Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of fake "Data Recovery" malware


  • Please log in to reply
12 replies to this topic

#1 carnemark

carnemark

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 July 2012 - 12:01 PM

Windows 7, 64-bit. I've seen rogue software very similar to this before (S.M.A.R.T. Check, for example) and have always been able to find a working solution after a couple minutes of googling. However, this time I have not been able to find anything that works.

I am able to access the internet without having to go into Safe Mode. All desktop icons and start menu links have been hidden and the program launches every time I sign in. In the past when I've encountered a similar situation I was able to remove it with malwarebytes and then run unhide.exe to restore everything. Malwarebytes has been unable to remove this one though.

Here is a screenshot of the program:

http://i.imgur.com/6R2gh.png

Edit: Moved topic from Windows 7 Forum to the more appropriate forum
Reason: Not really a Windows 7 Problem
Roger @ 1:21PM

Edited by rotor123, 20 July 2012 - 12:21 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:19 AM

Posted 20 July 2012 - 12:43 PM

Boot into safemode with networking


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 carnemark

carnemark
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 July 2012 - 01:01 PM

Here is the TDSSKiller log (I'm doing the next one now, will post shortly):


13:58:49.0256 1696 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
13:58:49.0880 1696 ============================================================
13:58:49.0880 1696 Current date / time: 2012/07/20 13:58:49.0880
13:58:49.0880 1696 SystemInfo:
13:58:49.0880 1696
13:58:49.0880 1696 OS Version: 6.1.7601 ServicePack: 1.0
13:58:49.0880 1696 Product type: Workstation
13:58:49.0880 1696 ComputerName: DBP9VPN1
13:58:49.0880 1696 UserName: escopin
13:58:49.0880 1696 Windows directory: C:\Windows
13:58:49.0880 1696 System windows directory: C:\Windows
13:58:49.0880 1696 Running under WOW64
13:58:49.0880 1696 Processor architecture: Intel x64
13:58:49.0880 1696 Number of processors: 4
13:58:49.0880 1696 Page size: 0x1000
13:58:49.0880 1696 Boot type: Safe boot with network
13:58:49.0880 1696 ============================================================
13:58:51.0097 1696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:58:51.0113 1696 Drive \Device\Harddisk1\DR1 - Size: 0xF0FFA000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:58:51.0128 1696 ============================================================
13:58:51.0128 1696 \Device\Harddisk0\DR0:
13:58:51.0128 1696 MBR partitions:
13:58:51.0128 1696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x152D000
13:58:51.0128 1696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1541000, BlocksNum 0x38E3D830
13:58:51.0128 1696 \Device\Harddisk1\DR1:
13:58:51.0128 1696 MBR partitions:
13:58:51.0128 1696 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x787F91
13:58:51.0128 1696 ============================================================
13:58:51.0175 1696 C: <-> \Device\Harddisk0\DR0\Partition1
13:58:51.0175 1696 ============================================================
13:58:51.0175 1696 Initialize success
13:58:51.0175 1696 ============================================================
13:59:12.0188 1744 ============================================================
13:59:12.0188 1744 Scan started
13:59:12.0188 1744 Mode: Manual; TDLFS;
13:59:12.0188 1744 ============================================================
13:59:13.0031 1744 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:59:13.0031 1744 1394ohci - ok
13:59:13.0046 1744 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:59:13.0046 1744 ACPI - ok
13:59:13.0062 1744 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:59:13.0062 1744 AcpiPmi - ok
13:59:13.0093 1744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:59:13.0093 1744 adp94xx - ok
13:59:13.0109 1744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:59:13.0109 1744 adpahci - ok
13:59:13.0124 1744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:59:13.0124 1744 adpu320 - ok
13:59:13.0140 1744 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:59:13.0156 1744 AeLookupSvc - ok
13:59:13.0202 1744 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
13:59:13.0202 1744 AFD - ok
13:59:13.0234 1744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:59:13.0234 1744 agp440 - ok
13:59:13.0249 1744 ahcix64s (af53917d9741a84627fa689ea622558a) C:\Windows\system32\DRIVERS\ahcix64s.sys
13:59:13.0265 1744 ahcix64s - ok
13:59:13.0280 1744 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:59:13.0280 1744 ALG - ok
13:59:13.0296 1744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:59:13.0296 1744 aliide - ok
13:59:13.0327 1744 AMD External Events Utility (f0e61cf2c0fda5b011cd1cb2e2353c9a) C:\Windows\system32\atiesrxx.exe
13:59:13.0327 1744 AMD External Events Utility - ok
13:59:13.0390 1744 AMDFusionSVC (b2b7d8f695b5d97a63eda789e9d237e1) c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
13:59:13.0390 1744 AMDFusionSVC - ok
13:59:13.0421 1744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:59:13.0421 1744 amdide - ok
13:59:13.0436 1744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:59:13.0436 1744 AmdK8 - ok
13:59:13.0577 1744 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys
13:59:13.0670 1744 amdkmdag - ok
13:59:13.0764 1744 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys
13:59:13.0764 1744 amdkmdap - ok
13:59:13.0795 1744 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
13:59:13.0795 1744 AmdLLD64 - ok
13:59:13.0811 1744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:59:13.0811 1744 AmdPPM - ok
13:59:13.0826 1744 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
13:59:13.0826 1744 amdsata - ok
13:59:13.0842 1744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:59:13.0858 1744 amdsbs - ok
13:59:13.0858 1744 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
13:59:13.0858 1744 amdxata - ok
13:59:13.0904 1744 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
13:59:13.0904 1744 AMD_RAIDXpert - ok
13:59:13.0951 1744 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:59:13.0951 1744 AppID - ok
13:59:13.0982 1744 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:59:13.0982 1744 AppIDSvc - ok
13:59:13.0998 1744 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:59:13.0998 1744 Appinfo - ok
13:59:14.0045 1744 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:59:14.0060 1744 Apple Mobile Device - ok
13:59:14.0076 1744 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:59:14.0076 1744 AppMgmt - ok
13:59:14.0092 1744 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:59:14.0092 1744 arc - ok
13:59:14.0092 1744 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:59:14.0107 1744 arcsas - ok
13:59:14.0123 1744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:59:14.0123 1744 AsyncMac - ok
13:59:14.0138 1744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:59:14.0138 1744 atapi - ok
13:59:14.0154 1744 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
13:59:14.0154 1744 AtiHdmiService - ok
13:59:14.0201 1744 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:59:14.0201 1744 AudioEndpointBuilder - ok
13:59:14.0216 1744 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:59:14.0216 1744 AudioSrv - ok
13:59:14.0263 1744 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:59:14.0263 1744 AxInstSV - ok
13:59:14.0294 1744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:59:14.0310 1744 b06bdrv - ok
13:59:14.0326 1744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:59:14.0326 1744 b57nd60a - ok
13:59:14.0341 1744 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:59:14.0341 1744 BDESVC - ok
13:59:14.0372 1744 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:59:14.0372 1744 Beep - ok
13:59:14.0388 1744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:59:14.0388 1744 blbdrive - ok
13:59:14.0435 1744 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:59:14.0435 1744 Bonjour Service - ok
13:59:14.0450 1744 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:59:14.0450 1744 bowser - ok
13:59:14.0450 1744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:59:14.0450 1744 BrFiltLo - ok
13:59:14.0450 1744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:59:14.0450 1744 BrFiltUp - ok
13:59:14.0466 1744 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:59:14.0466 1744 BridgeMP - ok
13:59:14.0482 1744 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:59:14.0482 1744 Browser - ok
13:59:14.0513 1744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:59:14.0513 1744 Brserid - ok
13:59:14.0513 1744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:59:14.0513 1744 BrSerWdm - ok
13:59:14.0513 1744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:59:14.0528 1744 BrUsbMdm - ok
13:59:14.0528 1744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:59:14.0528 1744 BrUsbSer - ok
13:59:14.0528 1744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:59:14.0528 1744 BTHMODEM - ok
13:59:14.0560 1744 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:59:14.0560 1744 bthserv - ok
13:59:14.0560 1744 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:59:14.0560 1744 cdfs - ok
13:59:14.0591 1744 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:59:14.0591 1744 cdrom - ok
13:59:14.0653 1744 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:59:14.0653 1744 CertPropSvc - ok
13:59:14.0669 1744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:59:14.0669 1744 circlass - ok
13:59:14.0684 1744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:59:14.0684 1744 CLFS - ok
13:59:14.0731 1744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:59:14.0731 1744 clr_optimization_v2.0.50727_32 - ok
13:59:14.0762 1744 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:59:14.0762 1744 clr_optimization_v2.0.50727_64 - ok
13:59:14.0778 1744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:59:14.0778 1744 CmBatt - ok
13:59:14.0794 1744 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:59:14.0794 1744 cmdide - ok
13:59:14.0840 1744 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:59:14.0856 1744 CNG - ok
13:59:14.0872 1744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:59:14.0872 1744 Compbatt - ok
13:59:14.0887 1744 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:59:14.0887 1744 CompositeBus - ok
13:59:14.0903 1744 COMSysApp - ok
13:59:14.0903 1744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:59:14.0903 1744 crcdisk - ok
13:59:14.0950 1744 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:59:14.0965 1744 CryptSvc - ok
13:59:14.0981 1744 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:59:14.0981 1744 CSC - ok
13:59:15.0012 1744 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:59:15.0028 1744 CscService - ok
13:59:15.0059 1744 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
13:59:15.0059 1744 dc3d - ok
13:59:15.0090 1744 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:59:15.0106 1744 DcomLaunch - ok
13:59:15.0121 1744 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:59:15.0121 1744 defragsvc - ok
13:59:15.0152 1744 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:59:15.0152 1744 DfsC - ok
13:59:15.0184 1744 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:59:15.0184 1744 Dhcp - ok
13:59:15.0199 1744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:59:15.0199 1744 discache - ok
13:59:15.0230 1744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:59:15.0230 1744 Disk - ok
13:59:15.0277 1744 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
13:59:15.0277 1744 Dnscache - ok
13:59:15.0324 1744 DockLoginService - ok
13:59:15.0340 1744 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:59:15.0340 1744 dot3svc - ok
13:59:15.0371 1744 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:59:15.0371 1744 DPS - ok
13:59:15.0402 1744 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:59:15.0402 1744 drmkaud - ok
13:59:15.0449 1744 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:59:15.0449 1744 DXGKrnl - ok
13:59:15.0496 1744 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:59:15.0496 1744 EapHost - ok
13:59:15.0574 1744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:59:15.0636 1744 ebdrv - ok
13:59:15.0714 1744 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
13:59:15.0714 1744 EFS - ok
13:59:15.0776 1744 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:59:15.0776 1744 ehRecvr - ok
13:59:15.0792 1744 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:59:15.0792 1744 ehSched - ok
13:59:15.0839 1744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:59:15.0839 1744 elxstor - ok
13:59:15.0854 1744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:59:15.0854 1744 ErrDev - ok
13:59:15.0917 1744 esgiguard - ok
13:59:15.0948 1744 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:59:15.0948 1744 EventSystem - ok
13:59:15.0964 1744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:59:15.0979 1744 exfat - ok
13:59:15.0995 1744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:59:15.0995 1744 fastfat - ok
13:59:16.0057 1744 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:59:16.0057 1744 Fax - ok
13:59:16.0057 1744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:59:16.0057 1744 fdc - ok
13:59:16.0088 1744 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:59:16.0088 1744 fdPHost - ok
13:59:16.0088 1744 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:59:16.0088 1744 FDResPub - ok
13:59:16.0104 1744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:59:16.0104 1744 FileInfo - ok
13:59:16.0104 1744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:59:16.0104 1744 Filetrace - ok
13:59:16.0166 1744 FixTDSS (00940c5e43282206994659d16b4ac412) C:\Windows\system32\drivers\FixTDSS.sys
13:59:16.0166 1744 FixTDSS - ok
13:59:16.0229 1744 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:59:16.0244 1744 FLEXnet Licensing Service - ok
13:59:16.0260 1744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:59:16.0260 1744 flpydisk - ok
13:59:16.0291 1744 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:59:16.0291 1744 FltMgr - ok
13:59:16.0338 1744 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
13:59:16.0354 1744 FontCache - ok
13:59:16.0385 1744 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:59:16.0385 1744 FontCache3.0.0.0 - ok
13:59:16.0416 1744 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:59:16.0416 1744 FsDepends - ok
13:59:16.0432 1744 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:59:16.0432 1744 Fs_Rec - ok
13:59:16.0463 1744 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:59:16.0463 1744 fvevol - ok
13:59:16.0494 1744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:59:16.0494 1744 gagp30kx - ok
13:59:16.0510 1744 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:59:16.0510 1744 GEARAspiWDM - ok
13:59:16.0556 1744 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:59:16.0572 1744 GoToAssist - ok
13:59:16.0619 1744 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:59:16.0619 1744 gpsvc - ok
13:59:16.0634 1744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:59:16.0634 1744 hcw85cir - ok
13:59:16.0666 1744 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:59:16.0666 1744 HDAudBus - ok
13:59:16.0666 1744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:59:16.0666 1744 HidBatt - ok
13:59:16.0666 1744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:59:16.0666 1744 HidBth - ok
13:59:16.0681 1744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:59:16.0681 1744 HidIr - ok
13:59:16.0697 1744 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:59:16.0697 1744 hidserv - ok
13:59:16.0728 1744 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:59:16.0728 1744 HidUsb - ok
13:59:16.0744 1744 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:59:16.0744 1744 hkmsvc - ok
13:59:16.0775 1744 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:59:16.0775 1744 HomeGroupListener - ok
13:59:16.0806 1744 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:59:16.0806 1744 HomeGroupProvider - ok
13:59:16.0822 1744 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:59:16.0822 1744 HpSAMD - ok
13:59:16.0853 1744 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:59:16.0868 1744 HTTP - ok
13:59:16.0884 1744 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:59:16.0884 1744 hwpolicy - ok
13:59:16.0931 1744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:59:16.0931 1744 i8042prt - ok
13:59:16.0946 1744 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
13:59:16.0962 1744 iaStorV - ok
13:59:17.0024 1744 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:59:17.0040 1744 idsvc - ok
13:59:17.0071 1744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:59:17.0071 1744 iirsp - ok
13:59:17.0118 1744 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:59:17.0134 1744 IKEEXT - ok
13:59:17.0212 1744 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
13:59:17.0243 1744 IntcAzAudAddService - ok
13:59:17.0336 1744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:59:17.0336 1744 intelide - ok
13:59:17.0352 1744 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:59:17.0352 1744 intelppm - ok
13:59:17.0368 1744 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:59:17.0368 1744 IPBusEnum - ok
13:59:17.0399 1744 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:59:17.0399 1744 IpFilterDriver - ok
13:59:17.0461 1744 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:59:17.0477 1744 iphlpsvc - ok
13:59:17.0492 1744 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:59:17.0492 1744 IPMIDRV - ok
13:59:17.0524 1744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:59:17.0524 1744 IPNAT - ok
13:59:17.0570 1744 iPod Service (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe
13:59:17.0570 1744 iPod Service - ok
13:59:17.0586 1744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:59:17.0586 1744 IRENUM - ok
13:59:17.0602 1744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:59:17.0602 1744 isapnp - ok
13:59:17.0617 1744 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:59:17.0617 1744 iScsiPrt - ok
13:59:17.0648 1744 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:59:17.0648 1744 k57nd60a - ok
13:59:17.0664 1744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:59:17.0664 1744 kbdclass - ok
13:59:17.0695 1744 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:59:17.0695 1744 kbdhid - ok
13:59:17.0726 1744 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:59:17.0726 1744 KeyIso - ok
13:59:17.0742 1744 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:59:17.0742 1744 KSecDD - ok
13:59:17.0758 1744 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:59:17.0758 1744 KSecPkg - ok
13:59:17.0773 1744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:59:17.0773 1744 ksthunk - ok
13:59:17.0804 1744 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:59:17.0804 1744 KtmRm - ok
13:59:17.0851 1744 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:59:17.0851 1744 LanmanServer - ok
13:59:17.0867 1744 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:59:17.0882 1744 LanmanWorkstation - ok
13:59:17.0898 1744 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:59:17.0898 1744 lltdio - ok
13:59:17.0914 1744 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:59:17.0914 1744 lltdsvc - ok
13:59:17.0929 1744 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:59:17.0929 1744 lmhosts - ok
13:59:17.0945 1744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:59:17.0945 1744 LSI_FC - ok
13:59:17.0960 1744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:59:17.0960 1744 LSI_SAS - ok
13:59:17.0960 1744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:59:17.0960 1744 LSI_SAS2 - ok
13:59:17.0960 1744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:59:17.0960 1744 LSI_SCSI - ok
13:59:17.0976 1744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:59:17.0976 1744 luafv - ok
13:59:17.0992 1744 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:59:17.0992 1744 Mcx2Svc - ok
13:59:18.0007 1744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:59:18.0007 1744 megasas - ok
13:59:18.0023 1744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:59:18.0023 1744 MegaSR - ok
13:59:18.0038 1744 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:59:18.0038 1744 MMCSS - ok
13:59:18.0038 1744 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:59:18.0038 1744 Modem - ok
13:59:18.0054 1744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:59:18.0054 1744 monitor - ok
13:59:18.0070 1744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:59:18.0070 1744 mouclass - ok
13:59:18.0085 1744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:59:18.0085 1744 mouhid - ok
13:59:18.0116 1744 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:59:18.0116 1744 mountmgr - ok
13:59:18.0148 1744 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:59:18.0148 1744 mpio - ok
13:59:18.0163 1744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:59:18.0163 1744 mpsdrv - ok
13:59:18.0194 1744 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:59:18.0194 1744 MRxDAV - ok
13:59:18.0226 1744 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:59:18.0226 1744 mrxsmb - ok
13:59:18.0257 1744 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:59:18.0257 1744 mrxsmb10 - ok
13:59:18.0288 1744 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:59:18.0288 1744 mrxsmb20 - ok
13:59:18.0304 1744 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:59:18.0304 1744 msahci - ok
13:59:18.0319 1744 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:59:18.0319 1744 msdsm - ok
13:59:18.0335 1744 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:59:18.0335 1744 MSDTC - ok
13:59:18.0366 1744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:59:18.0366 1744 Msfs - ok
13:59:18.0382 1744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:59:18.0382 1744 mshidkmdf - ok
13:59:18.0382 1744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:59:18.0382 1744 msisadrv - ok
13:59:18.0397 1744 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:59:18.0397 1744 MSiSCSI - ok
13:59:18.0397 1744 msiserver - ok
13:59:18.0428 1744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:59:18.0428 1744 MSKSSRV - ok
13:59:18.0428 1744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:59:18.0428 1744 MSPCLOCK - ok
13:59:18.0428 1744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:59:18.0428 1744 MSPQM - ok
13:59:18.0460 1744 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:59:18.0460 1744 MsRPC - ok
13:59:18.0491 1744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:59:18.0491 1744 mssmbios - ok
13:59:18.0491 1744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:59:18.0491 1744 MSTEE - ok
13:59:18.0491 1744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:59:18.0491 1744 MTConfig - ok
13:59:18.0506 1744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:59:18.0506 1744 Mup - ok
13:59:18.0538 1744 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:59:18.0553 1744 napagent - ok
13:59:18.0584 1744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:59:18.0600 1744 NativeWifiP - ok
13:59:18.0647 1744 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:59:18.0647 1744 NDIS - ok
13:59:18.0694 1744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:59:18.0694 1744 NdisCap - ok
13:59:18.0709 1744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:59:18.0709 1744 NdisTapi - ok
13:59:18.0740 1744 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:59:18.0740 1744 Ndisuio - ok
13:59:18.0756 1744 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:59:18.0756 1744 NdisWan - ok
13:59:18.0787 1744 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:59:18.0787 1744 NDProxy - ok
13:59:18.0818 1744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:59:18.0818 1744 NetBIOS - ok
13:59:18.0834 1744 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:59:18.0834 1744 NetBT - ok
13:59:18.0865 1744 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:59:18.0865 1744 Netlogon - ok
13:59:18.0881 1744 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:59:18.0881 1744 Netman - ok
13:59:18.0896 1744 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:59:18.0896 1744 netprofm - ok
13:59:18.0959 1744 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:59:18.0959 1744 NetTcpPortSharing - ok
13:59:18.0974 1744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:59:18.0974 1744 nfrd960 - ok
13:59:19.0006 1744 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:59:19.0006 1744 NlaSvc - ok
13:59:19.0021 1744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:59:19.0021 1744 Npfs - ok
13:59:19.0037 1744 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:59:19.0037 1744 nsi - ok
13:59:19.0037 1744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:59:19.0037 1744 nsiproxy - ok
13:59:19.0115 1744 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
13:59:19.0146 1744 Ntfs - ok
13:59:19.0255 1744 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:59:19.0255 1744 Null - ok
13:59:19.0271 1744 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
13:59:19.0271 1744 nvraid - ok
13:59:19.0286 1744 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
13:59:19.0286 1744 nvstor - ok
13:59:19.0302 1744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:59:19.0302 1744 nv_agp - ok
13:59:19.0318 1744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:59:19.0318 1744 ohci1394 - ok
13:59:19.0396 1744 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:59:19.0411 1744 ose - ok
13:59:19.0567 1744 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:59:19.0630 1744 osppsvc - ok
13:59:19.0739 1744 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:59:19.0739 1744 p2pimsvc - ok
13:59:19.0770 1744 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:59:19.0770 1744 p2psvc - ok
13:59:19.0801 1744 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:59:19.0801 1744 Parport - ok
13:59:19.0817 1744 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:59:19.0817 1744 partmgr - ok
13:59:19.0832 1744 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:59:19.0832 1744 PcaSvc - ok
13:59:19.0864 1744 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:59:19.0864 1744 pci - ok
13:59:19.0879 1744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:59:19.0879 1744 pciide - ok
13:59:19.0895 1744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:59:19.0895 1744 pcmcia - ok
13:59:19.0910 1744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:59:19.0910 1744 pcw - ok
13:59:19.0926 1744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:59:19.0926 1744 PEAUTH - ok
13:59:19.0973 1744 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:59:20.0004 1744 PeerDistSvc - ok
13:59:20.0051 1744 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:59:20.0066 1744 PerfHost - ok
13:59:20.0160 1744 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:59:20.0176 1744 pla - ok
13:59:20.0222 1744 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
13:59:20.0222 1744 PlugPlay - ok
13:59:20.0254 1744 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:59:20.0254 1744 PNRPAutoReg - ok
13:59:20.0269 1744 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:59:20.0269 1744 PNRPsvc - ok
13:59:20.0316 1744 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
13:59:20.0316 1744 Point64 - ok
13:59:20.0347 1744 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:59:20.0363 1744 PolicyAgent - ok
13:59:20.0378 1744 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:59:20.0378 1744 Power - ok
13:59:20.0410 1744 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:59:20.0410 1744 PptpMiniport - ok
13:59:20.0441 1744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:59:20.0441 1744 Processor - ok
13:59:20.0456 1744 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:59:20.0456 1744 ProfSvc - ok
13:59:20.0488 1744 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:59:20.0488 1744 ProtectedStorage - ok
13:59:20.0519 1744 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:59:20.0519 1744 Psched - ok
13:59:20.0550 1744 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:59:20.0550 1744 PxHlpa64 - ok
13:59:20.0597 1744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:59:20.0628 1744 ql2300 - ok
13:59:20.0722 1744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:59:20.0722 1744 ql40xx - ok
13:59:20.0737 1744 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:59:20.0737 1744 QWAVE - ok
13:59:20.0753 1744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:59:20.0753 1744 QWAVEdrv - ok
13:59:20.0753 1744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:59:20.0753 1744 RasAcd - ok
13:59:20.0768 1744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:59:20.0768 1744 RasAgileVpn - ok
13:59:20.0815 1744 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:59:20.0815 1744 RasAuto - ok
13:59:20.0846 1744 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:59:20.0846 1744 Rasl2tp - ok
13:59:20.0862 1744 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:59:20.0862 1744 RasMan - ok
13:59:20.0893 1744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:59:20.0893 1744 RasPppoe - ok
13:59:20.0893 1744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:59:20.0893 1744 RasSstp - ok
13:59:20.0924 1744 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:59:20.0924 1744 rdbss - ok
13:59:20.0940 1744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:59:20.0940 1744 rdpbus - ok
13:59:20.0956 1744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:59:20.0956 1744 RDPCDD - ok
13:59:20.0971 1744 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:59:20.0971 1744 RDPDR - ok
13:59:21.0002 1744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:59:21.0002 1744 RDPENCDD - ok
13:59:21.0002 1744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:59:21.0002 1744 RDPREFMP - ok
13:59:21.0034 1744 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:59:21.0034 1744 RDPWD - ok
13:59:21.0080 1744 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:59:21.0080 1744 rdyboost - ok
13:59:21.0112 1744 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:59:21.0112 1744 RemoteAccess - ok
13:59:21.0127 1744 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:59:21.0127 1744 RemoteRegistry - ok
13:59:21.0143 1744 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:59:21.0143 1744 RpcEptMapper - ok
13:59:21.0158 1744 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:59:21.0158 1744 RpcLocator - ok
13:59:21.0174 1744 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:59:21.0174 1744 RpcSs - ok
13:59:21.0190 1744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:59:21.0205 1744 rspndr - ok
13:59:21.0205 1744 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:59:21.0205 1744 s3cap - ok
13:59:21.0283 1744 Sage.LS1.ServiceHost.1.1 (a30b7977f815edd31f0aa7743e58d32c) C:\Program Files (x86)\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe
13:59:21.0283 1744 Sage.LS1.ServiceHost.1.1 - ok
13:59:21.0299 1744 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:59:21.0299 1744 SamSs - ok
13:59:21.0314 1744 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:59:21.0314 1744 sbp2port - ok
13:59:21.0330 1744 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:59:21.0346 1744 SCardSvr - ok
13:59:21.0377 1744 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:59:21.0377 1744 scfilter - ok
13:59:21.0424 1744 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:59:21.0439 1744 Schedule - ok
13:59:21.0455 1744 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:59:21.0455 1744 SCPolicySvc - ok
13:59:21.0486 1744 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:59:21.0486 1744 SDRSVC - ok
13:59:21.0533 1744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:59:21.0533 1744 secdrv - ok
13:59:21.0548 1744 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:59:21.0548 1744 seclogon - ok
13:59:21.0564 1744 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:59:21.0564 1744 SENS - ok
13:59:21.0580 1744 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:59:21.0580 1744 SensrSvc - ok
13:59:21.0595 1744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:59:21.0595 1744 Serenum - ok
13:59:21.0595 1744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:59:21.0595 1744 Serial - ok
13:59:21.0611 1744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:59:21.0611 1744 sermouse - ok
13:59:21.0642 1744 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:59:21.0642 1744 SessionEnv - ok
13:59:21.0704 1744 SessionLauncher - ok
13:59:21.0720 1744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:59:21.0720 1744 sffdisk - ok
13:59:21.0720 1744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:59:21.0720 1744 sffp_mmc - ok
13:59:21.0736 1744 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:59:21.0736 1744 sffp_sd - ok
13:59:21.0736 1744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:59:21.0736 1744 sfloppy - ok
13:59:21.0798 1744 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:59:21.0798 1744 ShellHWDetection - ok
13:59:21.0814 1744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:59:21.0814 1744 SiSRaid2 - ok
13:59:21.0829 1744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:59:21.0829 1744 SiSRaid4 - ok
13:59:21.0845 1744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:59:21.0845 1744 Smb - ok
13:59:21.0860 1744 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:59:21.0860 1744 SNMPTRAP - ok
13:59:21.0860 1744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:59:21.0860 1744 spldr - ok
13:59:21.0907 1744 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:59:21.0907 1744 Spooler - ok
13:59:22.0001 1744 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:59:22.0048 1744 sppsvc - ok
13:59:22.0141 1744 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:59:22.0141 1744 sppuinotify - ok
13:59:22.0172 1744 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
13:59:22.0172 1744 srv - ok
13:59:22.0219 1744 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
13:59:22.0219 1744 srv2 - ok
13:59:22.0266 1744 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
13:59:22.0266 1744 srvnet - ok
13:59:22.0297 1744 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:59:22.0297 1744 SSDPSRV - ok
13:59:22.0313 1744 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:59:22.0313 1744 SstpSvc - ok
13:59:22.0313 1744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:59:22.0328 1744 stexstor - ok
13:59:22.0360 1744 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:59:22.0360 1744 stisvc - ok
13:59:22.0391 1744 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:59:22.0391 1744 storflt - ok
13:59:22.0406 1744 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:59:22.0406 1744 StorSvc - ok
13:59:22.0422 1744 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:59:22.0438 1744 storvsc - ok
13:59:22.0438 1744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:59:22.0438 1744 swenum - ok
13:59:22.0469 1744 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:59:22.0484 1744 swprv - ok
13:59:22.0547 1744 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:59:22.0578 1744 SysMain - ok
13:59:22.0687 1744 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:59:22.0687 1744 TabletInputService - ok
13:59:22.0718 1744 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:59:22.0718 1744 TapiSrv - ok
13:59:22.0734 1744 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:59:22.0734 1744 TBS - ok
13:59:22.0812 1744 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
13:59:22.0812 1744 Tcpip - ok
13:59:22.0968 1744 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
13:59:22.0984 1744 TCPIP6 - ok
13:59:23.0046 1744 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:59:23.0046 1744 tcpipreg - ok
13:59:23.0062 1744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:59:23.0062 1744 TDPIPE - ok
13:59:23.0093 1744 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:59:23.0093 1744 TDTCP - ok
13:59:23.0108 1744 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:59:23.0108 1744 tdx - ok
13:59:23.0140 1744 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:59:23.0140 1744 TermDD - ok
13:59:23.0186 1744 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:59:23.0186 1744 TermService - ok
13:59:23.0218 1744 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:59:23.0218 1744 Themes - ok
13:59:23.0249 1744 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:59:23.0249 1744 THREADORDER - ok
13:59:23.0249 1744 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:59:23.0264 1744 TrkWks - ok
13:59:23.0296 1744 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:59:23.0311 1744 TrustedInstaller - ok
13:59:23.0327 1744 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:59:23.0327 1744 tssecsrv - ok
13:59:23.0389 1744 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:59:23.0389 1744 TsUsbFlt - ok
13:59:23.0436 1744 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:59:23.0436 1744 tunnel - ok
13:59:23.0467 1744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:59:23.0467 1744 uagp35 - ok
13:59:23.0498 1744 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:59:23.0514 1744 udfs - ok
13:59:23.0530 1744 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:59:23.0545 1744 UI0Detect - ok
13:59:23.0561 1744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:59:23.0561 1744 uliagpkx - ok
13:59:23.0576 1744 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:59:23.0576 1744 umbus - ok
13:59:23.0592 1744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:59:23.0592 1744 UmPass - ok
13:59:23.0623 1744 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:59:23.0623 1744 UmRdpService - ok
13:59:23.0654 1744 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:59:23.0654 1744 upnphost - ok
13:59:23.0686 1744 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
13:59:23.0686 1744 USBAAPL64 - ok
13:59:23.0701 1744 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
13:59:23.0701 1744 usbccgp - ok
13:59:23.0717 1744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:59:23.0717 1744 usbcir - ok
13:59:23.0748 1744 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
13:59:23.0748 1744 usbehci - ok
13:59:23.0764 1744 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
13:59:23.0764 1744 usbhub - ok
13:59:23.0779 1744 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:59:23.0779 1744 usbohci - ok
13:59:23.0795 1744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:59:23.0795 1744 usbprint - ok
13:59:23.0810 1744 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:59:23.0810 1744 USBSTOR - ok
13:59:23.0810 1744 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:59:23.0810 1744 usbuhci - ok
13:59:23.0842 1744 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:59:23.0842 1744 UxSms - ok
13:59:23.0857 1744 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:59:23.0857 1744 VaultSvc - ok
13:59:23.0873 1744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:59:23.0873 1744 vdrvroot - ok
13:59:23.0920 1744 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:59:23.0935 1744 vds - ok
13:59:23.0951 1744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:59:23.0951 1744 vga - ok
13:59:23.0966 1744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:59:23.0966 1744 VgaSave - ok
13:59:23.0982 1744 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:59:23.0982 1744 vhdmp - ok
13:59:23.0998 1744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:59:23.0998 1744 viaide - ok
13:59:24.0013 1744 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:59:24.0029 1744 vmbus - ok
13:59:24.0044 1744 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:59:24.0044 1744 VMBusHID - ok
13:59:24.0060 1744 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:59:24.0060 1744 volmgr - ok
13:59:24.0091 1744 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:59:24.0107 1744 volmgrx - ok
13:59:24.0107 1744 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:59:24.0122 1744 volsnap - ok
13:59:24.0138 1744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:59:24.0138 1744 vsmraid - ok
13:59:24.0185 1744 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:59:24.0232 1744 VSS - ok
13:59:24.0325 1744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:59:24.0325 1744 vwifibus - ok
13:59:24.0341 1744 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:59:24.0341 1744 W32Time - ok
13:59:24.0356 1744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:59:24.0356 1744 WacomPen - ok
13:59:24.0403 1744 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:59:24.0403 1744 WANARP - ok
13:59:24.0403 1744 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:59:24.0403 1744 Wanarpv6 - ok
13:59:24.0450 1744 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:59:24.0481 1744 wbengine - ok
13:59:24.0575 1744 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:59:24.0575 1744 WbioSrvc - ok
13:59:24.0622 1744 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:59:24.0622 1744 wcncsvc - ok
13:59:24.0637 1744 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:59:24.0653 1744 WcsPlugInService - ok
13:59:24.0684 1744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:59:24.0684 1744 Wd - ok
13:59:24.0700 1744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:59:24.0700 1744 Wdf01000 - ok
13:59:24.0715 1744 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:59:24.0715 1744 WdiServiceHost - ok
13:59:24.0731 1744 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:59:24.0731 1744 WdiSystemHost - ok
13:59:24.0746 1744 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:59:24.0746 1744 WebClient - ok
13:59:24.0762 1744 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:59:24.0762 1744 Wecsvc - ok
13:59:24.0778 1744 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:59:24.0778 1744 wercplsupport - ok
13:59:24.0793 1744 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:59:24.0793 1744 WerSvc - ok
13:59:24.0840 1744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:59:24.0840 1744 WfpLwf - ok
13:59:24.0871 1744 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:59:24.0871 1744 WimFltr - ok
13:59:24.0871 1744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:59:24.0871 1744 WIMMount - ok
13:59:24.0887 1744 WinDefend - ok
13:59:24.0902 1744 WinHttpAutoProxySvc - ok
13:59:24.0934 1744 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:59:24.0934 1744 Winmgmt - ok
13:59:24.0996 1744 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:59:25.0058 1744 WinRM - ok
13:59:25.0199 1744 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:59:25.0199 1744 Wlansvc - ok
13:59:25.0246 1744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:59:25.0246 1744 WmiAcpi - ok
13:59:25.0277 1744 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:59:25.0292 1744 wmiApSrv - ok
13:59:25.0308 1744 WMPNetworkSvc - ok
13:59:25.0324 1744 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:59:25.0324 1744 WPCSvc - ok
13:59:25.0355 1744 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:59:25.0355 1744 WPDBusEnum - ok
13:59:25.0370 1744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:59:25.0370 1744 ws2ifsl - ok
13:59:25.0386 1744 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:59:25.0386 1744 wscsvc - ok
13:59:25.0386 1744 WSearch - ok
13:59:25.0448 1744 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:59:25.0495 1744 wuauserv - ok
13:59:25.0589 1744 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:59:25.0589 1744 WudfPf - ok
13:59:25.0620 1744 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:59:25.0620 1744 WUDFRd - ok
13:59:25.0636 1744 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:59:25.0636 1744 wudfsvc - ok
13:59:25.0667 1744 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:59:25.0667 1744 WwanSvc - ok
13:59:25.0682 1744 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:59:25.0714 1744 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
13:59:25.0714 1744 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
13:59:25.0760 1744 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
13:59:29.0629 1744 \Device\Harddisk1\DR1 - ok
13:59:29.0645 1744 Boot (0x1200) (f41627a015dc8aebd5d5150152d0939f) \Device\Harddisk0\DR0\Partition0
13:59:29.0645 1744 \Device\Harddisk0\DR0\Partition0 - ok
13:59:29.0660 1744 Boot (0x1200) (b4a46105a431862310096b8fb020c993) \Device\Harddisk0\DR0\Partition1
13:59:29.0660 1744 \Device\Harddisk0\DR0\Partition1 - ok
13:59:29.0660 1744 Boot (0x1200) (d869893e795c26905ade6cd22e20b15a) \Device\Harddisk1\DR1\Partition0
13:59:29.0660 1744 \Device\Harddisk1\DR1\Partition0 - ok
13:59:29.0660 1744 ============================================================
13:59:29.0660 1744 Scan finished
13:59:29.0660 1744 ============================================================
13:59:29.0692 1736 Detected object count: 1
13:59:29.0692 1736 Actual detected object count: 1

#4 carnemark

carnemark
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 July 2012 - 01:11 PM

aswMBR scan:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-20 14:03:26
-----------------------------
14:03:26.641 OS Version: Windows x64 6.1.7601 Service Pack 1
14:03:26.641 Number of processors: 4 586 0x403
14:03:26.641 ComputerName: DBP9VPN1 UserName: escopin
14:03:30.338 Initialize success
14:04:36.591 AVAST engine defs: 12072000
14:04:42.207 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
14:04:42.207 Disk 0 Vendor: ST350041 CC46 Size: 476940MB BusType: 11
14:04:42.207 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006e
14:04:42.207 Disk 1 Vendor: Size: 476940MB BusType: 0
14:04:42.223 Disk 0 MBR read successfully
14:04:42.223 Disk 0 MBR scan
14:04:42.238 Disk 0 Windows XP default MBR code
14:04:42.238 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:04:42.254 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10842 MB offset 81920
14:04:42.269 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466043 MB offset 22286336
14:04:42.285 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 976744448
14:04:42.285 Disk 0 Partition 4 **INFECTED** MBR:SST [Rtk]
14:04:42.332 Disk 0 scanning C:\Windows\system32\drivers
14:04:50.678 Service scanning
14:05:04.718 Modules scanning
14:05:04.718 Disk 0 trace - called modules:
14:05:04.749 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
14:05:04.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002bfa410]
14:05:04.765 3 CLASSPNP.SYS[fffff8800170f43f] -> nt!IofCallDriver -> [0xfffffa8002b98450]
14:05:04.765 5 amdxata.sys[fffff880010907a8] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8002a2b060]
14:05:08.805 AVAST engine scan C:\Windows
14:05:10.755 AVAST engine scan C:\Windows\system32
14:07:23.605 AVAST engine scan C:\Windows\system32\drivers
14:07:32.981 AVAST engine scan C:\Users\escopin
14:08:29.921 AVAST engine scan C:\ProgramData
14:08:30.030 File: C:\ProgramData\aAqAilIaqTnpwu.exe **INFECTED** Win32:FakeSysdef-NW [Trj]
14:08:54.397 Scan finished successfully
14:10:57.871 Disk 0 MBR has been saved successfully to "S:\IT\Programs\malwarebytes\MBR.dat"
14:10:57.871 The log file has been saved successfully to "S:\IT\Programs\malwarebytes\aswMBR.txt"

#5 carnemark

carnemark
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 July 2012 - 01:48 PM

Eset Online scan:


C:\ProgramData\aAqAilIaqTnpwu.exe a variant of Win32/Kryptik.AIRH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{05ee7b13-8b83-9cb1-e4da-979e035000cd}\U\80000000.@.vir Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\Users\ads\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\309fcdc6-1ccd7d4d a variant of Java/TrojanDownloader.Agent.ME trojan cleaned by deleting - quarantined
C:\Windows\Installer\{05ee7b13-8b83-9cb1-e4da-979e035000cd}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined



Now, for all three of these programs I simply scanned and posted the logs. Should I go ahead and fix/quarantine/delete the infections they found?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:19 AM

Posted 20 July 2012 - 01:50 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot ,let me know what it finds

#7 carnemark

carnemark
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 July 2012 - 01:54 PM

I had to run FixTDSS before I was able to run TDSSKiller. It asked for a reboot, once rebooted nothing came up but TDSSKiller would work at that point. I'll run FixTDSS again. When it reboots should I go into safe mode or let it boot normally?

#8 carnemark

carnemark
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 July 2012 - 02:03 PM

I ran FixTDSS and upon reboot (normal, not safe mode) it displayed the following dialogue:

Suspicious use of Kernel callback but MBR appears in tact. Repair not done. No infections were found.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:19 AM

Posted 20 July 2012 - 02:05 PM

Run TDSSkiller and let me know if you get a pop up like

Cant cure MBR click YES or NO

Click on YES,restart the PC,post the aswmbr log

#10 carnemark

carnemark
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 July 2012 - 02:15 PM

Ran TDSSKiller, the pop up you mention "Can't cure MBR..." did pop up. I clicked yes and rebooted. I allowed the computer to boot into normal mode. Upon reaching the desktop the rogue software did not launch itself (first time it hasn't come up in normal mode), however, aswMBR will not launch now.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:19 AM

Posted 20 July 2012 - 02:22 PM

Run TDSSkiller and let me know if Rootkit.boot.sst is still detected

#12 carnemark

carnemark
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 20 July 2012 - 02:23 PM

TDSSKiller will not launch either.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:19 AM

Posted 20 July 2012 - 02:25 PM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users