Jump to content


Photo
- - - - -

Anti-Malware not deleting viruses? Heuristic/Trojan/Backdoor.

Started by JRK5800, Aug 01 2012 04:52 AM

  • This topic is locked This topic is locked
4 replies to this topic

#1 JRK5800

JRK5800

    New Member

  • Members
  • Pip
  • 2 posts
  • OS:Windows 7
  • AV:Emisoft
  • HIPS:Emisoft

Posted 01 August 2012 - 04:52 AM

I have run the scans on my laptop multiple times and each time I get 17-22 different viruses. I get the Heuristic every time and the Trojan about 98% of the time. Then I get something called Backdoor.

Every time I quarantine the detected objects and then it says to reboot the system. When I reboot the system, it tells me all the viruses could not be deleted. I really don't know if it deleted ANY of them.

I run the scan again and it continues to show the viruses.

I don't know what else to do.

Here are the results from the scan reports EEK/OTL:

Attached Files


#2 Elise

Elise

    Forum Regular

  • Emsisoft Employee
  • 594 posts
  • LocationRomania
  • OS:Windows 7 x64

Posted 01 August 2012 - 09:44 AM

Hello, and welcome to Emsisoft Support forum!

It looks like you have a rootkit infection. Also, could you please let me know if you can log on normally to your Windows userprofile?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Best regards,

Elise van Dorp [Malware Research]
Emsisoft Team - http://www.emsisoft.com

#3 JRK5800

JRK5800

    New Member

  • Members
  • Pip
  • 2 posts
  • OS:Windows 7
  • AV:Emisoft
  • HIPS:Emisoft

Posted 01 August 2012 - 09:26 PM

I do not have trouble logging into Windows from startup.

However, some window pops up when I get to the desktop that says RunDDL at the top. I don't have a clue what this means but I have never seen it until I began having issues with the viruses.

I am able to log into my windows but it runs very very slow.

Here are the results from the TDSSKiller:

15:11:16.0619 8828 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:11:18.0622 8828 ============================================================
15:11:18.0622 8828 Current date / time: 2012/08/01 15:11:18.0622
15:11:18.0622 8828 SystemInfo:
15:11:18.0622 8828
15:11:18.0622 8828 OS Version: 6.1.7601 ServicePack: 1.0
15:11:18.0622 8828 Product type: Workstation
15:11:18.0622 8828 ComputerName: LIVINGROOM-HP
15:11:18.0622 8828 UserName: Livingroom
15:11:18.0622 8828 Windows directory: C:\Windows
15:11:18.0622 8828 System windows directory: C:\Windows
15:11:18.0622 8828 Running under WOW64
15:11:18.0622 8828 Processor architecture: Intel x64
15:11:18.0622 8828 Number of processors: 4
15:11:18.0622 8828 Page size: 0x1000
15:11:18.0622 8828 Boot type: Normal boot
15:11:18.0622 8828 ============================================================
15:11:25.0535 8828 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:25.0540 8828 ============================================================
15:11:25.0540 8828 \Device\Harddisk0\DR0:
15:11:25.0540 8828 MBR partitions:
15:11:25.0540 8828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:11:25.0540 8828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x557F5800
15:11:25.0540 8828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55859800, BlocksNum 0x1CB9000
15:11:25.0540 8828 ============================================================
15:11:25.0759 8828 C: <-> \Device\Harddisk0\DR0\Partition1
15:11:27.0298 8828 D: <-> \Device\Harddisk0\DR0\Partition2
15:11:27.0298 8828 ============================================================
15:11:27.0298 8828 Initialize success
15:11:27.0298 8828 ============================================================
15:12:33.0923 4052 ============================================================
15:12:33.0923 4052 Scan started
15:12:33.0923 4052 Mode: Manual;
15:12:33.0923 4052 ============================================================
15:12:39.0720 4052 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:12:39.0775 4052 !SASCORE - ok
15:12:40.0659 4052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:12:40.0712 4052 1394ohci - ok
15:12:40.0989 4052 a2acc (2d6434e957f7cfa0035c20890f77bbc6) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
15:12:40.0990 4052 a2acc - ok
15:12:43.0021 4052 a2AntiMalware (0d050186cf421131b43d00024bd9b8bb) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
15:12:43.0036 4052 a2AntiMalware - ok
15:12:43.0267 4052 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
15:12:43.0267 4052 A2DDA - ok
15:12:43.0944 4052 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:12:43.0945 4052 Accelerometer - ok
15:12:44.0170 4052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:12:44.0193 4052 ACPI - ok
15:12:44.0269 4052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:12:44.0273 4052 AcpiPmi - ok
15:12:44.0457 4052 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:12:44.0472 4052 AdobeARMservice - ok
15:12:44.0923 4052 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:12:44.0925 4052 AdobeFlashPlayerUpdateSvc - ok
15:12:45.0184 4052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:12:45.0200 4052 adp94xx - ok
15:12:45.0695 4052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:12:45.0723 4052 adpahci - ok
15:12:45.0967 4052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:12:45.0981 4052 adpu320 - ok
15:12:46.0078 4052 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:12:46.0100 4052 AeLookupSvc - ok
15:12:46.0458 4052 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
15:12:46.0459 4052 AESTFilters - ok
15:12:46.0916 4052 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:12:47.0005 4052 AFD - ok
15:12:48.0019 4052 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
15:12:48.0022 4052 AffinegyService - ok
15:12:48.0199 4052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:12:48.0209 4052 agp440 - ok
15:12:48.0350 4052 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:12:48.0362 4052 ALG - ok
15:12:48.0603 4052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:12:48.0610 4052 aliide - ok
15:12:48.0855 4052 AMD External Events Utility (1b4a3c8e429f1fab998eceea3ce3e0b8) C:\Windows\system32\atiesrxx.exe
15:12:48.0856 4052 AMD External Events Utility - ok
15:12:49.0005 4052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:12:49.0006 4052 amdide - ok
15:12:49.0199 4052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:12:49.0226 4052 AmdK8 - ok
15:12:53.0812 4052 amdkmdag (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys
15:12:54.0014 4052 amdkmdag - ok
15:12:54.0879 4052 amdkmdap (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys
15:12:54.0885 4052 amdkmdap - ok
15:12:54.0949 4052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:12:54.0965 4052 AmdPPM - ok
15:12:55.0166 4052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:12:55.0174 4052 amdsata - ok
15:12:55.0556 4052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:12:55.0572 4052 amdsbs - ok
15:12:55.0716 4052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:12:55.0727 4052 amdxata - ok
15:12:55.0922 4052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:12:55.0935 4052 AppID - ok
15:12:55.0978 4052 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:12:55.0994 4052 AppIDSvc - ok
15:12:56.0173 4052 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:12:56.0179 4052 Appinfo - ok
15:12:56.0393 4052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:12:56.0398 4052 arc - ok
15:12:56.0572 4052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:12:56.0573 4052 arcsas - ok
15:12:56.0770 4052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:12:56.0788 4052 AsyncMac - ok
15:12:56.0842 4052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:12:56.0855 4052 atapi - ok
15:12:57.0383 4052 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:12:57.0441 4052 AudioEndpointBuilder - ok
15:12:57.0458 4052 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:12:57.0465 4052 AudioSrv - ok
15:12:57.0835 4052 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:12:57.0867 4052 AxInstSV - ok
15:12:58.0298 4052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:12:58.0324 4052 b06bdrv - ok
15:12:58.0667 4052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:12:58.0705 4052 b57nd60a - ok
15:12:59.0690 4052 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:12:59.0733 4052 BCM43XX - ok
15:12:59.0962 4052 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:12:59.0982 4052 BDESVC - ok
15:13:00.0124 4052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:13:00.0133 4052 Beep - ok
15:13:00.0682 4052 Belkin Local Backup Service (299e54db3638a18e47bd3a2d2ef499f7) C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
15:13:00.0683 4052 Belkin Local Backup Service - ok
15:13:00.0910 4052 Belkin Network USB Helper (e62a04d615a8cac83601e1f07c010d3c) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
15:13:00.0919 4052 Belkin Network USB Helper - ok
15:13:01.0542 4052 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:13:01.0591 4052 BFE - ok
15:13:02.0020 4052 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:13:02.0094 4052 BITS - ok
15:13:02.0343 4052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:13:02.0351 4052 blbdrive - ok
15:13:02.0598 4052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:13:02.0601 4052 bowser - ok
15:13:02.0715 4052 bpenum (0aa04e09c6b7cd806a64489c3078e6e1) C:\Windows\system32\DRIVERS\bpenum.sys
15:13:02.0731 4052 bpenum - ok
15:13:02.0985 4052 bpmp (960f860f4c3c469bae94b3e867116ae0) C:\Windows\system32\DRIVERS\bpmp.sys
15:13:02.0999 4052 bpmp - ok
15:13:03.0152 4052 bpusb (7959ec01d55b9d838c27d5153cf55858) C:\Windows\system32\Drivers\bpusb.sys
15:13:03.0163 4052 bpusb - ok
15:13:03.0334 4052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:13:03.0345 4052 BrFiltLo - ok
15:13:03.0401 4052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:13:03.0414 4052 BrFiltUp - ok
15:13:03.0646 4052 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:13:03.0656 4052 Browser - ok
15:13:03.0817 4052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:13:03.0834 4052 Brserid - ok
15:13:03.0902 4052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:13:03.0903 4052 BrSerWdm - ok
15:13:04.0053 4052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:13:04.0057 4052 BrUsbMdm - ok
15:13:04.0078 4052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:13:04.0088 4052 BrUsbSer - ok
15:13:04.0272 4052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:13:04.0283 4052 BTHMODEM - ok
15:13:04.0876 4052 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:13:04.0890 4052 bthserv - ok
15:13:05.0110 4052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:13:05.0111 4052 cdfs - ok
15:13:05.0930 4052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:13:05.0948 4052 cdrom - ok
15:13:08.0192 4052 CDScheduler (94c0522584d0db4568e1e2c0e363f24e) C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe
15:13:08.0197 4052 CDScheduler - ok
15:13:08.0670 4052 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:13:08.0678 4052 CertPropSvc - ok
15:13:08.0778 4052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:13:08.0791 4052 circlass - ok
15:13:08.0937 4052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:13:08.0946 4052 CLFS - ok
15:13:09.0251 4052 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:13:09.0252 4052 clr_optimization_v2.0.50727_32 - ok
15:13:09.0977 4052 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:13:09.0978 4052 clr_optimization_v2.0.50727_64 - ok
15:13:10.0942 4052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:13:10.0943 4052 clr_optimization_v4.0.30319_32 - ok
15:13:12.0399 4052 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:13:12.0400 4052 clr_optimization_v4.0.30319_64 - ok
15:13:12.0520 4052 clwvd - ok
15:13:12.0745 4052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:13:12.0756 4052 CmBatt - ok
15:13:12.0844 4052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:13:12.0855 4052 cmdide - ok
15:13:13.0028 4052 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:13:13.0077 4052 CNG - ok
15:13:13.0536 4052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:13:13.0537 4052 Compbatt - ok
15:13:13.0947 4052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:13:13.0948 4052 CompositeBus - ok
15:13:14.0026 4052 COMSysApp - ok
15:13:14.0182 4052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:13:14.0189 4052 crcdisk - ok
15:13:14.0603 4052 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:13:14.0639 4052 CryptSvc - ok
15:13:15.0761 4052 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:13:15.0765 4052 cvhsvc - ok
15:13:16.0206 4052 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:13:16.0270 4052 DcomLaunch - ok
15:13:16.0605 4052 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:13:16.0665 4052 defragsvc - ok
15:13:17.0568 4052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:13:17.0580 4052 DfsC - ok
15:13:17.0806 4052 dg_ssudbus (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
15:13:17.0819 4052 dg_ssudbus - ok
15:13:17.0957 4052 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:13:17.0976 4052 Dhcp - ok
15:13:18.0026 4052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:13:18.0035 4052 discache - ok
15:13:18.0289 4052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:13:18.0304 4052 Disk - ok
15:13:18.0922 4052 DMAgent (948e8b99bd47a53dcffbf07ec8a2cf58) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
15:13:18.0954 4052 DMAgent - ok
15:13:19.0093 4052 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:13:19.0096 4052 Dnscache - ok
15:13:19.0686 4052 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:13:19.0701 4052 dot3svc - ok
15:13:19.0926 4052 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:13:19.0936 4052 DPS - ok
15:13:20.0483 4052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:13:20.0489 4052 drmkaud - ok
15:13:21.0089 4052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:13:21.0129 4052 DXGKrnl - ok
15:13:21.0399 4052 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:13:21.0399 4052 EapHost - ok
15:13:22.0219 4052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:13:22.0309 4052 ebdrv - ok
15:13:22.0649 4052 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:13:22.0649 4052 EFS - ok
15:13:23.0059 4052 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:13:23.0059 4052 ehRecvr - ok
15:13:23.0399 4052 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:13:23.0399 4052 ehSched - ok
15:13:23.0919 4052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:13:23.0969 4052 elxstor - ok
15:13:24.0049 4052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:13:24.0059 4052 ErrDev - ok
15:13:24.0459 4052 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:13:24.0479 4052 EventSystem - ok
15:13:25.0359 4052 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:13:25.0389 4052 EvtEng - ok
15:13:26.0979 4052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:13:26.0989 4052 exfat - ok
15:13:27.0289 4052 ezSharedSvc - ok
15:13:27.0689 4052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:13:27.0699 4052 fastfat - ok
15:13:28.0519 4052 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:13:28.0569 4052 Fax - ok
15:13:28.0779 4052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:13:28.0799 4052 fdc - ok
15:13:29.0119 4052 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:13:29.0139 4052 fdPHost - ok
15:13:29.0329 4052 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:13:29.0339 4052 FDResPub - ok
15:13:30.0739 4052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:13:30.0739 4052 FileInfo - ok
15:13:30.0799 4052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:13:30.0819 4052 Filetrace - ok
15:13:31.0009 4052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:13:31.0019 4052 flpydisk - ok
15:13:31.0699 4052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:13:31.0709 4052 FltMgr - ok
15:13:33.0059 4052 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:13:33.0139 4052 FontCache - ok
15:13:33.0579 4052 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:13:33.0579 4052 FontCache3.0.0.0 - ok
15:13:33.0929 4052 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
15:13:33.0929 4052 FPLService - ok
15:13:34.0569 4052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:13:34.0579 4052 FsDepends - ok
15:13:34.0669 4052 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:13:34.0689 4052 Fs_Rec - ok
15:13:34.0859 4052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:13:34.0869 4052 fvevol - ok
15:13:35.0159 4052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:13:35.0169 4052 gagp30kx - ok
15:13:36.0049 4052 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:13:36.0049 4052 GamesAppService - ok
15:13:37.0439 4052 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:13:37.0559 4052 gpsvc - ok
15:13:37.0939 4052 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:13:37.0939 4052 gupdate - ok
15:13:37.0939 4052 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:13:37.0949 4052 gupdatem - ok
15:13:37.0979 4052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:13:37.0979 4052 hcw85cir - ok
15:13:38.0529 4052 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:13:38.0569 4052 HdAudAddService - ok
15:13:38.0859 4052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:13:38.0869 4052 HDAudBus - ok
15:13:38.0919 4052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:13:38.0929 4052 HidBatt - ok
15:13:39.0049 4052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:13:39.0069 4052 HidBth - ok
15:13:39.0139 4052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:13:39.0169 4052 HidIr - ok
15:13:39.0269 4052 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:13:39.0269 4052 hidserv - ok
15:13:39.0609 4052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:13:39.0619 4052 HidUsb - ok
15:13:39.0769 4052 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:13:39.0779 4052 hkmsvc - ok
15:13:39.0879 4052 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:13:39.0889 4052 HomeGroupListener - ok
15:13:40.0009 4052 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:13:40.0019 4052 HomeGroupProvider - ok
15:13:40.0349 4052 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:13:40.0349 4052 HP Support Assistant Service - ok
15:13:40.0799 4052 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:13:40.0869 4052 HPClientSvc - ok
15:13:41.0639 4052 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
15:13:41.0649 4052 hpCMSrv - ok
15:13:41.0979 4052 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:13:41.0989 4052 HPDrvMntSvc.exe - ok
15:13:42.0829 4052 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:13:42.0849 4052 hpdskflt - ok
15:13:43.0779 4052 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:13:43.0819 4052 hpqwmiex - ok
15:13:44.0079 4052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:13:44.0099 4052 HpSAMD - ok
15:13:44.0369 4052 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
15:13:44.0369 4052 hpsrv - ok
15:13:44.0549 4052 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:13:44.0569 4052 HPWMISVC - ok
15:13:44.0919 4052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:13:44.0959 4052 HTTP - ok
15:13:44.0979 4052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:13:44.0989 4052 hwpolicy - ok
15:13:45.0229 4052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:13:45.0229 4052 i8042prt - ok
15:13:45.0699 4052 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
15:13:45.0699 4052 iaStor - ok
15:13:46.0009 4052 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:13:46.0009 4052 IAStorDataMgrSvc - ok
15:13:46.0459 4052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:13:46.0479 4052 iaStorV - ok
15:13:47.0699 4052 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:13:47.0759 4052 IconMan_R - ok
15:13:48.0409 4052 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:13:48.0409 4052 idsvc - ok
15:13:48.0939 4052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:13:48.0949 4052 iirsp - ok
15:13:49.0249 4052 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:13:49.0389 4052 IKEEXT - ok
15:13:50.0139 4052 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:13:50.0149 4052 IntcDAud - ok
15:13:50.0219 4052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:13:50.0229 4052 intelide - ok
15:14:02.0039 4052 intelkmd (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys
15:14:02.0429 4052 intelkmd - ok
15:14:03.0999 4052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:14:04.0019 4052 intelppm - ok
15:14:04.0559 4052 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:14:04.0559 4052 IntuitUpdateServiceV4 - ok
15:14:05.0279 4052 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:14:05.0299 4052 IPBusEnum - ok
15:14:05.0369 4052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:14:05.0369 4052 IpFilterDriver - ok
15:14:05.0649 4052 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:14:05.0699 4052 iphlpsvc - ok
15:14:05.0859 4052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:14:05.0919 4052 IPMIDRV - ok
15:14:06.0109 4052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:14:06.0129 4052 IPNAT - ok
15:14:06.0309 4052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:14:06.0309 4052 IRENUM - ok
15:14:06.0399 4052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:14:06.0409 4052 isapnp - ok
15:14:06.0579 4052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:14:06.0589 4052 iScsiPrt - ok
15:14:06.0859 4052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:14:06.0869 4052 kbdclass - ok
15:14:07.0039 4052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:14:07.0049 4052 kbdhid - ok
15:14:07.0109 4052 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:07.0109 4052 KeyIso - ok
15:14:07.0429 4052 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:14:07.0439 4052 KSecDD - ok
15:14:07.0679 4052 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:14:07.0679 4052 KSecPkg - ok
15:14:07.0989 4052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:14:07.0989 4052 ksthunk - ok
15:14:08.0319 4052 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:14:08.0359 4052 KtmRm - ok
15:14:08.0859 4052 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:14:08.0869 4052 LanmanServer - ok
15:14:09.0559 4052 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:14:09.0569 4052 LanmanWorkstation - ok
15:14:10.0039 4052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:14:10.0059 4052 lltdio - ok
15:14:10.0379 4052 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:14:10.0409 4052 lltdsvc - ok
15:14:10.0429 4052 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:14:10.0449 4052 lmhosts - ok
15:14:11.0719 4052 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:14:11.0719 4052 LMS - ok
15:14:12.0019 4052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:14:12.0039 4052 LSI_FC - ok
15:14:12.0179 4052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:14:12.0189 4052 LSI_SAS - ok
15:14:12.0299 4052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:14:12.0299 4052 LSI_SAS2 - ok
15:14:12.0629 4052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:14:12.0639 4052 LSI_SCSI - ok
15:14:12.0759 4052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:14:12.0769 4052 luafv - ok
15:14:12.0839 4052 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:14:12.0839 4052 Mcx2Svc - ok
15:14:12.0899 4052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:14:12.0919 4052 megasas - ok
15:14:13.0369 4052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:14:13.0379 4052 MegaSR - ok
15:14:13.0809 4052 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:14:13.0829 4052 MEIx64 - ok
15:14:14.0229 4052 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:14:14.0229 4052 Microsoft Office Groove Audit Service - ok
15:14:14.0349 4052 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:14:14.0349 4052 MMCSS - ok
15:14:14.0409 4052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:14:14.0419 4052 Modem - ok
15:14:14.0569 4052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:14:14.0569 4052 monitor - ok
15:14:14.0799 4052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:14:14.0799 4052 mouclass - ok
15:14:14.0889 4052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
15:14:14.0889 4052 mouhid - ok
15:14:15.0059 4052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:14:15.0069 4052 mountmgr - ok
15:14:15.0269 4052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:14:15.0289 4052 mpio - ok
15:14:15.0389 4052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:14:15.0389 4052 mpsdrv - ok
15:14:16.0099 4052 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:14:16.0139 4052 MpsSvc - ok
15:14:16.0399 4052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:14:16.0409 4052 MRxDAV - ok
15:14:16.0519 4052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:14:16.0529 4052 mrxsmb - ok
15:14:16.0809 4052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:14:16.0819 4052 mrxsmb10 - ok
15:14:16.0939 4052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:14:16.0949 4052 mrxsmb20 - ok
15:14:17.0029 4052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:14:17.0039 4052 msahci - ok
15:14:17.0379 4052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:14:17.0399 4052 msdsm - ok
15:14:17.0469 4052 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:14:17.0479 4052 MSDTC - ok
15:14:17.0559 4052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:14:17.0559 4052 Msfs - ok
15:14:17.0709 4052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:14:17.0709 4052 mshidkmdf - ok
15:14:17.0749 4052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:14:17.0759 4052 msisadrv - ok
15:14:18.0019 4052 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:14:18.0029 4052 MSiSCSI - ok
15:14:18.0039 4052 msiserver - ok
15:14:18.0199 4052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:14:18.0219 4052 MSKSSRV - ok
15:14:18.0279 4052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:14:18.0289 4052 MSPCLOCK - ok
15:14:18.0329 4052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:14:18.0329 4052 MSPQM - ok
15:14:18.0499 4052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:14:18.0539 4052 MsRPC - ok
15:14:18.0639 4052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:14:18.0639 4052 mssmbios - ok
15:14:18.0999 4052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:14:19.0009 4052 MSTEE - ok
15:14:19.0049 4052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:14:19.0059 4052 MTConfig - ok
15:14:19.0289 4052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:14:19.0289 4052 Mup - ok
15:14:19.0769 4052 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:14:19.0809 4052 MyWiFiDHCPDNS - ok
15:14:20.0189 4052 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:14:20.0209 4052 napagent - ok
15:14:20.0819 4052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:14:20.0839 4052 NativeWifiP - ok
15:14:21.0619 4052 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:14:21.0659 4052 NDIS - ok
15:14:21.0749 4052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:14:21.0749 4052 NdisCap - ok
15:14:21.0989 4052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:14:21.0989 4052 NdisTapi - ok
15:14:22.0079 4052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:14:22.0079 4052 Ndisuio - ok
15:14:22.0299 4052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:14:22.0309 4052 NdisWan - ok
15:14:22.0499 4052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:14:22.0499 4052 NDProxy - ok
15:14:22.0659 4052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:14:22.0659 4052 NetBIOS - ok
15:14:22.0929 4052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:14:22.0959 4052 NetBT - ok
15:14:23.0029 4052 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:23.0029 4052 Netlogon - ok
15:14:23.0379 4052 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:14:23.0409 4052 Netman - ok
15:14:23.0959 4052 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:14:23.0989 4052 netprofm - ok
15:14:24.0559 4052 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:14:24.0559 4052 NetTcpPortSharing - ok
15:14:34.0529 4052 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:14:34.0729 4052 NETwNs64 - ok
15:14:35.0789 4052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:14:35.0799 4052 nfrd960 - ok
15:14:36.0349 4052 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:14:36.0369 4052 NlaSvc - ok
15:14:36.0429 4052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:14:36.0439 4052 Npfs - ok
15:14:36.0489 4052 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:14:36.0499 4052 nsi - ok
15:14:36.0529 4052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:14:36.0539 4052 nsiproxy - ok
15:14:38.0309 4052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:14:38.0349 4052 Ntfs - ok
15:14:39.0129 4052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:14:39.0259 4052 Null - ok
15:14:39.0989 4052 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:14:39.0989 4052 nusb3hub - ok
15:14:40.0479 4052 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:14:40.0499 4052 nusb3xhc - ok
15:14:41.0349 4052 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:14:41.0389 4052 NVENETFD - ok
15:14:41.0699 4052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:14:41.0729 4052 nvraid - ok
15:14:42.0159 4052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:14:42.0199 4052 nvstor - ok
15:14:42.0469 4052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:14:42.0489 4052 nv_agp - ok
15:14:43.0629 4052 OAcat (faef7b156e073f0450c5087f57696f0b) C:\Program Files (x86)\Online Armor\OAcat.exe
15:14:43.0629 4052 OAcat - ok
15:14:44.0789 4052 OADevice (9c78f13766ab2629e11fb0dfb162ee33) C:\Windows\SysWow64\Drivers\OADriver.sys
15:14:44.0789 4052 OADevice - ok
15:14:45.0079 4052 oahlpXX (6cdb036083ef969210d2f747c8ab5771) C:\Windows\syswow64\drivers\oahlp64.sys
15:14:45.0079 4052 oahlpXX - ok
15:14:45.0409 4052 OAmon (c2b6a1ccee9669119a7fc9dab2008b68) C:\Windows\SysWOW64\Drivers\OAmon.sys
15:14:45.0409 4052 OAmon - ok
15:14:47.0019 4052 OAnet (f99c170cf63de515c51bb11e76ea23ec) C:\Windows\system32\DRIVERS\oanet.sys
15:14:47.0029 4052 OAnet - ok
15:14:48.0339 4052 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:14:48.0389 4052 odserv - ok
15:14:48.0569 4052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:14:48.0569 4052 ohci1394 - ok
15:14:48.0879 4052 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:14:48.0899 4052 ose - ok
15:14:53.0489 4052 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:14:53.0629 4052 osppsvc - ok
15:14:53.0949 4052 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:14:53.0969 4052 p2pimsvc - ok
15:14:54.0069 4052 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:14:54.0099 4052 p2psvc - ok
15:14:54.0239 4052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:14:54.0259 4052 Parport - ok
15:14:54.0339 4052 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:14:54.0339 4052 partmgr - ok
15:14:54.0409 4052 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:14:54.0429 4052 PcaSvc - ok
15:14:54.0479 4052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:14:54.0489 4052 pci - ok
15:14:54.0559 4052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:14:54.0559 4052 pciide - ok
15:14:54.0609 4052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:14:54.0629 4052 pcmcia - ok
15:14:54.0659 4052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:14:54.0679 4052 pcw - ok
15:14:54.0749 4052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:14:54.0759 4052 PEAUTH - ok
15:14:54.0909 4052 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:14:54.0919 4052 PerfHost - ok
15:14:56.0179 4052 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:14:56.0219 4052 pla - ok
15:14:56.0839 4052 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:14:56.0869 4052 PlugPlay - ok
15:14:56.0939 4052 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:14:56.0949 4052 PNRPAutoReg - ok
15:14:57.0789 4052 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:14:57.0799 4052 PNRPsvc - ok
15:14:58.0649 4052 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:14:58.0699 4052 PolicyAgent - ok
15:14:58.0929 4052 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:14:58.0939 4052 Power - ok
15:14:59.0249 4052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:14:59.0269 4052 PptpMiniport - ok
15:14:59.0449 4052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:14:59.0499 4052 Processor - ok
15:14:59.0949 4052 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:14:59.0959 4052 ProfSvc - ok
15:15:00.0059 4052 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:00.0099 4052 ProtectedStorage - ok
15:15:00.0319 4052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:15:00.0349 4052 Psched - ok
15:15:01.0679 4052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:15:01.0729 4052 ql2300 - ok
15:15:03.0839 4052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:15:03.0869 4052 ql40xx - ok
15:15:04.0319 4052 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:15:04.0349 4052 QWAVE - ok
15:15:04.0459 4052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:15:04.0469 4052 QWAVEdrv - ok
15:15:04.0529 4052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:15:04.0549 4052 RasAcd - ok
15:15:04.0769 4052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:15:04.0779 4052 RasAgileVpn - ok
15:15:04.0989 4052 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:15:05.0009 4052 RasAuto - ok
15:15:05.0349 4052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:15:05.0369 4052 Rasl2tp - ok
15:15:06.0109 4052 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:15:06.0149 4052 RasMan - ok
15:15:06.0479 4052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:06.0519 4052 RasPppoe - ok
15:15:06.0739 4052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:15:06.0739 4052 RasSstp - ok
15:15:07.0209 4052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:15:07.0229 4052 rdbss - ok
15:15:07.0369 4052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:15:07.0379 4052 rdpbus - ok
15:15:07.0539 4052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:15:07.0559 4052 RDPCDD - ok
15:15:07.0679 4052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:15:07.0689 4052 RDPENCDD - ok
15:15:07.0739 4052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:15:07.0749 4052 RDPREFMP - ok
15:15:08.0289 4052 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:15:08.0379 4052 RDPWD - ok
15:15:09.0069 4052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:15:09.0079 4052 rdyboost - ok
15:15:09.0999 4052 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:15:10.0049 4052 RegSrvc - ok
15:15:10.0209 4052 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:15:10.0219 4052 RemoteAccess - ok
15:15:10.0359 4052 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:15:10.0369 4052 RemoteRegistry - ok
15:15:10.0789 4052 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
15:15:10.0789 4052 RoxioNow Service - ok
15:15:10.0959 4052 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:15:10.0969 4052 RpcEptMapper - ok
15:15:11.0019 4052 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:15:11.0029 4052 RpcLocator - ok
15:15:11.0379 4052 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:15:11.0389 4052 RpcSs - ok
15:15:11.0849 4052 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
15:15:11.0869 4052 RSPCIESTOR - ok
15:15:11.0999 4052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:15:12.0009 4052 rspndr - ok
15:15:12.0229 4052 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:15:12.0279 4052 RTL8167 - ok
15:15:12.0919 4052 RTL8192su (3c85058541d55bfcefd9177a68a507c6) C:\Windows\system32\DRIVERS\RTL8192su.sys
15:15:12.0959 4052 RTL8192su - ok
15:15:13.0019 4052 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:13.0019 4052 SamSs - ok
15:15:13.0189 4052 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:15:13.0199 4052 SASDIFSV - ok
15:15:13.0289 4052 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:15:13.0289 4052 SASKUTIL - ok
15:15:13.0379 4052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:15:13.0399 4052 sbp2port - ok
15:15:13.0549 4052 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:15:13.0579 4052 SCardSvr - ok
15:15:13.0659 4052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:15:13.0669 4052 scfilter - ok
15:15:14.0609 4052 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:15:14.0639 4052 Schedule - ok
15:15:14.0709 4052 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:15:14.0709 4052 SCPolicySvc - ok
15:15:14.0909 4052 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
15:15:14.0929 4052 sdbus - ok
15:15:15.0059 4052 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:15:15.0079 4052 SDRSVC - ok
15:15:15.0179 4052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:15:15.0189 4052 secdrv - ok
15:15:15.0329 4052 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:15:15.0329 4052 seclogon - ok
15:15:15.0509 4052 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:15:15.0519 4052 SENS - ok
15:15:15.0629 4052 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:15:15.0629 4052 SensrSvc - ok
15:15:15.0789 4052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:15:15.0799 4052 Serenum - ok
15:15:15.0919 4052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:15:15.0929 4052 Serial - ok
15:15:15.0989 4052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:15:15.0999 4052 sermouse - ok
15:15:16.0149 4052 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:15:16.0159 4052 SessionEnv - ok
15:15:16.0229 4052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:15:16.0239 4052 sffdisk - ok
15:15:16.0299 4052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:15:16.0309 4052 sffp_mmc - ok
15:15:16.0329 4052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:15:16.0339 4052 sffp_sd - ok
15:15:16.0409 4052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:15:16.0419 4052 sfloppy - ok
15:15:17.0049 4052 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:15:17.0099 4052 Sftfs - ok
15:15:17.0519 4052 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:15:17.0529 4052 sftlist - ok
15:15:17.0779 4052 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:15:17.0869 4052 Sftplay - ok
15:15:18.0109 4052 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:15:18.0119 4052 Sftredir - ok
15:15:18.0409 4052 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:15:18.0409 4052 Sftvol - ok
15:15:18.0669 4052 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:15:18.0669 4052 sftvsa - ok
15:15:19.0069 4052 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:15:19.0079 4052 SharedAccess - ok
15:15:19.0339 4052 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:15:19.0399 4052 ShellHWDetection - ok
15:15:19.0579 4052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:15:19.0579 4052 SiSRaid2 - ok
15:15:19.0709 4052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:15:19.0719 4052 SiSRaid4 - ok
15:15:19.0859 4052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:15:19.0859 4052 Smb - ok
15:15:20.0109 4052 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:15:20.0109 4052 SNMPTRAP - ok
15:15:20.0159 4052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:15:20.0159 4052 spldr - ok
15:15:20.0639 4052 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:15:20.0669 4052 Spooler - ok
15:15:21.0909 4052 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:15:21.0979 4052 sppsvc - ok
15:15:22.0809 4052 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:15:22.0829 4052 sppuinotify - ok
15:15:23.0289 4052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:15:23.0349 4052 srv - ok
15:15:23.0769 4052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:15:23.0809 4052 srv2 - ok
15:15:24.0149 4052 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:15:24.0169 4052 SrvHsfHDA - ok
15:15:25.0379 4052 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:15:25.0419 4052 SrvHsfV92 - ok
15:15:26.0739 4052 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:15:26.0779 4052 SrvHsfWinac - ok
15:15:26.0949 4052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:26.0949 4052 srvnet - ok
15:15:27.0329 4052 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:15:27.0349 4052 SSDPSRV - ok
15:15:27.0449 4052 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:15:27.0459 4052 SstpSvc - ok
15:15:27.0639 4052 ssudmdm (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:15:27.0649 4052 ssudmdm - ok
15:15:28.0169 4052 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe
15:15:28.0179 4052 STacSV - ok
15:15:28.0239 4052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:15:28.0249 4052 stexstor - ok
15:15:28.0919 4052 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
15:15:28.0949 4052 STHDA - ok
15:15:29.0589 4052 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:15:29.0629 4052 stisvc - ok
15:15:34.0829 4052 SvcOnlineArmor (578a7d52c4f7ca65e109b4e7c7ac5cb3) C:\Program Files (x86)\Online Armor\oasrv.exe
15:15:34.0939 4052 SvcOnlineArmor - ok
15:15:35.0309 4052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:15:35.0319 4052 swenum - ok
15:15:35.0809 4052 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:15:35.0849 4052 swprv - ok
15:15:36.0119 4052 sxuptp (52eb25bd8ab4e331028c48b178441b36) C:\Windows\system32\DRIVERS\sxuptp.sys
15:15:36.0209 4052 sxuptp - ok
15:15:37.0599 4052 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
15:15:37.0649 4052 SynTP - ok
15:15:40.0159 4052 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:15:40.0219 4052 SysMain - ok
15:15:40.0809 4052 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:15:40.0809 4052 TabletInputService - ok
15:15:40.0929 4052 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32 apisrv.dll
15:15:40.0949 4052 TapiSrv - ok
15:15:40.0979 4052 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32 bssvc.dll
15:15:40.0999 4052 TBS - ok
15:15:41.0939 4052 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers cpip.sys
15:15:41.0989 4052 Tcpip - ok
15:15:44.0109 4052 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS cpip.sys
15:15:44.0119 4052 TCPIP6 - ok
15:15:44.0719 4052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers cpipreg.sys
15:15:44.0719 4052 tcpipreg - ok
15:15:44.0779 4052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers dpipe.sys
15:15:44.0789 4052 TDPIPE - ok
15:15:44.0889 4052 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers dtcp.sys
15:15:44.0889 4052 TDTCP - ok
15:15:45.0019 4052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS dx.sys
15:15:45.0029 4052 tdx - ok
15:15:45.0109 4052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers ermdd.sys
15:15:45.0129 4052 TermDD - ok
15:15:45.0929 4052 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32 ermsrv.dll
15:15:45.0969 4052 TermService - ok
15:15:46.0039 4052 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32 hemeservice.dll
15:15:46.0049 4052 Themes - ok
15:15:46.0129 4052 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:46.0139 4052 THREADORDER - ok
15:15:46.0309 4052 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32 rkwks.dll
15:15:46.0329 4052 TrkWks - ok
15:15:46.0629 4052 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:15:46.0639 4052 TrustedInstaller - ok
15:15:46.0749 4052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS ssecsrv.sys
15:15:46.0759 4052 tssecsrv - ok
15:15:46.0889 4052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers susbflt.sys
15:15:46.0899 4052 TsUsbFlt - ok
15:15:46.0969 4052 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:15:46.0979 4052 TsUsbGD - ok
15:15:47.0159 4052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS unnel.sys
15:15:47.0159 4052 tunnel - ok
15:15:47.0329 4052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:15:47.0339 4052 uagp35 - ok
15:15:47.0649 4052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:15:47.0679 4052 udfs - ok
15:15:47.0799 4052 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:15:47.0799 4052 UI0Detect - ok
15:15:47.0949 4052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:15:47.0949 4052 uliagpkx - ok
15:15:48.0159 4052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:15:48.0159 4052 umbus - ok
15:15:48.0219 4052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:15:48.0219 4052 UmPass - ok
15:15:52.0569 4052 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:15:52.0659 4052 UNS - ok
15:15:53.0569 4052 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:15:53.0579 4052 upnphost - ok
15:15:53.0779 4052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:53.0779 4052 usbccgp - ok
15:15:53.0999 4052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:15:54.0019 4052 usbcir - ok
15:15:54.0129 4052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:15:54.0149 4052 usbehci - ok
15:15:54.0479 4052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:54.0509 4052 usbhub - ok
15:15:54.0579 4052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:15:54.0589 4052 usbohci - ok
15:15:54.0709 4052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:15:54.0729 4052 usbprint - ok
15:15:54.0889 4052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:15:54.0899 4052 USBSTOR - ok
15:15:55.0419 4052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:15:55.0439 4052 usbuhci - ok
15:15:55.0739 4052 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:15:55.0749 4052 usbvideo - ok
15:15:55.0799 4052 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:15:55.0809 4052 UxSms - ok
15:15:56.0049 4052 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:56.0049 4052 VaultSvc - ok
15:15:56.0159 4052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:15:56.0169 4052 vdrvroot - ok
15:15:56.0839 4052 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:15:56.0869 4052 vds - ok
15:15:56.0959 4052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:56.0969 4052 vga - ok
15:15:56.0999 4052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:15:57.0009 4052 VgaSave - ok
15:15:57.0209 4052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:15:57.0229 4052 vhdmp - ok
15:15:57.0319 4052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:15:57.0329 4052 viaide - ok
15:15:57.0389 4052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:15:57.0399 4052 volmgr - ok
15:15:57.0459 4052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:15:57.0479 4052 volmgrx - ok
15:15:57.0569 4052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:15:57.0579 4052 volsnap - ok
15:15:57.0709 4052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:15:57.0729 4052 vsmraid - ok
15:15:59.0109 4052 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:15:59.0169 4052 VSS - ok
15:15:59.0929 4052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:15:59.0939 4052 vwifibus - ok
15:16:00.0059 4052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:16:00.0079 4052 vwififlt - ok
15:16:00.0159 4052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:16:00.0169 4052 vwifimp - ok
15:16:00.0419 4052 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:16:00.0489 4052 W32Time - ok
15:16:00.0549 4052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:16:00.0559 4052 WacomPen - ok
15:16:00.0769 4052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:00.0789 4052 WANARP - ok
15:16:00.0829 4052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:00.0829 4052 Wanarpv6 - ok
15:16:01.0339 4052 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:16:01.0409 4052 WatAdminSvc - ok
15:16:03.0219 4052 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:16:03.0309 4052 wbengine - ok
15:16:04.0519 4052 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:16:04.0539 4052 WbioSrvc - ok
15:16:05.0179 4052 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:16:05.0199 4052 wcncsvc - ok
15:16:05.0259 4052 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:16:05.0269 4052 WcsPlugInService - ok
15:16:05.0569 4052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:16:05.0579 4052 Wd - ok
15:16:06.0649 4052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:16:06.0699 4052 Wdf01000 - ok
15:16:06.0759 4052 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:16:06.0759 4052 WdiServiceHost - ok
15:16:06.0769 4052 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:16:06.0769 4052 WdiSystemHost - ok
15:16:06.0849 4052 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
15:16:06.0859 4052 wdkmd - ok
15:16:07.0099 4052 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:16:07.0119 4052 WebClient - ok
15:16:07.0179 4052 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:16:07.0189 4052 Wecsvc - ok
15:16:07.0289 4052 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:16:07.0289 4052 wercplsupport - ok
15:16:07.0379 4052 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:16:07.0399 4052 WerSvc - ok
15:16:07.0529 4052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:16:07.0559 4052 WfpLwf - ok
15:16:08.0779 4052 WiMAXAppSrv (81730f74eb47552f1ece857b2f491a31) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
15:16:08.0859 4052 WiMAXAppSrv - ok
15:16:08.0919 4052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:16:08.0919 4052 WIMMount - ok
15:16:09.0019 4052 WinDefend - ok
15:16:09.0029 4052 WinHttpAutoProxySvc - ok
15:16:09.0499 4052 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:16:09.0529 4052 Winmgmt - ok
15:16:11.0239 4052 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:16:11.0319 4052 WinRM - ok
15:16:12.0669 4052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:16:12.0679 4052 WinUsb - ok
15:16:13.0389 4052 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:16:13.0429 4052 Wlansvc - ok
15:16:13.0749 4052 WlanWpsSvc (c71ee856c4f5b52e2d094f494cee4936) C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
15:16:13.0759 4052 WlanWpsSvc - ok
15:16:14.0049 4052 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:16:14.0059 4052 wlcrasvc - ok
15:16:15.0209 4052 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:16:15.0289 4052 wlidsvc - ok
15:16:16.0449 4052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:16:16.0449 4052 WmiAcpi - ok
15:16:16.0799 4052 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:16:16.0829 4052 wmiApSrv - ok
15:16:16.0979 4052 WMPNetworkSvc - ok
15:16:17.0049 4052 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:16:17.0059 4052 WPCSvc - ok
15:16:17.0149 4052 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:16:17.0159 4052 WPDBusEnum - ok
15:16:17.0229 4052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:16:17.0239 4052 ws2ifsl - ok
15:16:17.0329 4052 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:16:17.0339 4052 wscsvc - ok
15:16:17.0399 4052 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:16:17.0399 4052 WSDPrintDevice - ok
15:16:17.0419 4052 WSearch - ok
15:16:18.0139 4052 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:16:18.0189 4052 wuauserv - ok
15:16:18.0879 4052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:16:18.0889 4052 WudfPf - ok
15:16:18.0959 4052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:19.0039 4052 WUDFRd - ok
15:16:19.0189 4052 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:16:19.0189 4052 wudfsvc - ok
15:16:19.0319 4052 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:16:19.0329 4052 WwanSvc - ok
15:16:19.0559 4052 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:16:19.0659 4052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:16:19.0659 4052 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:16:19.0659 4052 Boot (0x1200) (110af8a15294d0e2a71e48e8f3f652a6) \Device\Harddisk0\DR0\Partition0
15:16:19.0669 4052 \Device\Harddisk0\DR0\Partition0 - ok
15:16:19.0689 4052 Boot (0x1200) (9ad0506125925504563e17ced12c9cb7) \Device\Harddisk0\DR0\Partition1
15:16:19.0709 4052 \Device\Harddisk0\DR0\Partition1 - ok
15:16:19.0789 4052 Boot (0x1200) (30b9728de56e1dfb0b639e569cba0234) \Device\Harddisk0\DR0\Partition2
15:16:19.0819 4052 \Device\Harddisk0\DR0\Partition2 - ok
15:16:19.0819 4052 ============================================================
15:16:19.0819 4052 Scan finished
15:16:19.0819 4052 ============================================================
15:16:19.0849 7496 Detected object count: 1
15:16:19.0849 7496 Actual detected object count: 1
15:18:01.0183 7496 \Device\Harddisk0\DR0\# - copied to quarantine
15:18:01.0573 7496 \Device\Harddisk0\DR0 - copied to quarantine
15:18:02.0183 7496 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:18:02.0213 7496 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:18:02.0353 7496 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:18:02.0513 7496 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:18:02.0803 7496 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:18:03.0083 7496 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:18:03.0163 7496 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:18:03.0443 7496 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:18:03.0473 7496 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:18:03.0493 7496 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:18:03.0513 7496 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:18:03.0543 7496 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:18:03.0563 7496 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:18:03.0693 7496 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:18:03.0993 7496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:18:04.0173 7496 \Device\Harddisk0\DR0 - ok
15:18:06.0503 7496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:18:10.0656 3204 Deinitialize success


Hopefully I did this right. Thanks for the assistance.

#4 Elise

Elise

    Forum Regular

  • Emsisoft Employee
  • 594 posts
  • LocationRomania
  • OS:Windows 7 x64

Posted 01 August 2012 - 10:05 PM

Unfortunately you had a nasty rootkit on board. Even though it is gone now, be sure to read the following information.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



The rundll error is normal, given what I see in your logs and will be fixed in the next steps. :)

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
Best regards,

Elise van Dorp [Malware Research]
Emsisoft Team - http://www.emsisoft.com

#5 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9175 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 05 August 2012 - 11:01 PM

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

Back to Help, my PC is infected!


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Emsisoft Support Forums
  2. Malware Research Center
  3. Help, my PC is infected!
  4. Privacy Policy
  5. Terms of Use ·