Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect/Probable infection


  • Please log in to reply
3 replies to this topic

#1 FormerAgentOfDeath

FormerAgentOfDeath

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 07 August 2012 - 08:06 AM

I am using a Dell OptiPlex 390 (Core i5-2400 CPU) with 8GB RAM. I am running Windows 7 Professional (64-bit) with the latest patches applied. A couple of weeks ago I started getting lots of popups while browsing (using IE 9.0.8112.16421). Also having problems accessing some secure websites (I get the following error message: “The site's security certificate is signed using a weak signature algorithm”). Occasionally, I’ll get the message – “mcconsole.exe – Ordinal Not Found The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll”. Also getting random browser redirections. I'm pretty sure I am infected with something. I had malwarebytes installed (free version) so I updated and did a scan, but it did not detect anything. I also ran TDSSKiller, but again, it did not detect anything. I have not taken any further action.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:59 AM

Posted 07 August 2012 - 08:08 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 07 August 2012 - 09:43 AM

Thanks for the quick response. I followed your instructions. Here are the logs you requested...

TDSSKiller Log –
09:45:35.0619 4744 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:45:35.0883 4744 ============================================================
09:45:35.0883 4744 Current date / time: 2012/08/07 09:45:35.0883
09:45:35.0883 4744 SystemInfo:
09:45:35.0883 4744
09:45:35.0883 4744 OS Version: 6.1.7601 ServicePack: 1.0
09:45:35.0883 4744 Product type: Workstation
09:45:35.0884 4744 ComputerName: RBURNS
09:45:35.0884 4744 UserName: rburns
09:45:35.0884 4744 Windows directory: C:\Windows
09:45:35.0884 4744 System windows directory: C:\Windows
09:45:35.0884 4744 Running under WOW64
09:45:35.0884 4744 Processor architecture: Intel x64
09:45:35.0884 4744 Number of processors: 4
09:45:35.0884 4744 Page size: 0x1000
09:45:35.0884 4744 Boot type: Normal boot
09:45:35.0884 4744 ============================================================
09:45:36.0897 4744 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:45:36.0901 4744 ============================================================
09:45:36.0901 4744 \Device\Harddisk0\DR0:
09:45:36.0901 4744 MBR partitions:
09:45:36.0901 4744 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B47000
09:45:36.0901 4744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B5B000, BlocksNum 0x3882A800
09:45:36.0901 4744 ============================================================
09:45:36.0927 4744 C: <-> \Device\Harddisk0\DR0\Partition1
09:45:36.0928 4744 ============================================================
09:45:36.0928 4744 Initialize success
09:45:36.0928 4744 ============================================================
09:46:00.0037 10728 ============================================================
09:46:00.0037 10728 Scan started
09:46:00.0037 10728 Mode: Manual; TDLFS;
09:46:00.0037 10728 ============================================================
09:46:01.0575 10728 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:46:01.0588 10728 1394ohci - ok
09:46:01.0618 10728 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:46:01.0621 10728 ACPI - ok
09:46:01.0644 10728 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:46:01.0648 10728 AcpiPmi - ok
09:46:01.0689 10728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
09:46:01.0722 10728 adp94xx - ok
09:46:01.0745 10728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
09:46:01.0765 10728 adpahci - ok
09:46:01.0793 10728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
09:46:01.0800 10728 adpu320 - ok
09:46:01.0829 10728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:46:01.0830 10728 AeLookupSvc - ok
09:46:01.0881 10728 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:46:01.0896 10728 AFD - ok
09:46:01.0914 10728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:46:01.0919 10728 agp440 - ok
09:46:01.0936 10728 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:46:01.0941 10728 ALG - ok
09:46:01.0964 10728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:46:01.0969 10728 aliide - ok
09:46:02.0020 10728 AMD External Events Utility (b9c8770f3061582da3f9ab39071dee37) C:\Windows\system32\atiesrxx.exe
09:46:02.0034 10728 AMD External Events Utility - ok
09:46:02.0045 10728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:46:02.0047 10728 amdide - ok
09:46:02.0064 10728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
09:46:02.0067 10728 AmdK8 - ok
09:46:02.0329 10728 amdkmdag (31d7999c389c7f1effd4b861b64ecaa9) C:\Windows\system32\DRIVERS\atikmdag.sys
09:46:02.0478 10728 amdkmdag - ok
09:46:02.0582 10728 amdkmdap (48e49cb63cb14e1a6ee80a14381213b0) C:\Windows\system32\DRIVERS\atikmpag.sys
09:46:02.0593 10728 amdkmdap - ok
09:46:02.0625 10728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
09:46:02.0630 10728 AmdPPM - ok
09:46:02.0654 10728 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:46:02.0660 10728 amdsata - ok
09:46:02.0692 10728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
09:46:02.0706 10728 amdsbs - ok
09:46:02.0721 10728 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:46:02.0722 10728 amdxata - ok
09:46:02.0759 10728 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:46:02.0764 10728 AppID - ok
09:46:02.0782 10728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:46:02.0786 10728 AppIDSvc - ok
09:46:02.0802 10728 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:46:02.0806 10728 Appinfo - ok
09:46:02.0863 10728 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
09:46:02.0875 10728 AppMgmt - ok
09:46:02.0897 10728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
09:46:02.0902 10728 arc - ok
09:46:02.0922 10728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
09:46:02.0927 10728 arcsas - ok
09:46:03.0014 10728 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:46:03.0019 10728 aspnet_state - ok
09:46:03.0028 10728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:46:03.0030 10728 AsyncMac - ok
09:46:03.0041 10728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:46:03.0041 10728 atapi - ok
09:46:03.0124 10728 atashost (b2e6f39cf05a4e86400b913553939c65) C:\Windows\SysWOW64\atashost.exe
09:46:03.0127 10728 atashost - ok
09:46:03.0188 10728 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:46:03.0210 10728 AudioEndpointBuilder - ok
09:46:03.0219 10728 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:46:03.0224 10728 AudioSrv - ok
09:46:03.0258 10728 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:46:03.0264 10728 AxInstSV - ok
09:46:03.0329 10728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
09:46:03.0347 10728 b06bdrv - ok
09:46:03.0368 10728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:46:03.0380 10728 b57nd60a - ok
09:46:03.0469 10728 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:46:03.0477 10728 BBSvc - ok
09:46:03.0507 10728 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:46:03.0516 10728 BBUpdate - ok
09:46:03.0545 10728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:46:03.0551 10728 BDESVC - ok
09:46:03.0560 10728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:46:03.0563 10728 Beep - ok
09:46:03.0584 10728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:46:03.0588 10728 blbdrive - ok
09:46:03.0620 10728 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:46:03.0621 10728 bowser - ok
09:46:03.0630 10728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
09:46:03.0634 10728 BrFiltLo - ok
09:46:03.0647 10728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
09:46:03.0651 10728 BrFiltUp - ok
09:46:03.0672 10728 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:46:03.0678 10728 Browser - ok
09:46:03.0710 10728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:46:03.0721 10728 Brserid - ok
09:46:03.0763 10728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:46:03.0768 10728 BrSerWdm - ok
09:46:03.0781 10728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:46:03.0785 10728 BrUsbMdm - ok
09:46:03.0798 10728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:46:03.0802 10728 BrUsbSer - ok
09:46:03.0814 10728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
09:46:03.0817 10728 BTHMODEM - ok
09:46:03.0861 10728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:46:03.0866 10728 bthserv - ok
09:46:03.0883 10728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:46:03.0888 10728 cdfs - ok
09:46:03.0914 10728 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:46:03.0921 10728 cdrom - ok
09:46:03.0943 10728 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:46:03.0948 10728 CertPropSvc - ok
09:46:03.0963 10728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
09:46:03.0967 10728 circlass - ok
09:46:03.0994 10728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:46:03.0997 10728 CLFS - ok
09:46:04.0070 10728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:46:04.0074 10728 clr_optimization_v2.0.50727_32 - ok
09:46:04.0115 10728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:46:04.0118 10728 clr_optimization_v2.0.50727_64 - ok
09:46:04.0164 10728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:46:04.0171 10728 clr_optimization_v4.0.30319_32 - ok
09:46:04.0213 10728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:46:04.0220 10728 clr_optimization_v4.0.30319_64 - ok
09:46:04.0238 10728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
09:46:04.0242 10728 CmBatt - ok
09:46:04.0252 10728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:46:04.0256 10728 cmdide - ok
09:46:04.0312 10728 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
09:46:04.0316 10728 CNG - ok
09:46:04.0420 10728 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
09:46:04.0469 10728 CnxtHdAudService - ok
09:46:04.0561 10728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
09:46:04.0566 10728 Compbatt - ok
09:46:04.0598 10728 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:46:04.0603 10728 CompositeBus - ok
09:46:04.0617 10728 COMSysApp - ok
09:46:04.0636 10728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
09:46:04.0641 10728 crcdisk - ok
09:46:04.0682 10728 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
09:46:04.0689 10728 CryptSvc - ok
09:46:04.0723 10728 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:46:04.0740 10728 CSC - ok
09:46:04.0783 10728 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
09:46:04.0789 10728 CscService - ok
09:46:04.0835 10728 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:46:04.0841 10728 DcomLaunch - ok
09:46:04.0878 10728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:46:04.0889 10728 defragsvc - ok
09:46:04.0951 10728 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:46:04.0952 10728 DfsC - ok
09:46:04.0985 10728 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:46:05.0004 10728 Dhcp - ok
09:46:05.0025 10728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:46:05.0029 10728 discache - ok
09:46:05.0059 10728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
09:46:05.0060 10728 Disk - ok
09:46:05.0093 10728 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
09:46:05.0096 10728 dmvsc - ok
09:46:05.0121 10728 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:46:05.0125 10728 Dnscache - ok
09:46:05.0141 10728 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:46:05.0151 10728 dot3svc - ok
09:46:05.0168 10728 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:46:05.0170 10728 DPS - ok
09:46:05.0190 10728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:46:05.0194 10728 drmkaud - ok
09:46:05.0254 10728 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:46:05.0285 10728 DXGKrnl - ok
09:46:05.0309 10728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:46:05.0314 10728 EapHost - ok
09:46:05.0435 10728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
09:46:05.0483 10728 ebdrv - ok
09:46:05.0574 10728 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:46:05.0579 10728 EFS - ok
09:46:05.0639 10728 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:46:05.0679 10728 ehRecvr - ok
09:46:05.0708 10728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:46:05.0714 10728 ehSched - ok
09:46:05.0777 10728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
09:46:05.0791 10728 elxstor - ok
09:46:05.0799 10728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:46:05.0802 10728 ErrDev - ok
09:46:05.0837 10728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:46:05.0840 10728 EventSystem - ok
09:46:05.0858 10728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:46:05.0868 10728 exfat - ok
09:46:05.0892 10728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:46:05.0894 10728 fastfat - ok
09:46:05.0945 10728 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:46:05.0966 10728 Fax - ok
09:46:05.0995 10728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
09:46:05.0999 10728 fdc - ok
09:46:06.0015 10728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:46:06.0019 10728 fdPHost - ok
09:46:06.0030 10728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:46:06.0032 10728 FDResPub - ok
09:46:06.0043 10728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:46:06.0043 10728 FileInfo - ok
09:46:06.0052 10728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:46:06.0055 10728 Filetrace - ok
09:46:06.0065 10728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
09:46:06.0067 10728 flpydisk - ok
09:46:06.0091 10728 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:46:06.0092 10728 FltMgr - ok
09:46:06.0157 10728 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:46:06.0179 10728 FontCache - ok
09:46:06.0250 10728 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:46:06.0254 10728 FontCache3.0.0.0 - ok
09:46:06.0291 10728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:46:06.0296 10728 FsDepends - ok
09:46:06.0319 10728 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:46:06.0323 10728 Fs_Rec - ok
09:46:06.0342 10728 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:46:06.0344 10728 fvevol - ok
09:46:06.0364 10728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
09:46:06.0370 10728 gagp30kx - ok
09:46:06.0415 10728 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:46:06.0422 10728 gpsvc - ok
09:46:06.0438 10728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:46:06.0442 10728 hcw85cir - ok
09:46:06.0461 10728 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:46:06.0467 10728 HDAudBus - ok
09:46:06.0486 10728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
09:46:06.0489 10728 HidBatt - ok
09:46:06.0505 10728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
09:46:06.0510 10728 HidBth - ok
09:46:06.0528 10728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
09:46:06.0533 10728 HidIr - ok
09:46:06.0544 10728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:46:06.0548 10728 hidserv - ok
09:46:06.0558 10728 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:46:06.0563 10728 HidUsb - ok
09:46:06.0573 10728 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:46:06.0579 10728 hkmsvc - ok
09:46:06.0612 10728 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:46:06.0625 10728 HomeGroupListener - ok
09:46:06.0644 10728 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:46:06.0656 10728 HomeGroupProvider - ok
09:46:06.0688 10728 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:46:06.0693 10728 HpSAMD - ok
09:46:06.0736 10728 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:46:06.0759 10728 HTTP - ok
09:46:06.0767 10728 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:46:06.0768 10728 hwpolicy - ok
09:46:06.0791 10728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:46:06.0798 10728 i8042prt - ok
09:46:06.0829 10728 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:46:06.0849 10728 iaStorV - ok
09:46:06.0950 10728 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:46:06.0975 10728 idsvc - ok
09:46:06.0992 10728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
09:46:06.0997 10728 iirsp - ok
09:46:07.0053 10728 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:46:07.0069 10728 IKEEXT - ok
09:46:07.0091 10728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:46:07.0093 10728 intelide - ok
09:46:07.0122 10728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:46:07.0125 10728 intelppm - ok
09:46:07.0136 10728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:46:07.0140 10728 IPBusEnum - ok
09:46:07.0155 10728 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:46:07.0158 10728 IpFilterDriver - ok
09:46:07.0170 10728 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:46:07.0175 10728 IPMIDRV - ok
09:46:07.0192 10728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:46:07.0198 10728 IPNAT - ok
09:46:07.0224 10728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:46:07.0229 10728 IRENUM - ok
09:46:07.0250 10728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:46:07.0254 10728 isapnp - ok
09:46:07.0278 10728 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:46:07.0290 10728 iScsiPrt - ok
09:46:07.0365 10728 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
09:46:07.0374 10728 jhi_service - ok
09:46:07.0387 10728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:46:07.0392 10728 kbdclass - ok
09:46:07.0414 10728 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:46:07.0419 10728 kbdhid - ok
09:46:07.0440 10728 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:46:07.0442 10728 KeyIso - ok
09:46:07.0469 10728 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
09:46:07.0470 10728 KSecDD - ok
09:46:07.0489 10728 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
09:46:07.0491 10728 KSecPkg - ok
09:46:07.0506 10728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:46:07.0510 10728 ksthunk - ok
09:46:07.0546 10728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:46:07.0565 10728 KtmRm - ok
09:46:07.0627 10728 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
09:46:07.0636 10728 LanmanServer - ok
09:46:07.0659 10728 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:46:07.0666 10728 LanmanWorkstation - ok
09:46:07.0705 10728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:46:07.0709 10728 lltdio - ok
09:46:07.0744 10728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:46:07.0772 10728 lltdsvc - ok
09:46:07.0789 10728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:46:07.0794 10728 lmhosts - ok
09:46:07.0883 10728 LMS (5f5899711df18a02162b6d518c17b0d7) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:46:07.0895 10728 LMS - ok
09:46:07.0931 10728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
09:46:07.0938 10728 LSI_FC - ok
09:46:07.0955 10728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
09:46:07.0961 10728 LSI_SAS - ok
09:46:07.0975 10728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
09:46:07.0980 10728 LSI_SAS2 - ok
09:46:07.0989 10728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
09:46:07.0995 10728 LSI_SCSI - ok
09:46:08.0010 10728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:46:08.0011 10728 luafv - ok
09:46:08.0052 10728 LxrSII1d (9db17b1dd76cf0fd0bb3da5f1da078c2) C:\Windows\System32\Drivers\LxrSII1d.sys
09:46:08.0055 10728 LxrSII1d - ok
09:46:08.0072 10728 LxrSII1s - ok
09:46:08.0360 10728 M4-Service (f1d72877fa97d617be70aefb3a30cd91) C:\Users\cmarks\AppData\Roaming\Mikogo 4\M4-Service.exe
09:46:08.0792 10728 M4-Service - ok
09:46:08.0887 10728 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
09:46:08.0894 10728 McAfeeFramework - ok
09:46:08.0985 10728 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
09:46:08.0994 10728 McShield - ok
09:46:09.0057 10728 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
09:46:09.0058 10728 McTaskManager - ok
09:46:09.0142 10728 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:46:09.0146 10728 Mcx2Svc - ok
09:46:09.0183 10728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
09:46:09.0188 10728 megasas - ok
09:46:09.0220 10728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
09:46:09.0232 10728 MegaSR - ok
09:46:09.0258 10728 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
09:46:09.0263 10728 MEIx64 - ok
09:46:09.0302 10728 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
09:46:09.0309 10728 mfeapfk - ok
09:46:09.0355 10728 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
09:46:09.0368 10728 mfeavfk - ok
09:46:09.0372 10728 mfeavfk01 - ok
09:46:09.0410 10728 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
09:46:09.0415 10728 mfehidk - ok
09:46:09.0434 10728 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
09:46:09.0437 10728 mferkdet - ok
09:46:09.0462 10728 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe
09:46:09.0470 10728 mfevtp - ok
09:46:09.0492 10728 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
09:46:09.0494 10728 mfewfpk - ok
09:46:09.0516 10728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:46:09.0517 10728 MMCSS - ok
09:46:09.0544 10728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:46:09.0549 10728 Modem - ok
09:46:09.0568 10728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:46:09.0572 10728 monitor - ok
09:46:09.0666 10728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:46:09.0671 10728 mouclass - ok
09:46:09.0683 10728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:46:09.0687 10728 mouhid - ok
09:46:09.0700 10728 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:46:09.0702 10728 mountmgr - ok
09:46:09.0723 10728 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:46:09.0730 10728 mpio - ok
09:46:09.0748 10728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:46:09.0753 10728 mpsdrv - ok
09:46:09.0766 10728 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:46:09.0767 10728 MRxDAV - ok
09:46:09.0803 10728 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:46:09.0805 10728 mrxsmb - ok
09:46:09.0832 10728 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:46:09.0834 10728 mrxsmb10 - ok
09:46:09.0849 10728 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:46:09.0851 10728 mrxsmb20 - ok
09:46:09.0878 10728 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:46:09.0882 10728 msahci - ok
09:46:09.0902 10728 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:46:09.0909 10728 msdsm - ok
09:46:09.0935 10728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:46:09.0942 10728 MSDTC - ok
09:46:09.0967 10728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:46:09.0968 10728 Msfs - ok
09:46:09.0989 10728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:46:09.0993 10728 mshidkmdf - ok
09:46:10.0025 10728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:46:10.0026 10728 msisadrv - ok
09:46:10.0052 10728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:46:10.0056 10728 MSiSCSI - ok
09:46:10.0059 10728 msiserver - ok
09:46:10.0076 10728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:46:10.0078 10728 MSKSSRV - ok
09:46:10.0086 10728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:46:10.0088 10728 MSPCLOCK - ok
09:46:10.0091 10728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:46:10.0093 10728 MSPQM - ok
09:46:10.0120 10728 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:46:10.0122 10728 MsRPC - ok
09:46:10.0143 10728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:46:10.0146 10728 mssmbios - ok
09:46:10.0157 10728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:46:10.0160 10728 MSTEE - ok
09:46:10.0168 10728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
09:46:10.0172 10728 MTConfig - ok
09:46:10.0188 10728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:46:10.0189 10728 Mup - ok
09:46:10.0225 10728 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:46:10.0242 10728 napagent - ok
09:46:10.0288 10728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:46:10.0307 10728 NativeWifiP - ok
09:46:10.0372 10728 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
09:46:10.0379 10728 NDIS - ok
09:46:10.0394 10728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:46:10.0397 10728 NdisCap - ok
09:46:10.0415 10728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:46:10.0419 10728 NdisTapi - ok
09:46:10.0445 10728 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:46:10.0450 10728 Ndisuio - ok
09:46:10.0470 10728 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:46:10.0477 10728 NdisWan - ok
09:46:10.0492 10728 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:46:10.0496 10728 NDProxy - ok
09:46:10.0505 10728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:46:10.0506 10728 NetBIOS - ok
09:46:10.0530 10728 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:46:10.0541 10728 NetBT - ok
09:46:10.0574 10728 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:46:10.0575 10728 Netlogon - ok
09:46:10.0624 10728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:46:10.0643 10728 Netman - ok
09:46:10.0722 10728 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:46:10.0728 10728 NetMsmqActivator - ok
09:46:10.0733 10728 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:46:10.0735 10728 NetPipeActivator - ok
09:46:10.0768 10728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:46:10.0772 10728 netprofm - ok
09:46:10.0777 10728 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:46:10.0779 10728 NetTcpActivator - ok
09:46:10.0783 10728 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:46:10.0785 10728 NetTcpPortSharing - ok
09:46:10.0836 10728 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
09:46:10.0843 10728 netvsc - ok
09:46:10.0869 10728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
09:46:10.0874 10728 nfrd960 - ok
09:46:10.0914 10728 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:46:10.0934 10728 NlaSvc - ok
09:46:10.0948 10728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:46:10.0949 10728 Npfs - ok
09:46:10.0964 10728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:46:10.0968 10728 nsi - ok
09:46:10.0982 10728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:46:10.0986 10728 nsiproxy - ok
09:46:11.0070 10728 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:46:11.0092 10728 Ntfs - ok
09:46:11.0172 10728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:46:11.0177 10728 Null - ok
09:46:11.0213 10728 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:46:11.0220 10728 nvraid - ok
09:46:11.0236 10728 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:46:11.0243 10728 nvstor - ok
09:46:11.0278 10728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:46:11.0284 10728 nv_agp - ok
09:46:11.0300 10728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:46:11.0305 10728 ohci1394 - ok
09:46:11.0383 10728 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:46:11.0390 10728 ose - ok
09:46:11.0589 10728 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:46:11.0687 10728 osppsvc - ok
09:46:11.0787 10728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:46:11.0797 10728 p2pimsvc - ok
09:46:11.0830 10728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:46:11.0848 10728 p2psvc - ok
09:46:11.0892 10728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
09:46:11.0897 10728 Parport - ok
09:46:11.0930 10728 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:46:11.0932 10728 partmgr - ok
09:46:11.0950 10728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:46:11.0963 10728 PcaSvc - ok
09:46:11.0999 10728 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:46:12.0001 10728 pci - ok
09:46:12.0024 10728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:46:12.0024 10728 pciide - ok
09:46:12.0050 10728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
09:46:12.0054 10728 pcmcia - ok
09:46:12.0066 10728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:46:12.0067 10728 pcw - ok
09:46:12.0095 10728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:46:12.0108 10728 PEAUTH - ok
09:46:12.0186 10728 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
09:46:12.0208 10728 PeerDistSvc - ok
09:46:12.0262 10728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:46:12.0267 10728 PerfHost - ok
09:46:12.0389 10728 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:46:12.0414 10728 pla - ok
09:46:12.0459 10728 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:46:12.0478 10728 PlugPlay - ok
09:46:12.0489 10728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:46:12.0494 10728 PNRPAutoReg - ok
09:46:12.0520 10728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:46:12.0524 10728 PNRPsvc - ok
09:46:12.0562 10728 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:46:12.0578 10728 PolicyAgent - ok
09:46:12.0626 10728 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
09:46:12.0633 10728 Power - ok
09:46:12.0692 10728 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:46:12.0697 10728 PptpMiniport - ok
09:46:12.0712 10728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
09:46:12.0717 10728 Processor - ok
09:46:12.0759 10728 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
09:46:12.0771 10728 ProfSvc - ok
09:46:12.0790 10728 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:46:12.0792 10728 ProtectedStorage - ok
09:46:12.0809 10728 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:46:12.0815 10728 Psched - ok
09:46:12.0866 10728 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:46:12.0867 10728 PxHlpa64 - ok
09:46:12.0959 10728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
09:46:13.0010 10728 ql2300 - ok
09:46:13.0095 10728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
09:46:13.0099 10728 ql40xx - ok
09:46:13.0125 10728 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:46:13.0136 10728 QWAVE - ok
09:46:13.0146 10728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:46:13.0151 10728 QWAVEdrv - ok
09:46:13.0160 10728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:46:13.0164 10728 RasAcd - ok
09:46:13.0198 10728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:46:13.0203 10728 RasAgileVpn - ok
09:46:13.0220 10728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:46:13.0226 10728 RasAuto - ok
09:46:13.0241 10728 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:46:13.0245 10728 Rasl2tp - ok
09:46:13.0283 10728 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:46:13.0302 10728 RasMan - ok
09:46:13.0315 10728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:46:13.0320 10728 RasPppoe - ok
09:46:13.0463 10728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:46:13.0468 10728 RasSstp - ok
09:46:13.0495 10728 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:46:13.0497 10728 rdbss - ok
09:46:13.0511 10728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:46:13.0516 10728 rdpbus - ok
09:46:13.0524 10728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:46:13.0528 10728 RDPCDD - ok
09:46:13.0571 10728 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:46:13.0578 10728 RDPDR - ok
09:46:13.0585 10728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:46:13.0589 10728 RDPENCDD - ok
09:46:13.0601 10728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:46:13.0605 10728 RDPREFMP - ok
09:46:13.0646 10728 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
09:46:13.0659 10728 RDPWD - ok
09:46:13.0708 10728 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:46:13.0710 10728 rdyboost - ok
09:46:13.0737 10728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:46:13.0743 10728 RemoteAccess - ok
09:46:13.0769 10728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:46:13.0776 10728 RemoteRegistry - ok
09:46:13.0916 10728 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
09:46:13.0945 10728 RoxMediaDB12OEM - ok
09:46:13.0979 10728 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
09:46:13.0995 10728 RoxWatch12 - ok
09:46:14.0079 10728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:46:14.0082 10728 RpcEptMapper - ok
09:46:14.0108 10728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:46:14.0110 10728 RpcLocator - ok
09:46:14.0141 10728 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:46:14.0144 10728 RpcSs - ok
09:46:14.0189 10728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:46:14.0195 10728 rspndr - ok
09:46:14.0238 10728 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:46:14.0257 10728 RTL8167 - ok
09:46:14.0280 10728 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:46:14.0285 10728 s3cap - ok
09:46:14.0307 10728 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:46:14.0308 10728 SamSs - ok
09:46:14.0325 10728 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:46:14.0331 10728 sbp2port - ok
09:46:14.0366 10728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:46:14.0379 10728 SCardSvr - ok
09:46:14.0409 10728 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:46:14.0414 10728 scfilter - ok
09:46:14.0471 10728 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:46:14.0481 10728 Schedule - ok
09:46:14.0509 10728 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:46:14.0510 10728 SCPolicySvc - ok
09:46:14.0523 10728 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:46:14.0530 10728 SDRSVC - ok
09:46:14.0571 10728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:46:14.0576 10728 secdrv - ok
09:46:14.0589 10728 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:46:14.0594 10728 seclogon - ok
09:46:14.0623 10728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:46:14.0625 10728 SENS - ok
09:46:14.0632 10728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:46:14.0637 10728 SensrSvc - ok
09:46:14.0680 10728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:46:14.0684 10728 Serenum - ok
09:46:14.0710 10728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:46:14.0715 10728 Serial - ok
09:46:14.0737 10728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
09:46:14.0741 10728 sermouse - ok
09:46:14.0767 10728 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:46:14.0773 10728 SessionEnv - ok
09:46:14.0790 10728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:46:14.0794 10728 sffdisk - ok
09:46:14.0800 10728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:46:14.0804 10728 sffp_mmc - ok
09:46:14.0811 10728 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:46:14.0815 10728 sffp_sd - ok
09:46:14.0825 10728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
09:46:14.0829 10728 sfloppy - ok
09:46:14.0860 10728 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:46:14.0880 10728 ShellHWDetection - ok
09:46:14.0892 10728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
09:46:14.0896 10728 SiSRaid2 - ok
09:46:14.0914 10728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
09:46:14.0920 10728 SiSRaid4 - ok
09:46:14.0953 10728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:46:14.0959 10728 Smb - ok
09:46:14.0991 10728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:46:14.0996 10728 SNMPTRAP - ok
09:46:15.0003 10728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:46:15.0004 10728 spldr - ok
09:46:15.0037 10728 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:46:15.0050 10728 Spooler - ok
09:46:15.0152 10728 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:46:15.0240 10728 sppsvc - ok
09:46:15.0320 10728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:46:15.0325 10728 sppuinotify - ok
09:46:15.0377 10728 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:46:15.0381 10728 srv - ok
09:46:15.0412 10728 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:46:15.0416 10728 srv2 - ok
09:46:15.0439 10728 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:46:15.0441 10728 srvnet - ok
09:46:15.0480 10728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:46:15.0493 10728 SSDPSRV - ok
09:46:15.0510 10728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:46:15.0515 10728 SstpSvc - ok
09:46:15.0532 10728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
09:46:15.0536 10728 stexstor - ok
09:46:15.0573 10728 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:46:15.0601 10728 stisvc - ok
09:46:15.0678 10728 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
09:46:15.0690 10728 stllssvr - ok
09:46:15.0712 10728 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
09:46:15.0717 10728 StorSvc - ok
09:46:15.0748 10728 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:46:15.0753 10728 storvsc - ok
09:46:15.0766 10728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:46:15.0770 10728 swenum - ok
09:46:15.0820 10728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:46:15.0825 10728 swprv - ok
09:46:15.0835 10728 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
09:46:15.0839 10728 SynthVid - ok
09:46:15.0918 10728 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:46:15.0962 10728 SysMain - ok
09:46:16.0033 10728 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:46:16.0036 10728 TabletInputService - ok
09:46:16.0057 10728 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:46:16.0066 10728 TapiSrv - ok
09:46:16.0092 10728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:46:16.0094 10728 TBS - ok
09:46:16.0200 10728 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:46:16.0225 10728 Tcpip - ok
09:46:16.0379 10728 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:46:16.0386 10728 TCPIP6 - ok
09:46:16.0446 10728 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:46:16.0450 10728 tcpipreg - ok
09:46:16.0468 10728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:46:16.0472 10728 TDPIPE - ok
09:46:16.0500 10728 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:46:16.0505 10728 TDTCP - ok
09:46:16.0522 10728 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:46:16.0528 10728 tdx - ok
09:46:16.0559 10728 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
09:46:16.0564 10728 TermDD - ok
09:46:16.0615 10728 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:46:16.0622 10728 TermService - ok
09:46:16.0633 10728 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:46:16.0638 10728 Themes - ok
09:46:16.0665 10728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:46:16.0667 10728 THREADORDER - ok
09:46:16.0698 10728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:46:16.0705 10728 TrkWks - ok
09:46:16.0755 10728 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:46:16.0764 10728 TrustedInstaller - ok
09:46:16.0795 10728 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:46:16.0800 10728 tssecsrv - ok
09:46:16.0829 10728 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:46:16.0835 10728 TsUsbFlt - ok
09:46:16.0846 10728 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
09:46:16.0851 10728 TsUsbGD - ok
09:46:16.0898 10728 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:46:16.0904 10728 tunnel - ok
09:46:16.0921 10728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
09:46:16.0926 10728 uagp35 - ok
09:46:16.0954 10728 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:46:16.0973 10728 udfs - ok
09:46:17.0003 10728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:46:17.0008 10728 UI0Detect - ok
09:46:17.0033 10728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:46:17.0036 10728 uliagpkx - ok
09:46:17.0056 10728 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
09:46:17.0059 10728 umbus - ok
09:46:17.0067 10728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
09:46:17.0070 10728 UmPass - ok
09:46:17.0104 10728 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
09:46:17.0105 10728 UmRdpService - ok
09:46:17.0269 10728 UNS (f7a1f83f28b125aa3737bc06eabb0cd5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:46:17.0331 10728 UNS - ok
09:46:17.0427 10728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:46:17.0446 10728 upnphost - ok
09:46:17.0493 10728 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\drivers\usbccgp.sys
09:46:17.0499 10728 usbccgp - ok
09:46:17.0519 10728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:46:17.0525 10728 usbcir - ok
09:46:17.0539 10728 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:46:17.0544 10728 usbehci - ok
09:46:17.0582 10728 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
09:46:17.0606 10728 usbhub - ok
09:46:17.0648 10728 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:46:17.0653 10728 usbohci - ok
09:46:17.0663 10728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
09:46:17.0668 10728 usbprint - ok
09:46:17.0685 10728 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:46:17.0690 10728 USBSTOR - ok
09:46:17.0710 10728 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:46:17.0714 10728 usbuhci - ok
09:46:17.0751 10728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:46:17.0756 10728 UxSms - ok
09:46:17.0782 10728 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:46:17.0783 10728 VaultSvc - ok
09:46:17.0807 10728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:46:17.0808 10728 vdrvroot - ok
09:46:17.0844 10728 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:46:17.0868 10728 vds - ok
09:46:17.0884 10728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:46:17.0888 10728 vga - ok
09:46:17.0904 10728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:46:17.0908 10728 VgaSave - ok
09:46:17.0935 10728 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:46:17.0949 10728 vhdmp - ok
09:46:17.0962 10728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:46:17.0966 10728 viaide - ok
09:46:17.0989 10728 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:46:17.0993 10728 VMBusHID - ok
09:46:18.0016 10728 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:46:18.0017 10728 volmgr - ok
09:46:18.0044 10728 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:46:18.0046 10728 volmgrx - ok
09:46:18.0067 10728 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:46:18.0068 10728 volsnap - ok
09:46:18.0090 10728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
09:46:18.0094 10728 vsmraid - ok
09:46:18.0181 10728 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:46:18.0204 10728 VSS - ok
09:46:18.0285 10728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
09:46:18.0289 10728 vwifibus - ok
09:46:18.0321 10728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:46:18.0325 10728 W32Time - ok
09:46:18.0338 10728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
09:46:18.0343 10728 WacomPen - ok
09:46:18.0373 10728 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:46:18.0379 10728 WANARP - ok
09:46:18.0383 10728 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:46:18.0384 10728 Wanarpv6 - ok
09:46:18.0461 10728 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:46:18.0502 10728 WatAdminSvc - ok
09:46:18.0576 10728 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:46:18.0635 10728 wbengine - ok
09:46:18.0710 10728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:46:18.0722 10728 WbioSrvc - ok
09:46:18.0753 10728 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:46:18.0772 10728 wcncsvc - ok
09:46:18.0787 10728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:46:18.0792 10728 WcsPlugInService - ok
09:46:18.0822 10728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
09:46:18.0826 10728 Wd - ok
09:46:18.0864 10728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:46:18.0869 10728 Wdf01000 - ok
09:46:18.0887 10728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:46:18.0892 10728 WdiServiceHost - ok
09:46:18.0897 10728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:46:18.0899 10728 WdiSystemHost - ok
09:46:18.0920 10728 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:46:18.0932 10728 WebClient - ok
09:46:18.0952 10728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:46:18.0963 10728 Wecsvc - ok
09:46:18.0982 10728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:46:18.0988 10728 wercplsupport - ok
09:46:19.0018 10728 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:46:19.0019 10728 WerSvc - ok
09:46:19.0067 10728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:46:19.0070 10728 WfpLwf - ok
09:46:19.0084 10728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:46:19.0087 10728 WIMMount - ok
09:46:19.0092 10728 WinHttpAutoProxySvc - ok
09:46:19.0147 10728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:46:19.0159 10728 Winmgmt - ok
09:46:19.0257 10728 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:46:19.0316 10728 WinRM - ok
09:46:19.0443 10728 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:46:19.0448 10728 WinUsb - ok
09:46:19.0511 10728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:46:19.0537 10728 Wlansvc - ok
09:46:19.0604 10728 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:46:19.0609 10728 wlcrasvc - ok
09:46:19.0736 10728 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:46:19.0797 10728 wlidsvc - ok
09:46:19.0903 10728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:46:19.0907 10728 WmiAcpi - ok
09:46:19.0973 10728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:46:19.0986 10728 wmiApSrv - ok
09:46:20.0021 10728 WMPNetworkSvc - ok
09:46:20.0050 10728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:46:20.0052 10728 WPCSvc - ok
09:46:20.0068 10728 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:46:20.0071 10728 WPDBusEnum - ok
09:46:20.0079 10728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:46:20.0082 10728 ws2ifsl - ok
09:46:20.0084 10728 WSearch - ok
09:46:20.0099 10728 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:46:20.0102 10728 WudfPf - ok
09:46:20.0137 10728 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:46:20.0141 10728 WUDFRd - ok
09:46:20.0150 10728 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:46:20.0154 10728 wudfsvc - ok
09:46:20.0177 10728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:46:20.0187 10728 WwanSvc - ok
09:46:20.0219 10728 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:46:20.0477 10728 \Device\Harddisk0\DR0 - ok
09:46:20.0481 10728 Boot (0x1200) (a6e20c18d3107d616252dedfae8e08d8) \Device\Harddisk0\DR0\Partition0
09:46:20.0483 10728 \Device\Harddisk0\DR0\Partition0 - ok
09:46:20.0513 10728 Boot (0x1200) (fc98bb9b8978082cfec966be138a5b05) \Device\Harddisk0\DR0\Partition1
09:46:20.0515 10728 \Device\Harddisk0\DR0\Partition1 - ok
09:46:20.0516 10728 ============================================================
09:46:20.0516 10728 Scan finished
09:46:20.0516 10728 ============================================================
09:46:20.0533 5716 Detected object count: 0
09:46:20.0534 5716 Actual detected object count: 0


aswMBR Log –
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-07 09:49:22
-----------------------------
09:49:22.858 OS Version: Windows x64 6.1.7601 Service Pack 1
09:49:22.858 Number of processors: 4 586 0x2A07
09:49:22.859 ComputerName: RBURNS UserName: rburns
09:49:25.634 Initialize success
09:50:06.847 AVAST engine defs: 12080700
09:50:31.428 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:50:31.430 Disk 0 Vendor: WDC_WD5000AAKX-753CA1 19.01H19 Size: 476940MB BusType: 3
09:50:31.445 Disk 0 MBR read successfully
09:50:31.447 Disk 0 MBR scan
09:50:31.452 Disk 0 Windows VISTA default MBR code
09:50:31.454 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
09:50:31.464 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13966 MB offset 81920
09:50:31.481 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462933 MB offset 28684288
09:50:31.508 Disk 0 scanning C:\Windows\system32\drivers
09:50:38.648 Service scanning
09:50:54.698 Modules scanning
09:50:54.699 Disk 0 trace - called modules:
09:50:54.710 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:50:54.715 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ada060]
09:50:54.715 3 CLASSPNP.SYS[fffff8800166c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007631060]
09:50:57.124 AVAST engine scan C:\Windows
09:50:58.708 AVAST engine scan C:\Windows\system32
09:52:10.211 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:52:11.900 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:53:12.099 AVAST engine scan C:\Windows\system32\drivers
09:53:20.457 AVAST engine scan C:\Users\rburns.PFG
09:57:43.327 AVAST engine scan C:\ProgramData
09:58:32.787 Scan finished successfully
09:59:20.970 Disk 0 MBR has been saved successfully to "C:\Users\rburns.PFG\Documents\MBR.dat"
09:59:20.970 The log file has been saved successfully to "C:\Users\rburns.PFG\Documents\aswMBR.txt"

Eset Log –
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:59 AM

Posted 07 August 2012 - 09:50 AM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 07 August 2012 - 09:50 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users