Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing Sirefef viruses


  • Please log in to reply
5 replies to this topic

#1 jacob'scomputer

jacob'scomputer

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 11 August 2012 - 06:55 PM

This month my internet usage was much higher than usual, and when I went to run a virus scan through Microsoft Security Essentials I realized that it had been disabled for almost a month. I googled Microsoft Security Essentials and noticed that all of my results were being redirected to other websites, but I was able to download it after I typed in the URL manually. I uninstalled MSE and reinstalled it, and ran a scan which very quickly found that I was infected by the following viruses:

Trojan: Win64/Sirefef
Trojan: Win64/Sirefef.AA
Trojan: Win64/Sirefef.AN
Trojan: Win64/Sirefef.B
Trojan: Win64/Sirefef.W

Each time MSE attempts to remove these viruses the computer restarts, and the same files are found when I run the scan again. In fact, I had to disable MSE because its constant attempts to clean the viruses forced my computer to restart every few minutes.

I attempted to follow the guide at http://sirefef.com/ but I wasn't able to find any of the registry values it told me to look for, so I didn't actually make any changes to my computer. I'm currently downloaded Malwarebytes, but I have a feeling that it won't be successful. What should I do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:05 AM

Posted 11 August 2012 - 06:56 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 jacob'scomputer

jacob'scomputer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 11 August 2012 - 08:33 PM

Thank you very much for the help. Here are the logs:

19:59:01.0403 4532 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:59:02.0137 4532 ============================================================
19:59:02.0137 4532 Current date / time: 2012/08/11 19:59:02.0137
19:59:02.0137 4532 SystemInfo:
19:59:02.0137 4532
19:59:02.0137 4532 OS Version: 6.1.7601 ServicePack: 1.0
19:59:02.0137 4532 Product type: Workstation
19:59:02.0137 4532 ComputerName: JACOB-PC
19:59:02.0138 4532 UserName: Jacob
19:59:02.0138 4532 Windows directory: C:\windows
19:59:02.0138 4532 System windows directory: C:\windows
19:59:02.0138 4532 Running under WOW64
19:59:02.0138 4532 Processor architecture: Intel x64
19:59:02.0138 4532 Number of processors: 4
19:59:02.0138 4532 Page size: 0x1000
19:59:02.0138 4532 Boot type: Normal boot
19:59:02.0138 4532 ============================================================
19:59:02.0796 4532 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:59:02.0807 4532 ============================================================
19:59:02.0807 4532 \Device\Harddisk0\DR0:
19:59:02.0807 4532 MBR partitions:
19:59:02.0807 4532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x539D6000
19:59:02.0807 4532 ============================================================
19:59:02.0835 4532 C: <-> \Device\Harddisk0\DR0\Partition0
19:59:02.0835 4532 ============================================================
19:59:02.0835 4532 Initialize success
19:59:02.0835 4532 ============================================================
19:59:08.0270 1216 ============================================================
19:59:08.0270 1216 Scan started
19:59:08.0270 1216 Mode: Manual;
19:59:08.0270 1216 ============================================================
19:59:09.0291 1216 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:59:09.0295 1216 1394ohci - ok
19:59:09.0392 1216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:59:09.0398 1216 ACPI - ok
19:59:09.0432 1216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:59:09.0434 1216 AcpiPmi - ok
19:59:09.0577 1216 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:59:09.0581 1216 AdobeFlashPlayerUpdateSvc - ok
19:59:09.0701 1216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:59:09.0710 1216 adp94xx - ok
19:59:09.0771 1216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:59:09.0777 1216 adpahci - ok
19:59:09.0825 1216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:59:09.0829 1216 adpu320 - ok
19:59:09.0867 1216 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:59:09.0870 1216 AeLookupSvc - ok
19:59:09.0969 1216 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:59:09.0977 1216 AFD - ok
19:59:10.0040 1216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:59:10.0042 1216 agp440 - ok
19:59:10.0085 1216 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:59:10.0088 1216 ALG - ok
19:59:10.0118 1216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:59:10.0119 1216 aliide - ok
19:59:10.0166 1216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:59:10.0167 1216 amdide - ok
19:59:10.0205 1216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:59:10.0207 1216 AmdK8 - ok
19:59:10.0243 1216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:59:10.0245 1216 AmdPPM - ok
19:59:10.0306 1216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:59:10.0308 1216 amdsata - ok
19:59:10.0334 1216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:59:10.0338 1216 amdsbs - ok
19:59:10.0361 1216 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:59:10.0362 1216 amdxata - ok
19:59:10.0421 1216 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:59:10.0424 1216 AppID - ok
19:59:10.0459 1216 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:59:10.0461 1216 AppIDSvc - ok
19:59:10.0515 1216 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:59:10.0517 1216 Appinfo - ok
19:59:10.0640 1216 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:59:10.0642 1216 Apple Mobile Device - ok
19:59:10.0691 1216 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:59:10.0693 1216 arc - ok
19:59:10.0727 1216 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:59:10.0730 1216 arcsas - ok
19:59:10.0765 1216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:59:10.0767 1216 AsyncMac - ok
19:59:10.0821 1216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:59:10.0822 1216 atapi - ok
19:59:11.0030 1216 athr (5fc7a59e7ce6bcdcfdff939c8cedb96c) C:\windows\system32\DRIVERS\athrx.sys
19:59:11.0072 1216 athr - ok
19:59:11.0229 1216 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:59:11.0240 1216 AudioEndpointBuilder - ok
19:59:11.0254 1216 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:59:11.0262 1216 AudioSrv - ok
19:59:11.0312 1216 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:59:11.0315 1216 AxInstSV - ok
19:59:11.0375 1216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:59:11.0383 1216 b06bdrv - ok
19:59:11.0433 1216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:59:11.0438 1216 b57nd60a - ok
19:59:11.0490 1216 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:59:11.0492 1216 BDESVC - ok
19:59:11.0504 1216 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:59:11.0505 1216 Beep - ok
19:59:11.0558 1216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:59:11.0560 1216 blbdrive - ok
19:59:11.0639 1216 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:59:11.0644 1216 Bonjour Service - ok
19:59:11.0678 1216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:59:11.0681 1216 bowser - ok
19:59:11.0715 1216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:59:11.0716 1216 BrFiltLo - ok
19:59:11.0724 1216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:59:11.0726 1216 BrFiltUp - ok
19:59:11.0775 1216 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:59:11.0778 1216 Browser - ok
19:59:11.0808 1216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:59:11.0815 1216 Brserid - ok
19:59:11.0826 1216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:59:11.0828 1216 BrSerWdm - ok
19:59:11.0834 1216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:59:11.0836 1216 BrUsbMdm - ok
19:59:11.0845 1216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:59:11.0847 1216 BrUsbSer - ok
19:59:11.0865 1216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:59:11.0867 1216 BTHMODEM - ok
19:59:11.0910 1216 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:59:11.0913 1216 bthserv - ok
19:59:11.0952 1216 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:59:11.0955 1216 cdfs - ok
19:59:12.0016 1216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:59:12.0018 1216 cdrom - ok
19:59:12.0070 1216 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:59:12.0072 1216 CertPropSvc - ok
19:59:12.0173 1216 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:59:12.0176 1216 cfWiMAXService - ok
19:59:12.0209 1216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:59:12.0211 1216 circlass - ok
19:59:12.0259 1216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:59:12.0266 1216 CLFS - ok
19:59:12.0330 1216 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:12.0331 1216 clr_optimization_v2.0.50727_32 - ok
19:59:12.0370 1216 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:59:12.0372 1216 clr_optimization_v2.0.50727_64 - ok
19:59:12.0445 1216 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:59:12.0447 1216 clr_optimization_v4.0.30319_32 - ok
19:59:12.0485 1216 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:59:12.0490 1216 clr_optimization_v4.0.30319_64 - ok
19:59:12.0534 1216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:59:12.0536 1216 CmBatt - ok
19:59:12.0573 1216 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:59:12.0575 1216 cmdide - ok
19:59:12.0655 1216 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
19:59:12.0663 1216 CNG - ok
19:59:12.0758 1216 CnxtHdAudService (66d12b53e117ef951d5e1ced03b4cc1b) C:\windows\system32\drivers\CHDRT64.sys
19:59:12.0767 1216 CnxtHdAudService - ok
19:59:12.0804 1216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:59:12.0805 1216 Compbatt - ok
19:59:12.0861 1216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:59:12.0863 1216 CompositeBus - ok
19:59:12.0874 1216 COMSysApp - ok
19:59:12.0954 1216 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:59:12.0956 1216 ConfigFree Service - ok
19:59:12.0988 1216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:59:12.0989 1216 crcdisk - ok
19:59:13.0086 1216 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
19:59:13.0092 1216 CryptSvc - ok
19:59:13.0175 1216 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:59:13.0185 1216 DcomLaunch - ok
19:59:13.0224 1216 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:59:13.0230 1216 defragsvc - ok
19:59:13.0294 1216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:59:13.0296 1216 DfsC - ok
19:59:13.0360 1216 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:59:13.0366 1216 Dhcp - ok
19:59:13.0391 1216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:59:13.0392 1216 discache - ok
19:59:13.0422 1216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:59:13.0424 1216 Disk - ok
19:59:13.0472 1216 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:59:13.0476 1216 Dnscache - ok
19:59:13.0533 1216 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:59:13.0538 1216 dot3svc - ok
19:59:13.0565 1216 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:59:13.0569 1216 DPS - ok
19:59:13.0607 1216 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:59:13.0608 1216 drmkaud - ok
19:59:13.0674 1216 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\windows\system32\DRIVERS\dtsoftbus01.sys
19:59:13.0678 1216 dtsoftbus01 - ok
19:59:13.0764 1216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:59:13.0775 1216 DXGKrnl - ok
19:59:13.0828 1216 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:59:13.0831 1216 EapHost - ok
19:59:14.0055 1216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:59:14.0109 1216 ebdrv - ok
19:59:14.0218 1216 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:59:14.0221 1216 EFS - ok
19:59:14.0322 1216 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:59:14.0330 1216 ehRecvr - ok
19:59:14.0357 1216 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:59:14.0359 1216 ehSched - ok
19:59:14.0431 1216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:59:14.0440 1216 elxstor - ok
19:59:14.0476 1216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:59:14.0477 1216 ErrDev - ok
19:59:14.0527 1216 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:59:14.0534 1216 EventSystem - ok
19:59:14.0565 1216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:59:14.0570 1216 exfat - ok
19:59:14.0613 1216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:59:14.0617 1216 fastfat - ok
19:59:14.0702 1216 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:59:14.0714 1216 Fax - ok
19:59:14.0739 1216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:59:14.0745 1216 fdc - ok
19:59:14.0805 1216 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:59:14.0807 1216 fdPHost - ok
19:59:14.0822 1216 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:59:14.0825 1216 FDResPub - ok
19:59:14.0867 1216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:59:14.0869 1216 FileInfo - ok
19:59:14.0881 1216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:59:14.0883 1216 Filetrace - ok
19:59:14.0908 1216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:59:14.0909 1216 flpydisk - ok
19:59:14.0968 1216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:59:14.0974 1216 FltMgr - ok
19:59:15.0161 1216 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:59:15.0188 1216 FontCache - ok
19:59:15.0316 1216 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:59:15.0317 1216 FontCache3.0.0.0 - ok
19:59:15.0409 1216 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:59:15.0411 1216 FsDepends - ok
19:59:15.0470 1216 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys
19:59:15.0472 1216 fssfltr - ok
19:59:15.0709 1216 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:59:15.0727 1216 fsssvc - ok
19:59:15.0883 1216 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:59:15.0884 1216 Fs_Rec - ok
19:59:15.0946 1216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:59:15.0950 1216 fvevol - ok
19:59:16.0005 1216 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
19:59:16.0006 1216 FwLnk - ok
19:59:16.0050 1216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:59:16.0053 1216 gagp30kx - ok
19:59:16.0129 1216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:59:16.0130 1216 GEARAspiWDM - ok
19:59:16.0209 1216 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:59:16.0224 1216 gpsvc - ok
19:59:16.0261 1216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:59:16.0262 1216 hcw85cir - ok
19:59:16.0372 1216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:59:16.0379 1216 HdAudAddService - ok
19:59:16.0429 1216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:59:16.0432 1216 HDAudBus - ok
19:59:16.0472 1216 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
19:59:16.0473 1216 HECIx64 - ok
19:59:16.0502 1216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:59:16.0504 1216 HidBatt - ok
19:59:16.0523 1216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:59:16.0526 1216 HidBth - ok
19:59:16.0551 1216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:59:16.0553 1216 HidIr - ok
19:59:16.0588 1216 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
19:59:16.0590 1216 hidserv - ok
19:59:16.0642 1216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
19:59:16.0643 1216 HidUsb - ok
19:59:16.0687 1216 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:59:16.0690 1216 hkmsvc - ok
19:59:16.0765 1216 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:59:16.0771 1216 HomeGroupListener - ok
19:59:16.0837 1216 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:59:16.0842 1216 HomeGroupProvider - ok
19:59:16.0910 1216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:59:16.0912 1216 HpSAMD - ok
19:59:17.0031 1216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:59:17.0048 1216 HTTP - ok
19:59:17.0107 1216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:59:17.0108 1216 hwpolicy - ok
19:59:17.0179 1216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:59:17.0182 1216 i8042prt - ok
19:59:17.0252 1216 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
19:59:17.0259 1216 iaStor - ok
19:59:17.0322 1216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:59:17.0329 1216 iaStorV - ok
19:59:17.0434 1216 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:59:17.0445 1216 idsvc - ok
19:59:18.0022 1216 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
19:59:18.0277 1216 igfx - ok
19:59:18.0448 1216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:59:18.0451 1216 iirsp - ok
19:59:18.0558 1216 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:59:18.0575 1216 IKEEXT - ok
19:59:18.0636 1216 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
19:59:18.0640 1216 Impcd - ok
19:59:18.0691 1216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:59:18.0693 1216 intelide - ok
19:59:18.0743 1216 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:59:18.0744 1216 intelppm - ok
19:59:18.0809 1216 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:59:18.0813 1216 IPBusEnum - ok
19:59:18.0890 1216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:59:18.0893 1216 IpFilterDriver - ok
19:59:18.0932 1216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:59:18.0934 1216 IPMIDRV - ok
19:59:18.0986 1216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:59:18.0989 1216 IPNAT - ok
19:59:19.0195 1216 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
19:59:19.0207 1216 iPod Service - ok
19:59:19.0245 1216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:59:19.0247 1216 IRENUM - ok
19:59:19.0287 1216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:59:19.0292 1216 isapnp - ok
19:59:19.0325 1216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:59:19.0330 1216 iScsiPrt - ok
19:59:19.0364 1216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
19:59:19.0365 1216 kbdclass - ok
19:59:19.0410 1216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:59:19.0412 1216 kbdhid - ok
19:59:19.0452 1216 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:19.0454 1216 KeyIso - ok
19:59:19.0496 1216 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
19:59:19.0499 1216 KSecDD - ok
19:59:19.0546 1216 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
19:59:19.0548 1216 KSecPkg - ok
19:59:19.0584 1216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:59:19.0586 1216 ksthunk - ok
19:59:19.0638 1216 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:59:19.0646 1216 KtmRm - ok
19:59:19.0707 1216 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
19:59:19.0709 1216 L1C - ok
19:59:19.0771 1216 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
19:59:19.0778 1216 LanmanServer - ok
19:59:19.0830 1216 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:59:19.0836 1216 LanmanWorkstation - ok
19:59:19.0881 1216 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:59:19.0883 1216 lltdio - ok
19:59:19.0961 1216 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:59:19.0968 1216 lltdsvc - ok
19:59:19.0990 1216 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:59:19.0994 1216 lmhosts - ok
19:59:20.0183 1216 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:59:20.0187 1216 LMS - ok
19:59:20.0247 1216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:59:20.0250 1216 LSI_FC - ok
19:59:20.0297 1216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:59:20.0300 1216 LSI_SAS - ok
19:59:20.0324 1216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:59:20.0326 1216 LSI_SAS2 - ok
19:59:20.0347 1216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:59:20.0350 1216 LSI_SCSI - ok
19:59:20.0382 1216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:59:20.0385 1216 luafv - ok
19:59:20.0439 1216 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:59:20.0443 1216 Mcx2Svc - ok
19:59:20.0477 1216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:59:20.0479 1216 megasas - ok
19:59:20.0511 1216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:59:20.0517 1216 MegaSR - ok
19:59:20.0613 1216 Microsoft SharePoint Workspace Audit Service - ok
19:59:20.0657 1216 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:59:20.0660 1216 MMCSS - ok
19:59:20.0682 1216 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:59:20.0683 1216 Modem - ok
19:59:20.0718 1216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:59:20.0718 1216 monitor - ok
19:59:20.0770 1216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
19:59:20.0771 1216 mouclass - ok
19:59:20.0839 1216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:59:20.0841 1216 mouhid - ok
19:59:20.0905 1216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:59:20.0908 1216 mountmgr - ok
19:59:20.0984 1216 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:59:20.0986 1216 MozillaMaintenance - ok
19:59:21.0018 1216 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
19:59:21.0022 1216 MpFilter - ok
19:59:21.0059 1216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:59:21.0062 1216 mpio - ok
19:59:21.0097 1216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:59:21.0099 1216 mpsdrv - ok
19:59:21.0152 1216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:59:21.0155 1216 MRxDAV - ok
19:59:21.0181 1216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:59:21.0184 1216 mrxsmb - ok
19:59:21.0211 1216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:59:21.0216 1216 mrxsmb10 - ok
19:59:21.0251 1216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:59:21.0254 1216 mrxsmb20 - ok
19:59:21.0282 1216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:59:21.0283 1216 msahci - ok
19:59:21.0308 1216 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:59:21.0312 1216 msdsm - ok
19:59:21.0347 1216 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:59:21.0351 1216 MSDTC - ok
19:59:21.0390 1216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:59:21.0391 1216 Msfs - ok
19:59:21.0409 1216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:59:21.0411 1216 mshidkmdf - ok
19:59:21.0454 1216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:59:21.0455 1216 msisadrv - ok
19:59:21.0488 1216 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:59:21.0492 1216 MSiSCSI - ok
19:59:21.0500 1216 msiserver - ok
19:59:21.0537 1216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:59:21.0539 1216 MSKSSRV - ok
19:59:21.0617 1216 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:59:21.0618 1216 MsMpSvc - ok
19:59:21.0641 1216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:59:21.0643 1216 MSPCLOCK - ok
19:59:21.0669 1216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:59:21.0670 1216 MSPQM - ok
19:59:21.0729 1216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:59:21.0735 1216 MsRPC - ok
19:59:21.0775 1216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:59:21.0776 1216 mssmbios - ok
19:59:21.0805 1216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:59:21.0806 1216 MSTEE - ok
19:59:21.0827 1216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:59:21.0828 1216 MTConfig - ok
19:59:21.0844 1216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:59:21.0845 1216 Mup - ok
19:59:21.0903 1216 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:59:21.0913 1216 napagent - ok
19:59:21.0974 1216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:59:21.0980 1216 NativeWifiP - ok
19:59:22.0073 1216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:59:22.0088 1216 NDIS - ok
19:59:22.0126 1216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:59:22.0128 1216 NdisCap - ok
19:59:22.0166 1216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:59:22.0168 1216 NdisTapi - ok
19:59:22.0211 1216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:59:22.0213 1216 Ndisuio - ok
19:59:22.0253 1216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:59:22.0256 1216 NdisWan - ok
19:59:22.0298 1216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:59:22.0299 1216 NDProxy - ok
19:59:22.0348 1216 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\windows\system32\DRIVERS\netaapl64.sys
19:59:22.0349 1216 Netaapl - ok
19:59:22.0386 1216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:59:22.0388 1216 NetBIOS - ok
19:59:22.0452 1216 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:59:22.0456 1216 NetBT - ok
19:59:22.0497 1216 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:22.0499 1216 Netlogon - ok
19:59:22.0561 1216 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:59:22.0571 1216 Netman - ok
19:59:22.0635 1216 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:59:22.0644 1216 netprofm - ok
19:59:22.0718 1216 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:59:22.0720 1216 NetTcpPortSharing - ok
19:59:22.0762 1216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:59:22.0765 1216 nfrd960 - ok
19:59:22.0807 1216 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:59:22.0809 1216 NisDrv - ok
19:59:22.0918 1216 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:59:22.0921 1216 NisSrv - ok
19:59:22.0989 1216 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:59:22.0996 1216 NlaSvc - ok
19:59:23.0028 1216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:59:23.0030 1216 Npfs - ok
19:59:23.0082 1216 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:59:23.0085 1216 nsi - ok
19:59:23.0111 1216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:59:23.0112 1216 nsiproxy - ok
19:59:23.0240 1216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:59:23.0268 1216 Ntfs - ok
19:59:23.0376 1216 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:59:23.0377 1216 Null - ok
19:59:23.0441 1216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:59:23.0444 1216 nvraid - ok
19:59:23.0475 1216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:59:23.0478 1216 nvstor - ok
19:59:23.0500 1216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:59:23.0503 1216 nv_agp - ok
19:59:23.0523 1216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:59:23.0525 1216 ohci1394 - ok
19:59:23.0617 1216 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:23.0619 1216 ose - ok
19:59:23.0931 1216 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:59:23.0988 1216 osppsvc - ok
19:59:24.0102 1216 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:59:24.0109 1216 p2pimsvc - ok
19:59:24.0147 1216 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:59:24.0156 1216 p2psvc - ok
19:59:24.0201 1216 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:59:24.0204 1216 Parport - ok
19:59:24.0245 1216 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:59:24.0247 1216 partmgr - ok
19:59:24.0282 1216 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:59:24.0288 1216 PcaSvc - ok
19:59:24.0331 1216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:59:24.0334 1216 pci - ok
19:59:24.0359 1216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:59:24.0360 1216 pciide - ok
19:59:24.0395 1216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:59:24.0399 1216 pcmcia - ok
19:59:24.0426 1216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:59:24.0427 1216 pcw - ok
19:59:24.0476 1216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:59:24.0487 1216 PEAUTH - ok
19:59:24.0549 1216 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:59:24.0551 1216 PerfHost - ok
19:59:24.0594 1216 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
19:59:24.0595 1216 PGEffect - ok
19:59:24.0738 1216 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:59:24.0764 1216 pla - ok
19:59:24.0835 1216 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:59:24.0844 1216 PlugPlay - ok
19:59:24.0874 1216 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:59:24.0878 1216 PNRPAutoReg - ok
19:59:24.0913 1216 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:59:24.0919 1216 PNRPsvc - ok
19:59:24.0981 1216 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:59:24.0991 1216 PolicyAgent - ok
19:59:25.0027 1216 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:59:25.0032 1216 Power - ok
19:59:25.0125 1216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:59:25.0128 1216 PptpMiniport - ok
19:59:25.0158 1216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:59:25.0160 1216 Processor - ok
19:59:25.0199 1216 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
19:59:25.0205 1216 ProfSvc - ok
19:59:25.0241 1216 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:25.0244 1216 ProtectedStorage - ok
19:59:25.0302 1216 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:59:25.0305 1216 Psched - ok
19:59:25.0430 1216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:59:25.0455 1216 ql2300 - ok
19:59:25.0569 1216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:59:25.0572 1216 ql40xx - ok
19:59:25.0609 1216 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:59:25.0615 1216 QWAVE - ok
19:59:25.0626 1216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:59:25.0628 1216 QWAVEdrv - ok
19:59:25.0641 1216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:59:25.0643 1216 RasAcd - ok
19:59:25.0681 1216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:59:25.0682 1216 RasAgileVpn - ok
19:59:25.0717 1216 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:59:25.0722 1216 RasAuto - ok
19:59:25.0767 1216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:59:25.0769 1216 Rasl2tp - ok
19:59:25.0831 1216 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:59:25.0840 1216 RasMan - ok
19:59:25.0900 1216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:59:25.0902 1216 RasPppoe - ok
19:59:25.0933 1216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:59:25.0936 1216 RasSstp - ok
19:59:25.0991 1216 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:59:25.0996 1216 rdbss - ok
19:59:26.0028 1216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:59:26.0029 1216 rdpbus - ok
19:59:26.0062 1216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:59:26.0063 1216 RDPCDD - ok
19:59:26.0080 1216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:59:26.0080 1216 RDPENCDD - ok
19:59:26.0088 1216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:59:26.0092 1216 RDPREFMP - ok
19:59:26.0142 1216 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
19:59:26.0146 1216 RDPWD - ok
19:59:26.0206 1216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:59:26.0210 1216 rdyboost - ok
19:59:26.0245 1216 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:59:26.0249 1216 RemoteAccess - ok
19:59:26.0279 1216 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:59:26.0284 1216 RemoteRegistry - ok
19:59:26.0296 1216 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:59:26.0300 1216 RpcEptMapper - ok
19:59:26.0321 1216 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:59:26.0323 1216 RpcLocator - ok
19:59:26.0385 1216 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:59:26.0393 1216 RpcSs - ok
19:59:26.0437 1216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:59:26.0439 1216 rspndr - ok
19:59:26.0479 1216 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
19:59:26.0483 1216 RSUSBSTOR - ok
19:59:26.0519 1216 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:26.0521 1216 SamSs - ok
19:59:26.0605 1216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:59:26.0608 1216 sbp2port - ok
19:59:26.0664 1216 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:59:26.0670 1216 SCardSvr - ok
19:59:26.0728 1216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:59:26.0729 1216 scfilter - ok
19:59:26.0820 1216 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:59:26.0840 1216 Schedule - ok
19:59:26.0882 1216 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:59:26.0884 1216 SCPolicySvc - ok
19:59:26.0924 1216 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:59:26.0930 1216 SDRSVC - ok
19:59:26.0996 1216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:59:26.0997 1216 secdrv - ok
19:59:27.0030 1216 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:59:27.0034 1216 seclogon - ok
19:59:27.0078 1216 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
19:59:27.0083 1216 SENS - ok
19:59:27.0098 1216 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:59:27.0102 1216 SensrSvc - ok
19:59:27.0143 1216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:59:27.0145 1216 Serenum - ok
19:59:27.0185 1216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:59:27.0188 1216 Serial - ok
19:59:27.0228 1216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:59:27.0229 1216 sermouse - ok
19:59:27.0285 1216 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:59:27.0290 1216 SessionEnv - ok
19:59:27.0335 1216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:59:27.0337 1216 sffdisk - ok
19:59:27.0352 1216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:59:27.0353 1216 sffp_mmc - ok
19:59:27.0373 1216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:59:27.0375 1216 sffp_sd - ok
19:59:27.0411 1216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:59:27.0412 1216 sfloppy - ok
19:59:27.0474 1216 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:59:27.0483 1216 ShellHWDetection - ok
19:59:27.0508 1216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:59:27.0510 1216 SiSRaid2 - ok
19:59:27.0537 1216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:59:27.0540 1216 SiSRaid4 - ok
19:59:27.0598 1216 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:59:27.0600 1216 SkypeUpdate - ok
19:59:27.0634 1216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:59:27.0636 1216 Smb - ok
19:59:27.0697 1216 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:59:27.0700 1216 SNMPTRAP - ok
19:59:27.0730 1216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:59:27.0731 1216 spldr - ok
19:59:27.0790 1216 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:59:27.0802 1216 Spooler - ok
19:59:28.0025 1216 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:59:28.0083 1216 sppsvc - ok
19:59:28.0177 1216 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:59:28.0181 1216 sppuinotify - ok
19:59:28.0240 1216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:59:28.0248 1216 srv - ok
19:59:28.0279 1216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:59:28.0287 1216 srv2 - ok
19:59:28.0310 1216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:59:28.0314 1216 srvnet - ok
19:59:28.0350 1216 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:59:28.0356 1216 SSDPSRV - ok
19:59:28.0396 1216 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\windows\system32\Drivers\SSPORT.sys
19:59:28.0397 1216 SSPORT - ok
19:59:28.0412 1216 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:59:28.0417 1216 SstpSvc - ok
19:59:28.0446 1216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:59:28.0448 1216 stexstor - ok
19:59:28.0538 1216 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:59:28.0550 1216 stisvc - ok
19:59:28.0583 1216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:59:28.0584 1216 swenum - ok
19:59:28.0642 1216 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:59:28.0654 1216 swprv - ok
19:59:28.0758 1216 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
19:59:28.0762 1216 SynTP - ok
19:59:28.0885 1216 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:59:28.0915 1216 SysMain - ok
19:59:29.0025 1216 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:59:29.0031 1216 TabletInputService - ok
19:59:29.0055 1216 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:59:29.0063 1216 TapiSrv - ok
19:59:29.0094 1216 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:59:29.0098 1216 TBS - ok
19:59:29.0261 1216 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:59:29.0292 1216 Tcpip - ok
19:59:29.0504 1216 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:59:29.0526 1216 TCPIP6 - ok
19:59:29.0655 1216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:59:29.0657 1216 tcpipreg - ok
19:59:29.0701 1216 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:59:29.0701 1216 tdcmdpst - ok
19:59:29.0729 1216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:59:29.0731 1216 TDPIPE - ok
19:59:29.0779 1216 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:59:29.0781 1216 TDTCP - ok
19:59:29.0834 1216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:59:29.0836 1216 tdx - ok
19:59:29.0881 1216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:59:29.0882 1216 TermDD - ok
19:59:29.0936 1216 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:59:29.0949 1216 TermService - ok
19:59:29.0986 1216 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:59:29.0990 1216 Themes - ok
19:59:30.0023 1216 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:59:30.0026 1216 THREADORDER - ok
19:59:30.0077 1216 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\windows\System32\tlntsvr.exe
19:59:30.0082 1216 TlntSvr - ok
19:59:30.0167 1216 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:59:30.0169 1216 TMachInfo - ok
19:59:30.0211 1216 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
19:59:30.0216 1216 TODDSrv - ok
19:59:30.0306 1216 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:59:30.0312 1216 TosCoSrv - ok
19:59:30.0359 1216 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:59:30.0361 1216 TOSHIBA HDD SSD Alert Service - ok
19:59:30.0399 1216 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:59:30.0404 1216 TrkWks - ok
19:59:30.0473 1216 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:59:30.0476 1216 TrustedInstaller - ok
19:59:30.0532 1216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:59:30.0534 1216 tssecsrv - ok
19:59:30.0601 1216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:59:30.0607 1216 TsUsbFlt - ok
19:59:30.0679 1216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:59:30.0682 1216 tunnel - ok
19:59:30.0753 1216 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:59:30.0754 1216 TVALZ - ok
19:59:30.0780 1216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:59:30.0782 1216 uagp35 - ok
19:59:30.0835 1216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:59:30.0841 1216 udfs - ok
19:59:30.0885 1216 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:59:30.0891 1216 UI0Detect - ok
19:59:30.0934 1216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:59:30.0936 1216 uliagpkx - ok
19:59:30.0973 1216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
19:59:30.0975 1216 umbus - ok
19:59:31.0011 1216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:59:31.0014 1216 UmPass - ok
19:59:31.0273 1216 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:59:31.0301 1216 UNS - ok
19:59:31.0419 1216 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:59:31.0428 1216 upnphost - ok
19:59:31.0491 1216 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
19:59:31.0493 1216 USBAAPL64 - ok
19:59:31.0532 1216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:59:31.0534 1216 usbccgp - ok
19:59:31.0575 1216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:59:31.0578 1216 usbcir - ok
19:59:31.0595 1216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
19:59:31.0597 1216 usbehci - ok
19:59:31.0642 1216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:59:31.0648 1216 usbhub - ok
19:59:31.0666 1216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:59:31.0668 1216 usbohci - ok
19:59:31.0702 1216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:59:31.0704 1216 usbprint - ok
19:59:31.0748 1216 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:59:31.0750 1216 usbscan - ok
19:59:31.0784 1216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:59:31.0787 1216 USBSTOR - ok
19:59:31.0806 1216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:59:31.0808 1216 usbuhci - ok
19:59:31.0869 1216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
19:59:31.0875 1216 usbvideo - ok
19:59:31.0900 1216 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:59:31.0905 1216 UxSms - ok
19:59:31.0941 1216 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:59:31.0944 1216 VaultSvc - ok
19:59:31.0974 1216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:59:31.0975 1216 vdrvroot - ok
19:59:32.0035 1216 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:59:32.0048 1216 vds - ok
19:59:32.0074 1216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:59:32.0076 1216 vga - ok
19:59:32.0091 1216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:59:32.0093 1216 VgaSave - ok
19:59:32.0145 1216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:59:32.0149 1216 vhdmp - ok
19:59:32.0165 1216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:59:32.0167 1216 viaide - ok
19:59:32.0193 1216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:59:32.0195 1216 volmgr - ok
19:59:32.0251 1216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:59:32.0258 1216 volmgrx - ok
19:59:32.0322 1216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:59:32.0327 1216 volsnap - ok
19:59:32.0368 1216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:59:32.0372 1216 vsmraid - ok
19:59:32.0509 1216 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:59:32.0538 1216 VSS - ok
19:59:32.0653 1216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:59:32.0654 1216 vwifibus - ok
19:59:32.0714 1216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:59:32.0716 1216 vwififlt - ok
19:59:32.0793 1216 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:59:32.0802 1216 W32Time - ok
19:59:32.0830 1216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:59:32.0831 1216 WacomPen - ok
19:59:32.0884 1216 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:59:32.0886 1216 WANARP - ok
19:59:32.0896 1216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:59:32.0897 1216 Wanarpv6 - ok
19:59:33.0004 1216 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:59:33.0025 1216 WatAdminSvc - ok
19:59:33.0129 1216 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:59:33.0157 1216 wbengine - ok
19:59:33.0258 1216 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:59:33.0265 1216 WbioSrvc - ok
19:59:33.0326 1216 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:59:33.0335 1216 wcncsvc - ok
19:59:33.0352 1216 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:59:33.0357 1216 WcsPlugInService - ok
19:59:33.0415 1216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:59:33.0416 1216 Wd - ok
19:59:33.0465 1216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:59:33.0476 1216 Wdf01000 - ok
19:59:33.0494 1216 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:59:33.0499 1216 WdiServiceHost - ok
19:59:33.0504 1216 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:59:33.0509 1216 WdiSystemHost - ok
19:59:33.0553 1216 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:59:33.0561 1216 WebClient - ok
19:59:33.0605 1216 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:59:33.0613 1216 Wecsvc - ok
19:59:33.0627 1216 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:59:33.0631 1216 wercplsupport - ok
19:59:33.0665 1216 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:59:33.0670 1216 WerSvc - ok
19:59:33.0731 1216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:59:33.0732 1216 WfpLwf - ok
19:59:33.0748 1216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:59:33.0750 1216 WIMMount - ok
19:59:33.0763 1216 WinHttpAutoProxySvc - ok
19:59:33.0838 1216 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:59:33.0842 1216 Winmgmt - ok
19:59:33.0991 1216 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:59:34.0027 1216 WinRM - ok
19:59:34.0164 1216 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:59:34.0166 1216 WinUsb - ok
19:59:34.0232 1216 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:59:34.0250 1216 Wlansvc - ok
19:59:34.0308 1216 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:59:34.0309 1216 wlcrasvc - ok
19:59:34.0478 1216 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:59:34.0506 1216 wlidsvc - ok
19:59:34.0675 1216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:59:34.0677 1216 WmiAcpi - ok
19:59:34.0757 1216 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:59:34.0762 1216 wmiApSrv - ok
19:59:34.0815 1216 WMPNetworkSvc - ok
19:59:34.0848 1216 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:59:34.0853 1216 WPCSvc - ok
19:59:34.0888 1216 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:59:34.0893 1216 WPDBusEnum - ok
19:59:34.0926 1216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:59:34.0928 1216 ws2ifsl - ok
19:59:34.0934 1216 WSearch - ok
19:59:34.0974 1216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:59:34.0977 1216 WudfPf - ok
19:59:35.0001 1216 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:59:35.0004 1216 WUDFRd - ok
19:59:35.0046 1216 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:59:35.0051 1216 wudfsvc - ok
19:59:35.0088 1216 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:59:35.0096 1216 WwanSvc - ok
19:59:35.0142 1216 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:59:35.0357 1216 \Device\Harddisk0\DR0 - ok
19:59:35.0377 1216 Boot (0x1200) (b7e8fdc72016927ede4a01b3cfaa9b73) \Device\Harddisk0\DR0\Partition0
19:59:35.0380 1216 \Device\Harddisk0\DR0\Partition0 - ok
19:59:35.0385 1216 ============================================================
19:59:35.0385 1216 Scan finished
19:59:35.0385 1216 ============================================================
19:59:35.0403 4564 Detected object count: 0
19:59:35.0403 4564 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 20:00:07
-----------------------------
20:00:07.549 OS Version: Windows x64 6.1.7601 Service Pack 1
20:00:07.550 Number of processors: 4 586 0x2505
20:00:07.551 ComputerName: JACOB-PC UserName: Jacob
20:00:10.560 Initialize success
20:02:15.258 AVAST engine defs: 12081101
20:02:24.139 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:02:24.144 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
20:02:24.164 Disk 0 MBR read successfully
20:02:24.169 Disk 0 MBR scan
20:02:24.176 Disk 0 Windows VISTA default MBR code
20:02:24.183 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:02:24.199 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 684972 MB offset 3074048
20:02:24.240 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 18578 MB offset 1405896704
20:02:24.266 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 10353 MB offset 1443944448
20:02:24.307 Disk 0 scanning C:\windows\system32\drivers
20:02:38.338 Service scanning
20:03:20.291 Modules scanning
20:03:20.306 Disk 0 trace - called modules:
20:03:20.700 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
20:03:20.709 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d43060]
20:03:20.719 3 CLASSPNP.SYS[fffff88001b7443f] -> nt!IofCallDriver -> [0xfffffa8007a5a040]
20:03:20.728 5 ACPI.sys[fffff88000f977a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a5f050]
20:03:24.240 AVAST engine scan C:\windows
20:03:27.719 AVAST engine scan C:\windows\system32
20:05:41.932 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:05:45.325 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:07:28.278 AVAST engine scan C:\windows\system32\drivers
20:07:44.500 AVAST engine scan C:\Users\Jacob
20:08:57.494 File: C:\Users\Jacob\AppData\Local\{13f8bc4c-a82f-da05-6c9b-b43417d10d4b}\n **INFECTED** Win32:Sirefef-PL [Rtk]
20:19:30.453 AVAST engine scan C:\ProgramData
20:20:14.342 Scan finished successfully
20:21:02.611 Disk 0 MBR has been saved successfully to "C:\Users\Jacob\Desktop\MBR.dat"
20:21:02.623 The log file has been saved successfully to "C:\Users\Jacob\Desktop\aswMBR.txt"



ESET:


C:\Users\Jacob\AppData\Local\{13f8bc4c-a82f-da05-6c9b-b43417d10d4b}\n Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Jacob\AppData\Local\{13f8bc4c-a82f-da05-6c9b-b43417d10d4b}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{13f8bc4c-a82f-da05-6c9b-b43417d10d4b}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\Installer\{13f8bc4c-a82f-da05-6c9b-b43417d10d4b}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{13f8bc4c-a82f-da05-6c9b-b43417d10d4b}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Windows\Installer\{13f8bc4c-a82f-da05-6c9b-b43417d10d4b}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Windows\Installer\{13f8bc4c-a82f-da05-6c9b-b43417d10d4b}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\FR[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:05 AM

Posted 11 August 2012 - 09:16 PM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 jacob'scomputer

jacob'scomputer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 11 August 2012 - 10:12 PM

Thanks. I have been following the instructions on posting logs, but when I open gmer.exe all of the options except Services, Registry, File and ADS are unchecked and not clickable. Is this alright? If not, how should I resolve this.

Edited by jacob'scomputer, 11 August 2012 - 10:13 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:05 AM

Posted 12 August 2012 - 04:12 AM

GMER doesnt work 64 bit systems.Skip gmer :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users