDD - ok
22:11:37.0046 2016 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
22:11:37.0049 2016 tifm21 - ok
22:11:37.0186 2016 Tosrfcom - ok
22:11:37.0244 2016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:11:37.0254 2016 tssecsrv - ok
22:11:37.0319 2016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:11:37.0321 2016 tunmp - ok
22:11:37.0430 2016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:11:37.0432 2016 tunnel - ok
22:11:37.0467 2016 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:11:37.0468 2016 TVALZ - ok
22:11:37.0509 2016 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:11:37.0511 2016 uagp35 - ok
22:11:37.0548 2016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:11:37.0553 2016 udfs - ok
22:11:37.0685 2016 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:11:37.0686 2016 uliagpkx - ok
22:11:37.0728 2016 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:11:37.0730 2016 uliahci - ok
22:11:37.0761 2016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:11:37.0763 2016 UlSata - ok
22:11:37.0789 2016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:11:37.0791 2016 ulsata2 - ok
22:11:37.0905 2016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:11:37.0907 2016 umbus - ok
22:11:37.0963 2016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:11:37.0965 2016 usbccgp - ok
22:11:37.0998 2016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:11:37.0999 2016 usbcir - ok
22:11:38.0032 2016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:11:38.0034 2016 usbehci - ok
22:11:38.0170 2016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:11:38.0175 2016 usbhub - ok
22:11:38.0216 2016 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:11:38.0218 2016 usbohci - ok
22:11:38.0256 2016 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:11:38.0257 2016 usbprint - ok
22:11:38.0417 2016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:11:38.0419 2016 USBSTOR - ok
22:11:38.0474 2016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:11:38.0476 2016 usbuhci - ok
22:11:38.0532 2016 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
22:11:38.0536 2016 usbvideo - ok
22:11:38.0671 2016 UVCFTR (0d09f77f46dd3be73c3e5949428d6995) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
22:11:38.0672 2016 UVCFTR - ok
22:11:38.0716 2016 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
22:11:38.0717 2016 VClone - ok
22:11:38.0766 2016 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:11:38.0767 2016 vga - ok
22:11:38.0808 2016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:11:38.0810 2016 VgaSave - ok
22:11:38.0941 2016 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:11:38.0942 2016 viaagp - ok
22:11:38.0968 2016 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:11:38.0969 2016 ViaC7 - ok
22:11:38.0993 2016 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:11:38.0995 2016 viaide - ok
22:11:39.0041 2016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:11:39.0043 2016 volmgr - ok
22:11:39.0189 2016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:11:39.0196 2016 volmgrx - ok
22:11:39.0312 2016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:11:39.0315 2016 volsnap - ok
22:11:39.0369 2016 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:11:39.0370 2016 vsmraid - ok
22:11:39.0409 2016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:11:39.0410 2016 WacomPen - ok
22:11:39.0455 2016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:11:39.0458 2016 Wanarp - ok
22:11:39.0478 2016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:11:39.0480 2016 Wanarpv6 - ok
22:11:39.0616 2016 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:11:39.0617 2016 Wd - ok
22:11:39.0676 2016 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
22:11:39.0678 2016 WDC_SAM - ok
22:11:39.0731 2016 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:11:39.0742 2016 Wdf01000 - ok
22:11:39.0937 2016 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:11:39.0939 2016 WmiAcpi - ok
22:11:40.0025 2016 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
22:11:40.0027 2016 WpdUsb - ok
22:11:40.0076 2016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:11:40.0078 2016 ws2ifsl - ok
22:11:40.0230 2016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:11:40.0234 2016 WUDFRd - ok
22:11:40.0311 2016 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
22:11:40.0313 2016 yukonwlh - ok
22:11:40.0346 2016 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:11:40.0390 2016 \Device\Harddisk0\DR0 - ok
22:11:40.0395 2016 Boot (0x1200) (9cfca460e65be9ee1e922a1ed351d11a) \Device\Harddisk0\DR0\Partition0
22:11:40.0396 2016 \Device\Harddisk0\DR0\Partition0 - ok
22:11:40.0398 2016 ============================================================
22:11:40.0398 2016 Scan finished
22:11:40.0398 2016 ============================================================
22:11:40.0412 2332 Detected object count: 0
22:11:40.0412 2332 Actual detected object count: 0
22:25:57.0631 3832 Deinitialize success


Hope this helps.

John

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:36 AM

Posted 18 January 2012 - 10:43 PM

Process Explorer - Taking a Screenshot of Process Explorer.



Table of Contents
  • Introduction
  • Getting and Running Process Explorer
  • Taking screenshot of Process Explorer with some example screenshots.
  • Conclusion

1) Introduction to Process Explorer

Process Explorer is a lot like Task Manager, which is the program you access via the following keys on your keyboard: "CTRL+ALT+DELETE". Task Manager is used to display process information such as the process name, memory usage and other application information. However, the information that Task Manager displays is rather limited compared to what Process Explorer can show you. With Process Explorer one can see the entire process tree for a particular applications, which consists of all other processes that were started by the original process, or parent, in the tree.

Process Explorer has many different uses such as examining what process are active and what processes are making connections to outside computers. In this guide I will demonstrate the kinds of information one can gleam from using Process Explorer as opposed to using task manager.

2) Getting and Running Process Explorer

Getting Process Explorer is easy just use the below link:

Download Process Explorer

This is a completely free tool that is easy to run. You do not have to install anything, as it is just an executable program that runs on various Windows operating systems. Process Explorer is only available for Windows XP, Windows Vista, Windows 7, Windows 2003, and Windows 2008 (including their IA 64bit Counterparts).

Opening and running Process Explorer is quite easy:

After downloading the zipped file, you will need to unzip it in order to use it. You will have to remember where you downloaded the file and where it is saved. For example, I have a folder called Downloads on my other drive. I have Firefox and Internet Explorer set to save files to that location. You will want to consult the following images on where to locate the download folder for Firefox and Internet Explorer.


1) Firefox Default Download Location:

Posted Image


You can get to that window via Tools then Options, and you will want to look at the General Tab.



2) Internet Explorer will use the last location that you saved a file to. For example, for me it is on my other drive as seen in my screenshot. You can either choose Open, Save, or Cancel. Open will automatically open the file after it is downloaded. Save will save the file to a location for later use if you want to use it again, and cancel just cancels the download from happening. I would recommend that you save it for future use. It is a very useful tool.

Posted Image



Now that we have noted where we saved it to after downloading it, we need to extract it. You can use your favorite unzipping tool such as WinRAR, WinZIP, 7zip, or you can use what comes with Windows XP and later called Compressed Folders.

After locating the file <b>ProcessExplorer.zip</b>, you will want to do the following:

The easiest way is to just double click it and read the on screen instructions for how to extract/unzip it. I am going to use Windows Compressed Folders for ease of use since everyone has that already.

1) Right click the file.

Posted Image



2) Select Extract All and the following Window will come up:

Posted Image


At this point you can extract the needed files anywhere on your computer, but I am going to pick D:\downloads\ProcessExplorerfor the destination. Just hit Posted Image, and we are almost done. Upon successful extraction the following image will be seen.


3) Final Process of extracting Process Explorer from the Zipped file.

Posted Image


Now all you do to run Process Explorer is to double click the file called: procexp.exe and you are now ready to use Process Explorer.


3) Taking screenshot of Process Explorer with some example screenshots.

When asked to take a snap shot you can either use alt+prt scn, which is located above the home, end, page up, page down, and delete keys, and open your favorite photo editor such as The GIMP which is a free image editing program, MSPaint which is installed by default on most systems, Paint.NET which is also free, and many others that are available. Then go to Edit and hit Paste, and then to file and save as filename.jpg or something easy to remember. After you do this, head on over to a free image hosting website such as ImageShack.us, Photobucket.com, and many others (those are just the most popular). If you have a custom site that you run, then you can use that storage and web space to host your images (keep in mind your limits on bandwidth).

Now that you have taken the screenshots, and have hosted them to your web space. You can post them to a new topic, or to a current one that you have started by doing the following:

[img]linktoyourimagehere[/img]

Some of the images that may be of use are as follows:

1) Process Explorer Main

Posted Image


You will notice along the top various column headers such as Process, PID, CPU, Company Name, User Name, Path, and Image Type. These are all used in verifying what a process is doing, how much time it is taking up, who the process is being ran as, and the process path (which can be used to determine a legitimate process).


2) Here is a graphical representation of the colors that you will see in the main window. Of course, as you can see, you can change the colors for the main window.

Posted Image



3) The below image is what you get when you mouse over particular process, and the resulting is the ability for you to see what is running under that said process or service. This is extremely useful when seeing what svchosts are actually doing:

Posted Image



[indent=1]4) The below is an image for a particular process's properties which will tell us what is running under the said properties. You will notice the various tabs in the screenshot. Each tab tells you something that that process is doing such as what ports the process is being used to communicate to the computer and other processes. You can do this by right clicking on a process and selecting processes.

Posted Image

[/ident]


4) Conclusion

Why would you want to take a screenshot of Process Explorer?

The below output is very disorganized, and is produced when you save a text based representation of Process Explorer. A graphical representation of Process Explorer, and the processes that are active would show us more accurately as to what is running without having to spend too much time on analyzing a file that is humanly unreadable.

Process	PID	CPU	Description	Company Name	User Name	Path	Image Type
aim.exe	4412		AOL Instant Messenger	America Online, Inc.	alphacentari\cryptodan	C:\Program Files (x86)\AIM\aim.exe	32-bit
AOLacsd.exe	1396		AOL Connectivity Service	AOL LLC	NT AUTHORITY\SYSTEM	C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe	32-bit
audiodg.exe	1208	0.39	Windows Audio Device Graph Isolation 	Microsoft Corporation	NT AUTHORITY\LOCAL SERVICE	C:\Windows\System32\audiodg.exe	n/a
csrss.exe	648		Client Server Runtime Process	Microsoft Corporation	NT AUTHORITY\SYSTEM	C:\Windows\System32\csrss.exe	64-bit
csrss.exe	716		Client Server Runtime Process	Microsoft Corporation	NT AUTHORITY\SYSTEM	C:\Windows\System32\csrss.exe	64-bit
dllhost.exe	1508		COM Surrogate	Microsoft Corporation	NT AUTHORITY\SYSTEM	C:\Windows\System32\dllhost.exe	64-bit
DPCs	n/a	1.16	Deferred Procedure Calls				64-bit

As you can, see a screenshot of Process Explorer is much easier to read, then the text based output that a File and Save As produces.

If you want to see the actual file then visit the following link: http://www.cryptodan.net/txt/Procexp.txtProcess Explorer Text Based Capture[/url]

#12 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 January 2012 - 10:54 PM

Hi,

I am very familiar with process explorer.

Exactly what screen, and at what time, do you want me to capture?

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:36 AM

Posted 18 January 2012 - 11:21 PM

When you notice the high CPU usage.

#14 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 January 2012 - 11:59 PM

Here are some screen shots at various times from 1 minutes after startup to almost 10 minutes out.

I used the Process Explorer for some and the Task Manager Resource screen to illustrate the high and prolonged disk usage.


http://profile.imageshack.us/user/NHGuy/

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:36 AM

Posted 19 January 2012 - 12:39 AM

Expand the svchost.exe process that is taking up the highest cpu time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users