Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon.FP detected by MSE but cannot get rid of it


  • This topic is locked This topic is locked
42 replies to this topic

#1 TommyC11

TommyC11

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 01 May 2012 - 06:46 PM

Good afternoon,
I am running Windows 7 home premium and my laptop is a DELL Latitude E5400. I try hard to run MALWARE Anti-Malware routinely but I think something has slipped by me (and probably my children) since my MSE now detects several threats over and over. This actually started last week when Internet Explorer (used by the kids) would begin popping up phantom sites and never get you to where you wanted to go. I ran MW quick scan and it found nothing. I tried to insure my Windows Firewall was on still but it said my settings are not the recommended settings. When I try to change them, it says "Windows Firewall cannot change some of your settings. Error code 0x80070424".

I tried to let MSE run a full scan and it found the threats listed as "Trojan:Win32/Alureon.FP", "Trojan.Win64/Sirefef.Y", "Trojan.Win64/Sirefef.W", "Trojan.Win64/Sirefef.U", "Trojan.Win64/Sirefef.W" and "Trojan.Win64/Sirefef.B".

Once detected and cleaned, it asks me to reboot to finish the process but I cannot perform a complete reboot. Once it starts to reboot, it cannot do a startup and the system recovery comes up and attempts repairs. Since the repairs cannot be made by Windows, I am forced to restore from a previous recovery point. This has happened three times over the last few days and now I am afraid to reboot at all.

I have read through some of your forums and am sure I have some of the same symptoms but need some help getting "clean".

Thanks in advance for your help... Tom

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 PM

Posted 01 May 2012 - 08:14 PM

Hello,please do these and see ow it goes.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TommyC11

TommyC11
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 02 May 2012 - 05:39 AM

output from TDSKiller, the utility did not ask for a reboot... (thankfully since I cannot recover from it)


06:34:34.0639 1676 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
06:34:34.0951 1676 ============================================================
06:34:34.0951 1676 Current date / time: 2012/05/02 06:34:34.0951
06:34:34.0951 1676 SystemInfo:
06:34:34.0951 1676
06:34:34.0951 1676 OS Version: 6.1.7601 ServicePack: 1.0
06:34:34.0951 1676 Product type: Workstation
06:34:34.0951 1676 ComputerName: TOM-LAPTOP
06:34:34.0951 1676 UserName: Tom
06:34:34.0951 1676 Windows directory: C:\Windows
06:34:34.0951 1676 System windows directory: C:\Windows
06:34:34.0951 1676 Running under WOW64
06:34:34.0951 1676 Processor architecture: Intel x64
06:34:34.0951 1676 Number of processors: 1
06:34:34.0951 1676 Page size: 0x1000
06:34:34.0951 1676 Boot type: Normal boot
06:34:34.0951 1676 ============================================================
06:34:36.0230 1676 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:34:36.0230 1676 ============================================================
06:34:36.0230 1676 \Device\Harddisk0\DR0:
06:34:36.0230 1676 MBR partitions:
06:34:36.0230 1676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:34:36.0230 1676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
06:34:36.0230 1676 ============================================================
06:34:36.0277 1676 C: <-> \Device\Harddisk0\DR0\Partition1
06:34:36.0339 1676 ============================================================
06:34:36.0339 1676 Initialize success
06:34:36.0339 1676 ============================================================
06:34:55.0949 1700 ============================================================
06:34:55.0949 1700 Scan started
06:34:55.0949 1700 Mode: Manual; TDLFS;
06:34:55.0949 1700 ============================================================
06:34:56.0448 1700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:34:56.0463 1700 1394ohci - ok
06:34:56.0495 1700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:34:56.0495 1700 ACPI - ok
06:34:56.0541 1700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:34:56.0541 1700 AcpiPmi - ok
06:34:56.0713 1700 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:34:56.0713 1700 AdobeARMservice - ok
06:34:56.0869 1700 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:34:56.0885 1700 AdobeFlashPlayerUpdateSvc - ok
06:34:56.0978 1700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
06:34:56.0978 1700 adp94xx - ok
06:34:57.0056 1700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
06:34:57.0072 1700 adpahci - ok
06:34:57.0103 1700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
06:34:57.0134 1700 adpu320 - ok
06:34:57.0181 1700 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
06:34:57.0197 1700 AeLookupSvc - ok
06:34:57.0243 1700 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
06:34:57.0243 1700 AFD - ok
06:34:57.0290 1700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:34:57.0290 1700 agp440 - ok
06:34:57.0337 1700 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
06:34:57.0337 1700 ALG - ok
06:34:57.0353 1700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:34:57.0353 1700 aliide - ok
06:34:57.0368 1700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:34:57.0368 1700 amdide - ok
06:34:57.0384 1700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
06:34:57.0384 1700 AmdK8 - ok
06:34:57.0399 1700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
06:34:57.0399 1700 AmdPPM - ok
06:34:57.0431 1700 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
06:34:57.0431 1700 amdsata - ok
06:34:57.0446 1700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
06:34:57.0462 1700 amdsbs - ok
06:34:57.0462 1700 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
06:34:57.0462 1700 amdxata - ok
06:34:57.0509 1700 ApfiltrService (ab25bbac4daab97473e9afe7c90db299) C:\Windows\system32\DRIVERS\Apfiltr.sys
06:34:57.0509 1700 ApfiltrService - ok
06:34:57.0602 1700 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
06:34:57.0602 1700 AppHostSvc - ok
06:34:57.0696 1700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:34:57.0696 1700 AppID - ok
06:34:57.0727 1700 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
06:34:57.0727 1700 AppIDSvc - ok
06:34:57.0789 1700 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
06:34:57.0789 1700 Appinfo - ok
06:34:57.0961 1700 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:34:57.0961 1700 Apple Mobile Device - ok
06:34:58.0008 1700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
06:34:58.0023 1700 arc - ok
06:34:58.0039 1700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
06:34:58.0039 1700 arcsas - ok
06:34:58.0195 1700 aspnet_state (1838f16e9ce03b993fc500703b711dab) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
06:34:58.0195 1700 aspnet_state - ok
06:34:58.0242 1700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:34:58.0242 1700 AsyncMac - ok
06:34:58.0289 1700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:34:58.0289 1700 atapi - ok
06:34:58.0367 1700 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:34:58.0382 1700 AudioEndpointBuilder - ok
06:34:58.0382 1700 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:34:58.0398 1700 AudioSrv - ok
06:34:58.0460 1700 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
06:34:58.0460 1700 AxInstSV - ok
06:34:58.0538 1700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
06:34:58.0554 1700 b06bdrv - ok
06:34:58.0647 1700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:34:58.0647 1700 b57nd60a - ok
06:34:58.0819 1700 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
06:34:58.0881 1700 BCM43XX - ok
06:34:59.0022 1700 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
06:34:59.0022 1700 BDESVC - ok
06:34:59.0115 1700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:34:59.0115 1700 Beep - ok
06:34:59.0209 1700 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
06:34:59.0225 1700 BITS - ok
06:34:59.0287 1700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:34:59.0287 1700 blbdrive - ok
06:34:59.0427 1700 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
06:34:59.0427 1700 Bonjour Service - ok
06:34:59.0505 1700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:34:59.0505 1700 bowser - ok
06:34:59.0505 1700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:34:59.0505 1700 BrFiltLo - ok
06:34:59.0521 1700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:34:59.0521 1700 BrFiltUp - ok
06:34:59.0583 1700 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
06:34:59.0583 1700 Browser - ok
06:34:59.0599 1700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:34:59.0599 1700 Brserid - ok
06:34:59.0615 1700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:34:59.0615 1700 BrSerWdm - ok
06:34:59.0630 1700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:34:59.0630 1700 BrUsbMdm - ok
06:34:59.0646 1700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:34:59.0646 1700 BrUsbSer - ok
06:34:59.0708 1700 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
06:34:59.0708 1700 BthEnum - ok
06:34:59.0724 1700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:34:59.0724 1700 BTHMODEM - ok
06:34:59.0771 1700 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
06:34:59.0771 1700 BthPan - ok
06:34:59.0849 1700 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
06:34:59.0864 1700 BTHPORT - ok
06:34:59.0895 1700 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
06:34:59.0895 1700 bthserv - ok
06:34:59.0927 1700 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
06:34:59.0927 1700 BTHUSB - ok
06:35:00.0005 1700 cbfs3 (b9f9b339e3996a28a37b55b1c74e1d66) C:\Windows\system32\drivers\cbfs3.sys
06:35:00.0005 1700 cbfs3 - ok
06:35:00.0051 1700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:35:00.0067 1700 cdfs - ok
06:35:00.0145 1700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
06:35:00.0145 1700 cdrom - ok
06:35:00.0207 1700 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:35:00.0207 1700 CertPropSvc - ok
06:35:00.0285 1700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
06:35:00.0285 1700 circlass - ok
06:35:00.0348 1700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:35:00.0348 1700 CLFS - ok
06:35:00.0457 1700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:35:00.0457 1700 clr_optimization_v2.0.50727_32 - ok
06:35:00.0535 1700 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:35:00.0535 1700 clr_optimization_v2.0.50727_64 - ok
06:35:00.0644 1700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:35:00.0644 1700 clr_optimization_v4.0.30319_32 - ok
06:35:00.0722 1700 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:35:00.0722 1700 clr_optimization_v4.0.30319_64 - ok
06:35:00.0800 1700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:35:00.0800 1700 CmBatt - ok
06:35:00.0831 1700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:35:00.0831 1700 cmdide - ok
06:35:00.0878 1700 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
06:35:00.0894 1700 CNG - ok
06:35:00.0925 1700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:35:00.0925 1700 Compbatt - ok
06:35:01.0003 1700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
06:35:01.0003 1700 CompositeBus - ok
06:35:01.0019 1700 COMSysApp - ok
06:35:01.0034 1700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
06:35:01.0034 1700 crcdisk - ok
06:35:01.0128 1700 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
06:35:01.0128 1700 CryptSvc - ok
06:35:01.0143 1700 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
06:35:01.0159 1700 CVirtA - ok
06:35:01.0346 1700 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
06:35:01.0393 1700 CVPND - ok
06:35:01.0611 1700 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
06:35:01.0611 1700 CVPNDRVA - ok
06:35:01.0721 1700 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:35:01.0721 1700 DcomLaunch - ok
06:35:01.0783 1700 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
06:35:01.0799 1700 defragsvc - ok
06:35:01.0861 1700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:35:01.0861 1700 DfsC - ok
06:35:01.0939 1700 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
06:35:01.0955 1700 Dhcp - ok
06:35:01.0986 1700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:35:01.0986 1700 discache - ok
06:35:02.0033 1700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
06:35:02.0033 1700 Disk - ok
06:35:02.0095 1700 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
06:35:02.0111 1700 DNE - ok
06:35:02.0204 1700 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
06:35:02.0204 1700 Dnscache - ok
06:35:02.0267 1700 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
06:35:02.0282 1700 dot3svc - ok
06:35:02.0345 1700 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
06:35:02.0345 1700 DPS - ok
06:35:02.0391 1700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:35:02.0391 1700 drmkaud - ok
06:35:02.0438 1700 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
06:35:02.0438 1700 dsNcAdpt - ok
06:35:02.0610 1700 dsNcService (b9750c064b43c7a3bbc8a74f1127aa4e) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
06:35:02.0672 1700 dsNcService - ok
06:35:02.0781 1700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:35:02.0813 1700 DXGKrnl - ok
06:35:02.0844 1700 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
06:35:02.0844 1700 EapHost - ok
06:35:03.0047 1700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
06:35:03.0125 1700 ebdrv - ok
06:35:03.0265 1700 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
06:35:03.0281 1700 EFS - ok
06:35:03.0390 1700 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
06:35:03.0405 1700 ehRecvr - ok
06:35:03.0452 1700 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
06:35:03.0452 1700 ehSched - ok
06:35:03.0561 1700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
06:35:03.0577 1700 elxstor - ok
06:35:03.0624 1700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:35:03.0624 1700 ErrDev - ok
06:35:03.0686 1700 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
06:35:03.0702 1700 EventSystem - ok
06:35:03.0749 1700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:35:03.0749 1700 exfat - ok
06:35:03.0780 1700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:35:03.0795 1700 fastfat - ok
06:35:03.0889 1700 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
06:35:03.0905 1700 Fax - ok
06:35:03.0951 1700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
06:35:03.0951 1700 fdc - ok
06:35:03.0983 1700 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
06:35:03.0998 1700 fdPHost - ok
06:35:03.0998 1700 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
06:35:04.0014 1700 FDResPub - ok
06:35:04.0029 1700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:35:04.0029 1700 FileInfo - ok
06:35:04.0045 1700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:35:04.0045 1700 Filetrace - ok
06:35:04.0217 1700 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:35:04.0232 1700 FLEXnet Licensing Service - ok
06:35:04.0263 1700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
06:35:04.0263 1700 flpydisk - ok
06:35:04.0310 1700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:35:04.0326 1700 FltMgr - ok
06:35:04.0419 1700 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
06:35:04.0466 1700 FontCache - ok
06:35:04.0622 1700 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:35:04.0638 1700 FontCache3.0.0.0 - ok
06:35:04.0716 1700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:35:04.0731 1700 FsDepends - ok
06:35:04.0763 1700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
06:35:04.0763 1700 Fs_Rec - ok
06:35:04.0856 1700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:35:04.0856 1700 fvevol - ok
06:35:04.0903 1700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:35:04.0903 1700 gagp30kx - ok
06:35:04.0919 1700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:35:04.0919 1700 GEARAspiWDM - ok
06:35:05.0012 1700 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
06:35:05.0028 1700 gpsvc - ok
06:35:05.0184 1700 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:35:05.0184 1700 gupdate - ok
06:35:05.0215 1700 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:35:05.0215 1700 gupdatem - ok
06:35:05.0246 1700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:35:05.0246 1700 hcw85cir - ok
06:35:05.0340 1700 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
06:35:05.0355 1700 HdAudAddService - ok
06:35:05.0402 1700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
06:35:05.0402 1700 HDAudBus - ok
06:35:05.0418 1700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
06:35:05.0418 1700 HidBatt - ok
06:35:05.0480 1700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
06:35:05.0480 1700 HidBth - ok
06:35:05.0496 1700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
06:35:05.0496 1700 HidIr - ok
06:35:05.0543 1700 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
06:35:05.0543 1700 hidserv - ok
06:35:05.0589 1700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
06:35:05.0589 1700 HidUsb - ok
06:35:05.0636 1700 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
06:35:05.0636 1700 hkmsvc - ok
06:35:05.0699 1700 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
06:35:05.0699 1700 HomeGroupListener - ok
06:35:05.0777 1700 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
06:35:05.0777 1700 HomeGroupProvider - ok
06:35:05.0839 1700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:35:05.0839 1700 HpSAMD - ok
06:35:05.0948 1700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:35:05.0948 1700 HTTP - ok
06:35:06.0011 1700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:35:06.0011 1700 hwpolicy - ok
06:35:06.0057 1700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
06:35:06.0057 1700 i8042prt - ok
06:35:06.0120 1700 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
06:35:06.0120 1700 iaStorV - ok
06:35:06.0307 1700 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:35:06.0307 1700 idsvc - ok
06:35:06.0759 1700 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
06:35:07.0040 1700 igfx - ok
06:35:07.0196 1700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
06:35:07.0196 1700 iirsp - ok
06:35:07.0274 1700 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
06:35:07.0274 1700 IISADMIN - ok
06:35:07.0383 1700 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
06:35:07.0383 1700 IKEEXT - ok
06:35:07.0430 1700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:35:07.0430 1700 intelide - ok
06:35:07.0477 1700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:35:07.0477 1700 intelppm - ok
06:35:07.0524 1700 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
06:35:07.0524 1700 IPBusEnum - ok
06:35:07.0571 1700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:35:07.0571 1700 IpFilterDriver - ok
06:35:07.0586 1700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:35:07.0586 1700 IPMIDRV - ok
06:35:07.0649 1700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:35:07.0649 1700 IPNAT - ok
06:35:07.0805 1700 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
06:35:07.0836 1700 iPod Service - ok
06:35:07.0883 1700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:35:07.0883 1700 IRENUM - ok
06:35:07.0929 1700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:35:07.0929 1700 isapnp - ok
06:35:07.0992 1700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:35:08.0007 1700 iScsiPrt - ok
06:35:08.0070 1700 jmhkguki (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\jmhkguki.sys
06:35:08.0070 1700 jmhkguki - ok
06:35:08.0553 1700 JungleDiskWorkgroupService (1cca5a101fe508e75dcb48a15a3ae70e) C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
06:35:08.0803 1700 JungleDiskWorkgroupService - ok
06:35:08.0975 1700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
06:35:08.0975 1700 kbdclass - ok
06:35:09.0021 1700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
06:35:09.0021 1700 kbdhid - ok
06:35:09.0068 1700 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
06:35:09.0068 1700 KeyIso - ok
06:35:09.0115 1700 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
06:35:09.0115 1700 KSecDD - ok
06:35:09.0131 1700 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
06:35:09.0131 1700 KSecPkg - ok
06:35:09.0193 1700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:35:09.0193 1700 ksthunk - ok
06:35:09.0255 1700 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
06:35:09.0271 1700 KtmRm - ok
06:35:09.0349 1700 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
06:35:09.0365 1700 LanmanServer - ok
06:35:09.0427 1700 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
06:35:09.0427 1700 LanmanWorkstation - ok
06:35:09.0489 1700 lemsfcqc (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\lemsfcqc.sys
06:35:09.0489 1700 lemsfcqc - ok
06:35:09.0552 1700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:35:09.0552 1700 lltdio - ok
06:35:09.0614 1700 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
06:35:09.0630 1700 lltdsvc - ok
06:35:09.0645 1700 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
06:35:09.0661 1700 lmhosts - ok
06:35:09.0723 1700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:35:09.0723 1700 LSI_FC - ok
06:35:09.0739 1700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:35:09.0739 1700 LSI_SAS - ok
06:35:09.0770 1700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:35:09.0786 1700 LSI_SAS2 - ok
06:35:09.0801 1700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:35:09.0801 1700 LSI_SCSI - ok
06:35:09.0833 1700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:35:09.0848 1700 luafv - ok
06:35:09.0879 1700 lxdn_device - ok
06:35:09.0911 1700 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
06:35:09.0926 1700 Mcx2Svc - ok
06:35:09.0926 1700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
06:35:09.0926 1700 megasas - ok
06:35:09.0957 1700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
06:35:09.0957 1700 MegaSR - ok
06:35:10.0082 1700 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:35:10.0082 1700 Microsoft Office Groove Audit Service - ok
06:35:10.0129 1700 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:35:10.0145 1700 MMCSS - ok
06:35:10.0176 1700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:35:10.0176 1700 Modem - ok
06:35:10.0223 1700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:35:10.0223 1700 monitor - ok
06:35:10.0301 1700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
06:35:10.0301 1700 mouclass - ok
06:35:10.0332 1700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:35:10.0332 1700 mouhid - ok
06:35:10.0379 1700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:35:10.0379 1700 mountmgr - ok
06:35:10.0457 1700 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
06:35:10.0457 1700 MpFilter - ok
06:35:10.0519 1700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:35:10.0519 1700 mpio - ok
06:35:10.0581 1700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:35:10.0581 1700 mpsdrv - ok
06:35:10.0628 1700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:35:10.0644 1700 MRxDAV - ok
06:35:10.0691 1700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:35:10.0691 1700 mrxsmb - ok
06:35:10.0737 1700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:35:10.0753 1700 mrxsmb10 - ok
06:35:10.0784 1700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:35:10.0800 1700 mrxsmb20 - ok
06:35:10.0847 1700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
06:35:10.0847 1700 msahci - ok
06:35:10.0878 1700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:35:10.0878 1700 msdsm - ok
06:35:10.0909 1700 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
06:35:10.0925 1700 MSDTC - ok
06:35:10.0971 1700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:35:10.0971 1700 Msfs - ok
06:35:11.0003 1700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:35:11.0003 1700 mshidkmdf - ok
06:35:11.0034 1700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:35:11.0049 1700 msisadrv - ok
06:35:11.0096 1700 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
06:35:11.0096 1700 MSiSCSI - ok
06:35:11.0112 1700 msiserver - ok
06:35:11.0143 1700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:35:11.0143 1700 MSKSSRV - ok
06:35:11.0283 1700 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
06:35:11.0283 1700 MsMpSvc - ok
06:35:11.0315 1700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:35:11.0315 1700 MSPCLOCK - ok
06:35:11.0361 1700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:35:11.0361 1700 MSPQM - ok
06:35:11.0424 1700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:35:11.0424 1700 MsRPC - ok
06:35:11.0486 1700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:35:11.0486 1700 mssmbios - ok
06:35:11.0642 1700 MSSQLSERVER - ok
06:35:11.0767 1700 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
06:35:11.0767 1700 MSSQLServerADHelper100 - ok
06:35:11.0829 1700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:35:11.0829 1700 MSTEE - ok
06:35:11.0861 1700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
06:35:11.0861 1700 MTConfig - ok
06:35:11.0907 1700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:35:11.0907 1700 Mup - ok
06:35:11.0985 1700 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
06:35:11.0985 1700 napagent - ok
06:35:12.0048 1700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:35:12.0063 1700 NativeWifiP - ok
06:35:12.0110 1700 ncvyfnyw (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\ncvyfnyw.sys
06:35:12.0110 1700 ncvyfnyw - ok
06:35:12.0235 1700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
06:35:12.0266 1700 NDIS - ok
06:35:12.0313 1700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:35:12.0313 1700 NdisCap - ok
06:35:12.0344 1700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:35:12.0344 1700 NdisTapi - ok
06:35:12.0407 1700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:35:12.0407 1700 Ndisuio - ok
06:35:12.0453 1700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:35:12.0469 1700 NdisWan - ok
06:35:12.0516 1700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:35:12.0516 1700 NDProxy - ok
06:35:12.0563 1700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:35:12.0563 1700 NetBIOS - ok
06:35:12.0609 1700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:35:12.0625 1700 NetBT - ok
06:35:12.0687 1700 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
06:35:12.0687 1700 Netlogon - ok
06:35:12.0765 1700 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
06:35:12.0781 1700 Netman - ok
06:35:12.0828 1700 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
06:35:12.0843 1700 netprofm - ok
06:35:12.0968 1700 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:35:12.0968 1700 NetTcpPortSharing - ok
06:35:13.0031 1700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
06:35:13.0031 1700 nfrd960 - ok
06:35:13.0093 1700 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:35:13.0093 1700 NisDrv - ok
06:35:13.0202 1700 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
06:35:13.0202 1700 NisSrv - ok
06:35:13.0296 1700 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
06:35:13.0296 1700 NlaSvc - ok
06:35:13.0327 1700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:35:13.0343 1700 Npfs - ok
06:35:13.0389 1700 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
06:35:13.0389 1700 nsi - ok
06:35:13.0405 1700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:35:13.0405 1700 nsiproxy - ok
06:35:13.0545 1700 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
06:35:13.0592 1700 Ntfs - ok
06:35:13.0748 1700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:35:13.0748 1700 Null - ok
06:35:13.0811 1700 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
06:35:13.0811 1700 nvraid - ok
06:35:13.0826 1700 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
06:35:13.0826 1700 nvstor - ok
06:35:13.0904 1700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:35:13.0904 1700 nv_agp - ok
06:35:13.0967 1700 nyobhtfu (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\nyobhtfu.sys
06:35:13.0982 1700 nyobhtfu - ok
06:35:14.0123 1700 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:35:14.0138 1700 odserv - ok
06:35:14.0216 1700 oejotghr (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\oejotghr.sys
06:35:14.0216 1700 oejotghr - ok
06:35:14.0263 1700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:35:14.0263 1700 ohci1394 - ok
06:35:14.0357 1700 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:35:14.0357 1700 ose - ok
06:35:14.0435 1700 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:35:14.0435 1700 p2pimsvc - ok
06:35:14.0497 1700 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
06:35:14.0497 1700 p2psvc - ok
06:35:14.0544 1700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
06:35:14.0544 1700 Parport - ok
06:35:14.0591 1700 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
06:35:14.0591 1700 partmgr - ok
06:35:14.0637 1700 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
06:35:14.0637 1700 PcaSvc - ok
06:35:14.0700 1700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:35:14.0700 1700 pci - ok
06:35:14.0731 1700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:35:14.0731 1700 pciide - ok
06:35:14.0778 1700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
06:35:14.0793 1700 pcmcia - ok
06:35:14.0809 1700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:35:14.0825 1700 pcw - ok
06:35:14.0871 1700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:35:14.0887 1700 PEAUTH - ok
06:35:14.0981 1700 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
06:35:14.0981 1700 PerfHost - ok
06:35:15.0121 1700 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
06:35:15.0168 1700 pla - ok
06:35:15.0246 1700 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
06:35:15.0261 1700 PlugPlay - ok
06:35:15.0293 1700 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
06:35:15.0293 1700 PNRPAutoReg - ok
06:35:15.0355 1700 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:35:15.0355 1700 PNRPsvc - ok
06:35:15.0449 1700 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
06:35:15.0449 1700 Point64 - ok
06:35:15.0527 1700 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
06:35:15.0542 1700 PolicyAgent - ok
06:35:15.0589 1700 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
06:35:15.0589 1700 Power - ok
06:35:15.0636 1700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:35:15.0636 1700 PptpMiniport - ok
06:35:15.0683 1700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
06:35:15.0698 1700 Processor - ok
06:35:15.0745 1700 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
06:35:15.0761 1700 ProfSvc - ok
06:35:15.0807 1700 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
06:35:15.0807 1700 ProtectedStorage - ok
06:35:15.0870 1700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:35:15.0870 1700 Psched - ok
06:35:15.0963 1700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
06:35:15.0995 1700 ql2300 - ok
06:35:16.0151 1700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
06:35:16.0151 1700 ql40xx - ok
06:35:16.0213 1700 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
06:35:16.0213 1700 QWAVE - ok
06:35:16.0260 1700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:35:16.0260 1700 QWAVEdrv - ok
06:35:16.0275 1700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:35:16.0275 1700 RasAcd - ok
06:35:16.0338 1700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:35:16.0338 1700 RasAgileVpn - ok
06:35:16.0369 1700 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
06:35:16.0369 1700 RasAuto - ok
06:35:16.0431 1700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:35:16.0431 1700 Rasl2tp - ok
06:35:16.0494 1700 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
06:35:16.0525 1700 RasMan - ok
06:35:16.0572 1700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:35:16.0572 1700 RasPppoe - ok
06:35:16.0681 1700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:35:16.0712 1700 RasSstp - ok
06:35:16.0775 1700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:35:16.0775 1700 rdbss - ok
06:35:16.0821 1700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:35:16.0821 1700 rdpbus - ok
06:35:16.0853 1700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:35:16.0853 1700 RDPCDD - ok
06:35:16.0868 1700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:35:16.0868 1700 RDPENCDD - ok
06:35:16.0884 1700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:35:16.0899 1700 RDPREFMP - ok
06:35:16.0915 1700 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
06:35:16.0915 1700 RDPWD - ok
06:35:16.0993 1700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:35:16.0993 1700 rdyboost - ok
06:35:17.0055 1700 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
06:35:17.0055 1700 RemoteAccess - ok
06:35:17.0087 1700 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
06:35:17.0102 1700 RemoteRegistry - ok
06:35:17.0165 1700 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
06:35:17.0180 1700 RFCOMM - ok
06:35:17.0211 1700 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
06:35:17.0211 1700 rimmptsk - ok
06:35:17.0243 1700 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
06:35:17.0243 1700 RimUsb - ok
06:35:17.0258 1700 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
06:35:17.0274 1700 RpcEptMapper - ok
06:35:17.0305 1700 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
06:35:17.0305 1700 RpcLocator - ok
06:35:17.0383 1700 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:35:17.0383 1700 RpcSs - ok
06:35:17.0445 1700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:35:17.0445 1700 rspndr - ok
06:35:17.0477 1700 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
06:35:17.0477 1700 SamSs - ok
06:35:17.0523 1700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:35:17.0539 1700 sbp2port - ok
06:35:17.0586 1700 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
06:35:17.0601 1700 SCardSvr - ok
06:35:17.0648 1700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:35:17.0648 1700 scfilter - ok
06:35:17.0742 1700 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
06:35:17.0789 1700 Schedule - ok
06:35:17.0835 1700 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:35:17.0851 1700 SCPolicySvc - ok
06:35:17.0913 1700 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
06:35:17.0913 1700 sdbus - ok
06:35:17.0976 1700 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
06:35:17.0976 1700 SDRSVC - ok
06:35:18.0116 1700 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
06:35:18.0132 1700 SeaPort - ok
06:35:18.0179 1700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:35:18.0179 1700 secdrv - ok
06:35:18.0210 1700 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
06:35:18.0210 1700 seclogon - ok
06:35:18.0241 1700 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
06:35:18.0241 1700 SENS - ok
06:35:18.0272 1700 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
06:35:18.0272 1700 SensrSvc - ok
06:35:18.0319 1700 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
06:35:18.0319 1700 Sentinel64 - ok
06:35:18.0335 1700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:35:18.0335 1700 Serenum - ok
06:35:18.0366 1700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:35:18.0366 1700 Serial - ok
06:35:18.0444 1700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
06:35:18.0444 1700 sermouse - ok
06:35:18.0506 1700 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
06:35:18.0522 1700 SessionEnv - ok
06:35:18.0553 1700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:35:18.0569 1700 sffdisk - ok
06:35:18.0584 1700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:35:18.0584 1700 sffp_mmc - ok
06:35:18.0600 1700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:35:18.0600 1700 sffp_sd - ok
06:35:18.0615 1700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
06:35:18.0615 1700 sfloppy - ok
06:35:18.0709 1700 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
06:35:18.0725 1700 SharedAccess - ok
06:35:18.0803 1700 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
06:35:18.0818 1700 ShellHWDetection - ok
06:35:18.0865 1700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:35:18.0865 1700 SiSRaid2 - ok
06:35:18.0881 1700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
06:35:18.0896 1700 SiSRaid4 - ok
06:35:18.0959 1700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:35:18.0959 1700 Smb - ok
06:35:19.0021 1700 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
06:35:19.0021 1700 SNMPTRAP - ok
06:35:19.0099 1700 SNTUSB64 (b3d47be53a032eb8cd0a9b77d946dc19) C:\Windows\system32\DRIVERS\SNTUSB64.SYS
06:35:19.0099 1700 SNTUSB64 - ok
06:35:19.0130 1700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:35:19.0130 1700 spldr - ok
06:35:19.0193 1700 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
06:35:19.0224 1700 Spooler - ok
06:35:19.0411 1700 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
06:35:19.0505 1700 sppsvc - ok
06:35:19.0629 1700 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
06:35:19.0629 1700 sppuinotify - ok
06:35:19.0785 1700 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
06:35:19.0785 1700 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
06:35:19.0785 1700 sptd ( LockedFile.Multi.Generic ) - warning
06:35:19.0785 1700 sptd - detected LockedFile.Multi.Generic (1)
06:35:19.0957 1700 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
06:35:19.0973 1700 SQLBrowser - ok
06:35:20.0082 1700 SQLSERVERAGENT (37761f6be2ebaed72cc0d43bd4c8c2a6) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
06:35:20.0097 1700 SQLSERVERAGENT - ok
06:35:20.0222 1700 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
06:35:20.0222 1700 SQLWriter - ok
06:35:20.0441 1700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:35:20.0441 1700 srv - ok
06:35:20.0519 1700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:35:20.0519 1700 srv2 - ok
06:35:20.0597 1700 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
06:35:20.0597 1700 SrvHsfHDA - ok
06:35:20.0690 1700 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
06:35:20.0706 1700 SrvHsfV92 - ok
06:35:20.0924 1700 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
06:35:20.0940 1700 SrvHsfWinac - ok
06:35:21.0018 1700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:35:21.0018 1700 srvnet - ok
06:35:21.0080 1700 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
06:35:21.0080 1700 SSDPSRV - ok
06:35:21.0096 1700 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
06:35:21.0111 1700 SstpSvc - ok
06:35:21.0127 1700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
06:35:21.0127 1700 stexstor - ok
06:35:21.0174 1700 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
06:35:21.0174 1700 StillCam - ok
06:35:21.0267 1700 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
06:35:21.0299 1700 stisvc - ok
06:35:21.0299 1700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:35:21.0314 1700 swenum - ok
06:35:21.0345 1700 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
06:35:21.0361 1700 swprv - ok
06:35:21.0501 1700 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
06:35:21.0548 1700 SysMain - ok
06:35:21.0704 1700 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
06:35:21.0704 1700 TabletInputService - ok
06:35:21.0767 1700 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
06:35:21.0782 1700 TapiSrv - ok
06:35:21.0829 1700 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
06:35:21.0829 1700 TBS - ok
06:35:22.0016 1700 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
06:35:22.0063 1700 Tcpip - ok
06:35:22.0266 1700 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
06:35:22.0281 1700 TCPIP6 - ok
06:35:22.0422 1700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:35:22.0422 1700 tcpipreg - ok
06:35:22.0515 1700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:35:22.0515 1700 TDPIPE - ok
06:35:22.0515 1700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
06:35:22.0531 1700 TDTCP - ok
06:35:22.0609 1700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:35:22.0625 1700 tdx - ok
06:35:22.0671 1700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
06:35:22.0671 1700 TermDD - ok
06:35:22.0734 1700 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
06:35:22.0781 1700 TermService - ok
06:35:22.0827 1700 tgtmnawt (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\tgtmnawt.sys
06:35:22.0827 1700 tgtmnawt - ok
06:35:22.0843 1700 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
06:35:22.0843 1700 Themes - ok
06:35:22.0890 1700 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:35:22.0890 1700 THREADORDER - ok
06:35:22.0921 1700 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
06:35:22.0921 1700 TrkWks - ok
06:35:23.0015 1700 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
06:35:23.0015 1700 TrustedInstaller - ok
06:35:23.0061 1700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:35:23.0061 1700 tssecsrv - ok
06:35:23.0139 1700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:35:23.0139 1700 TsUsbFlt - ok
06:35:23.0233 1700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:35:23.0233 1700 tunnel - ok
06:35:23.0264 1700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
06:35:23.0264 1700 uagp35 - ok
06:35:23.0327 1700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:35:23.0358 1700 udfs - ok
06:35:23.0389 1700 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
06:35:23.0405 1700 UI0Detect - ok
06:35:23.0436 1700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:35:23.0436 1700 uliagpkx - ok
06:35:23.0498 1700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
06:35:23.0498 1700 umbus - ok
06:35:23.0514 1700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:35:23.0514 1700 UmPass - ok
06:35:23.0561 1700 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
06:35:23.0576 1700 upnphost - ok
06:35:23.0607 1700 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
06:35:23.0607 1700 USBAAPL64 - ok
06:35:23.0654 1700 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
06:35:23.0654 1700 usbccgp - ok
06:35:23.0670 1700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:35:23.0670 1700 usbcir - ok
06:35:23.0701 1700 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
06:35:23.0701 1700 usbehci - ok
06:35:23.0748 1700 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
06:35:23.0763 1700 usbhub - ok
06:35:23.0795 1700 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
06:35:23.0795 1700 usbohci - ok
06:35:23.0810 1700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
06:35:23.0810 1700 usbprint - ok
06:35:23.0857 1700 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:35:23.0857 1700 USBSTOR - ok
06:35:23.0888 1700 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
06:35:23.0888 1700 usbuhci - ok
06:35:23.0935 1700 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
06:35:23.0935 1700 UxSms - ok
06:35:23.0966 1700 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
06:35:23.0966 1700 VaultSvc - ok
06:35:24.0044 1700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:35:24.0044 1700 vdrvroot - ok
06:35:24.0107 1700 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
06:35:24.0138 1700 vds - ok
06:35:24.0185 1700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:35:24.0185 1700 vga - ok
06:35:24.0231 1700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:35:24.0231 1700 VgaSave - ok
06:35:24.0278 1700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:35:24.0294 1700 vhdmp - ok
06:35:24.0309 1700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:35:24.0309 1700 viaide - ok
06:35:24.0356 1700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:35:24.0372 1700 volmgr - ok
06:35:24.0434 1700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:35:24.0434 1700 volmgrx - ok
06:35:24.0512 1700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:35:24.0512 1700 volsnap - ok
06:35:24.0575 1700 vrlaylyv (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\vrlaylyv.sys
06:35:24.0590 1700 vrlaylyv - ok
06:35:24.0637 1700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
06:35:24.0637 1700 vsmraid - ok
06:35:24.0762 1700 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
06:35:24.0809 1700 VSS - ok
06:35:24.0965 1700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
06:35:24.0965 1700 vwifibus - ok
06:35:24.0996 1700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
06:35:24.0996 1700 vwififlt - ok
06:35:25.0058 1700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
06:35:25.0058 1700 vwifimp - ok
06:35:25.0121 1700 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
06:35:25.0136 1700 W32Time - ok
06:35:25.0261 1700 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
06:35:25.0277 1700 W3SVC - ok
06:35:25.0308 1700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
06:35:25.0323 1700 WacomPen - ok
06:35:25.0386 1700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:35:25.0386 1700 WANARP - ok
06:35:25.0417 1700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:35:25.0417 1700 Wanarpv6 - ok
06:35:25.0433 1700 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
06:35:25.0433 1700 WAS - ok
06:35:25.0557 1700 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
06:35:25.0589 1700 wbengine - ok
06:35:25.0713 1700 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
06:35:25.0729 1700 WbioSrvc - ok
06:35:25.0807 1700 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
06:35:25.0823 1700 wcncsvc - ok
06:35:25.0854 1700 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
06:35:25.0854 1700 WcsPlugInService - ok
06:35:25.0932 1700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
06:35:25.0932 1700 Wd - ok
06:35:25.0963 1700 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
06:35:25.0963 1700 WDC_SAM - ok
06:35:26.0072 1700 WDDMService (6209c98eaa7d003dbea3eb3245211342) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
06:35:26.0088 1700 WDDMService - ok
06:35:26.0135 1700 wdedakmj (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\wdedakmj.sys
06:35:26.0135 1700 wdedakmj - ok
06:35:26.0213 1700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:35:26.0213 1700 Wdf01000 - ok
06:35:26.0447 1700 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
06:35:26.0478 1700 WDFME - ok
06:35:26.0603 1700 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:35:26.0603 1700 WdiServiceHost - ok
06:35:26.0618 1700 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:35:26.0618 1700 WdiSystemHost - ok
06:35:26.0681 1700 WDSC (3e2b446bfd98ee3ab236fe9e84f35489) C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
06:35:26.0696 1700 WDSC - ok
06:35:26.0759 1700 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
06:35:26.0759 1700 WebClient - ok
06:35:26.0805 1700 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
06:35:26.0805 1700 Wecsvc - ok
06:35:26.0837 1700 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
06:35:26.0837 1700 wercplsupport - ok
06:35:26.0868 1700 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
06:35:26.0868 1700 WerSvc - ok
06:35:26.0961 1700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:35:26.0961 1700 WfpLwf - ok
06:35:26.0977 1700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:35:26.0977 1700 WIMMount - ok
06:35:26.0993 1700 WinHttpAutoProxySvc - ok
06:35:27.0071 1700 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
06:35:27.0086 1700 Winmgmt - ok
06:35:27.0273 1700 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
06:35:27.0336 1700 WinRM - ok
06:35:27.0539 1700 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
06:35:27.0539 1700 WinUsb - ok
06:35:27.0617 1700 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
06:35:27.0632 1700 Wlansvc - ok
06:35:27.0898 1700 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:35:27.0976 1700 wlidsvc - ok
06:35:28.0148 1700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:35:28.0148 1700 WmiAcpi - ok
06:35:28.0226 1700 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
06:35:28.0226 1700 wmiApSrv - ok
06:35:28.0288 1700 WMPNetworkSvc - ok
06:35:28.0320 1700 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
06:35:28.0320 1700 WPCSvc - ok
06:35:28.0366 1700 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
06:35:28.0366 1700 WPDBusEnum - ok
06:35:28.0413 1700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:35:28.0413 1700 ws2ifsl - ok
06:35:28.0476 1700 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
06:35:28.0476 1700 WSDPrintDevice - ok
06:35:28.0491 1700 WSearch - ok
06:35:28.0647 1700 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
06:35:28.0726 1700 wuauserv - ok
06:35:28.0913 1700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:35:28.0913 1700 WudfPf - ok
06:35:28.0976 1700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:35:28.0976 1700 WUDFRd - ok
06:35:29.0038 1700 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
06:35:29.0038 1700 wudfsvc - ok
06:35:29.0085 1700 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
06:35:29.0101 1700 WwanSvc - ok
06:35:29.0179 1700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:35:29.0319 1700 \Device\Harddisk0\DR0 - ok
06:35:29.0335 1700 Boot (0x1200) (845515c0828ff20efe7c41b9dd4fc6d4) \Device\Harddisk0\DR0\Partition0
06:35:29.0335 1700 \Device\Harddisk0\DR0\Partition0 - ok
06:35:29.0366 1700 Boot (0x1200) (5e6f895f367cbccae4756c78479d7ea9) \Device\Harddisk0\DR0\Partition1
06:35:29.0366 1700 \Device\Harddisk0\DR0\Partition1 - ok
06:35:29.0381 1700 ============================================================
06:35:29.0381 1700 Scan finished
06:35:29.0381 1700 ============================================================
06:35:29.0428 2884 Detected object count: 1
06:35:29.0428 2884 Actual detected object count: 1
06:35:40.0630 2884 sptd ( LockedFile.Multi.Generic ) - skipped by user
06:35:40.0630 2884 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


*******************************************************************************************

#4 TommyC11

TommyC11
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 02 May 2012 - 07:05 AM

I will have the ESET scan results posted shortly, it is taking much longer than I thought. As I read the MW instructions, you ask me to do the reboot if the results dictate it. In my initial post I noted that I have done reboots based on MSE and MW scans telling me too. The issue is that the machine will not restart properly after I ask it to reboot. I am forced into doing a System Restore from a point in my system of a week ago and that is the only means of recovering the startup.

Are you sure that you want me to perform the reboot when asked? I fear that all this work will be lost and we will be right back at square one.

Please advise... and thanks for your help... Tom

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 PM

Posted 02 May 2012 - 10:11 AM

Ok, Lets see what they say an DO NOT reboot.. Problem is that the reboots are what cleans the malware from the Regittry. Ley see the logs... Perhaps we will move you if needed to see why you cannot reboot as that in itself is a real problem.. Normal rebooting flushes the RAM.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 TommyC11

TommyC11
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 02 May 2012 - 11:20 AM

boopme... here are the results from the ESET scan. I DID NOT reboot yet as directed. I am now going to proceed with the MW step as directed.

C:\Users\Tom\AppData\Local\Temp\jar_cache1893619820743594189.tmp Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\Tom\AppData\Local\Temp\jar_cache441114741555314326.tmp Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\Tom\AppData\Local\Temp\jar_cache4806386780422399114.tmp Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\596ddf9a-2c35afc4 a variant of Java/Exploit.Agent.NBE trojan deleted - quarantined
C:\Windows\assembly\temp\U\80000000.@ Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000032.$ a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000064.$ Win64/Sirefef.AC trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000064.@ Win64/Sirefef.AC trojan cleaned by deleting - quarantined
C:\Windows\system64\emu10k.dll Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 02 May 2012 - 11:30 AM

Once detected and cleaned, it asks me to reboot to finish the process but I cannot perform a complete reboot. Once it starts to reboot, it cannot do a startup and the system recovery comes up and attempts repairs.

Actually MSE deletes a rootkit file called consrv.dll in C:\windows\system32 folder .Rootkit edits an important registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems

to make consrv.dll load at the boot up.Now when MSE deletes the file the registry path becomes invalid which is causing the system to become unbootable.

Edited by narenxp, 02 May 2012 - 11:30 AM.


#8 TommyC11

TommyC11
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 02 May 2012 - 01:38 PM

boopme... here are the results from the Malware scan... there were no threats detected....

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tom :: TOM-LAPTOP [administrator]

5/2/2012 2:31:35 PM
mbam-log-2012-05-02 (14-31-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259250
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 PM

Posted 02 May 2012 - 08:16 PM

narenxp do you want them to replace a registry file?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 02 May 2012 - 09:26 PM

Boopme

Replacing the registry key may work but we could still have infections on the PC.Running aswmbr would allow us to get an idea


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 02 May 2012 - 09:26 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 PM

Posted 02 May 2012 - 09:41 PM

Ok cool, I was asking as I was not sure??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 TommyC11

TommyC11
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 03 May 2012 - 05:55 AM

boopme and narenxp... thanks again for your help. I have posted the results of the ASWMBR scan.... see below

Tommy C



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 06:02:53
-----------------------------
06:02:53.505 OS Version: Windows x64 6.1.7601 Service Pack 1
06:02:53.505 Number of processors: 1 586 0x170A
06:02:53.506 ComputerName: TOM-LAPTOP UserName: Tom
06:02:54.157 Initialize success
06:07:09.919 AVAST engine defs: 12050300
06:07:30.879 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:07:30.882 Disk 0 Vendor: WDC_WD1600BEVT-75A23T0 01.01A01 Size: 152627MB BusType: 11
06:07:30.916 Disk 0 MBR read successfully
06:07:30.919 Disk 0 MBR scan
06:07:30.950 Disk 0 Windows 7 default MBR code
06:07:30.987 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
06:07:31.023 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
06:07:31.126 Disk 0 scanning C:\Windows\system32\drivers
06:07:44.745 Service scanning
06:08:21.792 Modules scanning
06:08:21.801 Disk 0 trace - called modules:
06:08:21.815 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80021432c0]<<sppk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
06:08:21.820 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027c0690]
06:08:21.828 3 CLASSPNP.SYS[fffff88001b7143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80025f1680]
06:08:21.836 \Driver\atapi[0xfffffa80021f9e70] -> IRP_MJ_CREATE -> 0xfffffa80021432c0
06:08:24.145 AVAST engine scan C:\Windows
06:08:26.025 AVAST engine scan C:\Windows\system32
06:08:49.773 File: C:\Windows\system32\emu10k.dll **INFECTED** Win64:ZAccess-E [Rtk]
06:10:59.267 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
06:11:04.257 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
06:12:48.030 File: C:\Windows\assembly\temp\U\80000032.$ **INFECTED** Win32:DNSChanger-VJ [Trj]
06:12:48.092 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
06:12:48.139 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
06:12:50.572 AVAST engine scan C:\Windows\system32\drivers
06:13:28.746 AVAST engine scan C:\Users\Tom
06:49:26.524 AVAST engine scan C:\ProgramData
06:51:59.077 Scan finished successfully
06:52:41.598 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
06:52:41.598 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 03 May 2012 - 06:07 AM

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Download

http://www.filedropper.com/winsrv

Launch the winsrv.reg file and click YES

Restart the PC and run aswmbr again and post the new log

#14 TommyC11

TommyC11
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 03 May 2012 - 06:24 AM

narenxp... I assume that you have read my symptoms and know that my machine has not had the ability to reboot for a week now due to the infections. I just want to make sure that these processes will help restore that reboot ability, and that your instructions are clear that is what I am to do...

Thanks for the quick reply... Tommy C

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 03 May 2012 - 06:30 AM

go ahead :thumbup2:

Edited by narenxp, 03 May 2012 - 06:30 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users