Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searches being redirected, computer running slower.


  • Please log in to reply
4 replies to this topic

#1 Redirectingme

Redirectingme

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 12 June 2012 - 11:31 PM

Hello, My computer is redirecting searches on google and bing to google.com/webhp and *give social security number for ipad* sites. Help would me greatly appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 PM

Posted 12 June 2012 - 11:45 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Redirectingme

Redirectingme
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 13 June 2012 - 10:14 AM

TDSSKIller-
08:44:47.0781 5044 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:44:48.0090 5044 ============================================================
08:44:48.0090 5044 Current date / time: 2012/06/13 08:44:48.0090
08:44:48.0090 5044 SystemInfo:
08:44:48.0090 5044
08:44:48.0090 5044 OS Version: 6.1.7600 ServicePack: 0.0
08:44:48.0090 5044 Product type: Workstation
08:44:48.0090 5044 ComputerName: ETHAN-PC
08:44:48.0090 5044 UserName: Ethan
08:44:48.0090 5044 Windows directory: C:\Windows
08:44:48.0090 5044 System windows directory: C:\Windows
08:44:48.0090 5044 Running under WOW64
08:44:48.0090 5044 Processor architecture: Intel x64
08:44:48.0090 5044 Number of processors: 2
08:44:48.0090 5044 Page size: 0x1000
08:44:48.0090 5044 Boot type: Normal boot
08:44:48.0090 5044 ============================================================
08:44:48.0973 5044 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:44:48.0976 5044 Drive \Device\Harddisk1\DR1 - Size: 0xF4B00000 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:44:48.0979 5044 ============================================================
08:44:48.0979 5044 \Device\Harddisk0\DR0:
08:44:48.0980 5044 MBR partitions:
08:44:48.0980 5044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:44:48.0980 5044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
08:44:48.0980 5044 \Device\Harddisk1\DR1:
08:44:48.0981 5044 MBR partitions:
08:44:48.0981 5044 ============================================================
08:44:49.0003 5044 C: <-> \Device\Harddisk0\DR0\Partition1
08:44:49.0003 5044 ============================================================
08:44:49.0003 5044 Initialize success
08:44:49.0003 5044 ============================================================
08:45:12.0903 3920 ============================================================
08:45:12.0903 3920 Scan started
08:45:12.0903 3920 Mode: Manual; TDLFS;
08:45:12.0903 3920 ============================================================
08:45:14.0817 3920 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:45:14.0820 3920 1394ohci - ok
08:45:14.0852 3920 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:45:14.0856 3920 ACPI - ok
08:45:14.0877 3920 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:45:14.0878 3920 AcpiPmi - ok
08:45:14.0935 3920 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:45:14.0937 3920 AdobeARMservice - ok
08:45:15.0072 3920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:45:15.0079 3920 adp94xx - ok
08:45:15.0106 3920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:45:15.0111 3920 adpahci - ok
08:45:15.0135 3920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:45:15.0137 3920 adpu320 - ok
08:45:15.0166 3920 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:45:15.0168 3920 AeLookupSvc - ok
08:45:15.0228 3920 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
08:45:15.0234 3920 AFD - ok
08:45:15.0250 3920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:45:15.0251 3920 agp440 - ok
08:45:15.0275 3920 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:45:15.0276 3920 ALG - ok
08:45:15.0293 3920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:45:15.0294 3920 aliide - ok
08:45:15.0337 3920 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
08:45:15.0346 3920 AMD External Events Utility - ok
08:45:15.0361 3920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:45:15.0361 3920 amdide - ok
08:45:15.0376 3920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:45:15.0378 3920 AmdK8 - ok
08:45:15.0729 3920 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
08:45:15.0875 3920 amdkmdag - ok
08:45:15.0988 3920 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
08:45:15.0993 3920 amdkmdap - ok
08:45:16.0019 3920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:45:16.0020 3920 AmdPPM - ok
08:45:16.0057 3920 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
08:45:16.0059 3920 amdsata - ok
08:45:16.0093 3920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:45:16.0095 3920 amdsbs - ok
08:45:16.0107 3920 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
08:45:16.0108 3920 amdxata - ok
08:45:16.0138 3920 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:45:16.0140 3920 AppID - ok
08:45:16.0164 3920 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:45:16.0165 3920 AppIDSvc - ok
08:45:16.0193 3920 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
08:45:16.0195 3920 Appinfo - ok
08:45:16.0294 3920 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:45:16.0295 3920 Apple Mobile Device - ok
08:45:16.0382 3920 Application Updater (ba916091087e6be21d3c30eec71ed338) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
08:45:16.0402 3920 Application Updater - ok
08:45:16.0439 3920 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:45:16.0441 3920 AppMgmt - ok
08:45:16.0463 3920 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:45:16.0465 3920 arc - ok
08:45:16.0490 3920 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:45:16.0492 3920 arcsas - ok
08:45:16.0509 3920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:45:16.0510 3920 AsyncMac - ok
08:45:16.0527 3920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:45:16.0527 3920 atapi - ok
08:45:16.0961 3920 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
08:45:17.0031 3920 atikmdag - ok
08:45:17.0141 3920 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
08:45:17.0154 3920 AudioEndpointBuilder - ok
08:45:17.0163 3920 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
08:45:17.0167 3920 AudioSrv - ok
08:45:17.0198 3920 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
08:45:17.0200 3920 AxInstSV - ok
08:45:17.0262 3920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:45:17.0265 3920 b06bdrv - ok
08:45:17.0324 3920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:45:17.0326 3920 b57nd60a - ok
08:45:17.0351 3920 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:45:17.0352 3920 BDESVC - ok
08:45:17.0369 3920 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:45:17.0370 3920 Beep - ok
08:45:17.0431 3920 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
08:45:17.0449 3920 BITS - ok
08:45:17.0467 3920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:45:17.0468 3920 blbdrive - ok
08:45:17.0542 3920 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:45:17.0554 3920 Bonjour Service - ok
08:45:17.0590 3920 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
08:45:17.0591 3920 bowser - ok
08:45:17.0603 3920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:45:17.0604 3920 BrFiltLo - ok
08:45:17.0612 3920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:45:17.0613 3920 BrFiltUp - ok
08:45:17.0632 3920 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
08:45:17.0634 3920 Browser - ok
08:45:17.0664 3920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:45:17.0666 3920 Brserid - ok
08:45:17.0686 3920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:45:17.0687 3920 BrSerWdm - ok
08:45:17.0721 3920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:45:17.0722 3920 BrUsbMdm - ok
08:45:17.0731 3920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:45:17.0732 3920 BrUsbSer - ok
08:45:17.0789 3920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:45:17.0789 3920 BTHMODEM - ok
08:45:17.0811 3920 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:45:17.0812 3920 bthserv - ok
08:45:17.0861 3920 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:45:17.0862 3920 cdfs - ok
08:45:17.0886 3920 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:45:17.0887 3920 cdrom - ok
08:45:17.0928 3920 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
08:45:17.0929 3920 CertPropSvc - ok
08:45:17.0949 3920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:45:17.0950 3920 circlass - ok
08:45:17.0990 3920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:45:17.0995 3920 CLFS - ok
08:45:18.0036 3920 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:45:18.0037 3920 clr_optimization_v2.0.50727_32 - ok
08:45:18.0082 3920 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:45:18.0083 3920 clr_optimization_v2.0.50727_64 - ok
08:45:18.0156 3920 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:45:18.0158 3920 clr_optimization_v4.0.30319_32 - ok
08:45:18.0187 3920 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:45:18.0189 3920 clr_optimization_v4.0.30319_64 - ok
08:45:18.0226 3920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:45:18.0226 3920 CmBatt - ok
08:45:18.0247 3920 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:45:18.0247 3920 cmdide - ok
08:45:18.0293 3920 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
08:45:18.0296 3920 CNG - ok
08:45:18.0313 3920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:45:18.0314 3920 Compbatt - ok
08:45:18.0333 3920 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:45:18.0334 3920 CompositeBus - ok
08:45:18.0354 3920 COMSysApp - ok
08:45:18.0368 3920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:45:18.0369 3920 crcdisk - ok
08:45:18.0405 3920 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
08:45:18.0407 3920 CryptSvc - ok
08:45:18.0454 3920 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
08:45:18.0457 3920 CSC - ok
08:45:18.0509 3920 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
08:45:18.0518 3920 CscService - ok
08:45:18.0564 3920 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
08:45:18.0568 3920 DcomLaunch - ok
08:45:18.0597 3920 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:45:18.0605 3920 defragsvc - ok
08:45:18.0669 3920 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
08:45:18.0670 3920 DfsC - ok
08:45:18.0707 3920 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
08:45:18.0722 3920 Dhcp - ok
08:45:18.0759 3920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:45:18.0759 3920 discache - ok
08:45:18.0786 3920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:45:18.0787 3920 Disk - ok
08:45:18.0821 3920 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
08:45:18.0824 3920 Dnscache - ok
08:45:18.0865 3920 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
08:45:18.0873 3920 dot3svc - ok
08:45:18.0896 3920 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
08:45:18.0899 3920 DPS - ok
08:45:18.0923 3920 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:45:18.0924 3920 drmkaud - ok
08:45:18.0993 3920 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
08:45:18.0999 3920 DXGKrnl - ok
08:45:19.0013 3920 EagleX64 - ok
08:45:19.0032 3920 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:45:19.0034 3920 EapHost - ok
08:45:19.0178 3920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:45:19.0198 3920 ebdrv - ok
08:45:19.0280 3920 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
08:45:19.0281 3920 EFS - ok
08:45:19.0361 3920 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
08:45:19.0371 3920 ehRecvr - ok
08:45:19.0399 3920 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:45:19.0401 3920 ehSched - ok
08:45:19.0477 3920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:45:19.0481 3920 elxstor - ok
08:45:19.0499 3920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:45:19.0500 3920 ErrDev - ok
08:45:19.0540 3920 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:45:19.0553 3920 EventSystem - ok
08:45:19.0580 3920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:45:19.0583 3920 exfat - ok
08:45:19.0609 3920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:45:19.0611 3920 fastfat - ok
08:45:19.0651 3920 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
08:45:19.0663 3920 Fax - ok
08:45:19.0676 3920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:45:19.0677 3920 fdc - ok
08:45:19.0692 3920 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:45:19.0693 3920 fdPHost - ok
08:45:19.0708 3920 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:45:19.0709 3920 FDResPub - ok
08:45:19.0724 3920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:45:19.0724 3920 FileInfo - ok
08:45:19.0739 3920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:45:19.0740 3920 Filetrace - ok
08:45:19.0791 3920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:45:19.0792 3920 flpydisk - ok
08:45:19.0821 3920 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:45:19.0824 3920 FltMgr - ok
08:45:19.0908 3920 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
08:45:19.0927 3920 FontCache - ok
08:45:19.0971 3920 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:45:19.0972 3920 FontCache3.0.0.0 - ok
08:45:20.0006 3920 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:45:20.0008 3920 FsDepends - ok
08:45:20.0035 3920 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
08:45:20.0036 3920 Fs_Rec - ok
08:45:20.0185 3920 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:45:20.0187 3920 fvevol - ok
08:45:20.0204 3920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:45:20.0205 3920 gagp30kx - ok
08:45:20.0254 3920 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:45:20.0255 3920 GEARAspiWDM - ok
08:45:20.0311 3920 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
08:45:20.0328 3920 gpsvc - ok
08:45:20.0436 3920 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:45:20.0438 3920 gupdate - ok
08:45:20.0449 3920 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:45:20.0450 3920 gupdatem - ok
08:45:20.0474 3920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:45:20.0475 3920 hcw85cir - ok
08:45:20.0515 3920 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
08:45:20.0517 3920 HdAudAddService - ok
08:45:20.0544 3920 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:45:20.0546 3920 HDAudBus - ok
08:45:20.0557 3920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:45:20.0558 3920 HidBatt - ok
08:45:20.0576 3920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:45:20.0577 3920 HidBth - ok
08:45:20.0597 3920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:45:20.0598 3920 HidIr - ok
08:45:20.0633 3920 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:45:20.0634 3920 hidserv - ok
08:45:20.0655 3920 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:45:20.0656 3920 HidUsb - ok
08:45:20.0693 3920 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
08:45:20.0695 3920 hkmsvc - ok
08:45:20.0719 3920 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
08:45:20.0728 3920 HomeGroupListener - ok
08:45:20.0762 3920 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
08:45:20.0766 3920 HomeGroupProvider - ok
08:45:20.0792 3920 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:45:20.0793 3920 HpSAMD - ok
08:45:20.0858 3920 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:45:20.0863 3920 HTTP - ok
08:45:20.0875 3920 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:45:20.0876 3920 hwpolicy - ok
08:45:20.0895 3920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:45:20.0897 3920 i8042prt - ok
08:45:20.0937 3920 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
08:45:20.0940 3920 iaStorV - ok
08:45:21.0031 3920 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:45:21.0049 3920 idsvc - ok
08:45:21.0267 3920 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:45:21.0304 3920 igfx - ok
08:45:21.0412 3920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:45:21.0413 3920 iirsp - ok
08:45:21.0468 3920 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
08:45:21.0485 3920 IKEEXT - ok
08:45:21.0493 3920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:45:21.0494 3920 intelide - ok
08:45:21.0512 3920 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:45:21.0513 3920 intelppm - ok
08:45:21.0541 3920 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:45:21.0543 3920 IPBusEnum - ok
08:45:21.0564 3920 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:45:21.0566 3920 IpFilterDriver - ok
08:45:21.0584 3920 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:45:21.0586 3920 IPMIDRV - ok
08:45:21.0607 3920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:45:21.0608 3920 IPNAT - ok
08:45:21.0718 3920 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
08:45:21.0734 3920 iPod Service - ok
08:45:21.0761 3920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:45:21.0762 3920 IRENUM - ok
08:45:21.0774 3920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:45:21.0775 3920 isapnp - ok
08:45:21.0801 3920 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:45:21.0810 3920 iScsiPrt - ok
08:45:21.0825 3920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:45:21.0826 3920 kbdclass - ok
08:45:21.0867 3920 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:45:21.0873 3920 kbdhid - ok
08:45:21.0906 3920 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:45:21.0907 3920 KeyIso - ok
08:45:21.0943 3920 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
08:45:21.0944 3920 KSecDD - ok
08:45:21.0979 3920 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
08:45:21.0981 3920 KSecPkg - ok
08:45:22.0000 3920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:45:22.0000 3920 ksthunk - ok
08:45:22.0048 3920 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:45:22.0070 3920 KtmRm - ok
08:45:22.0111 3920 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
08:45:22.0116 3920 LanmanServer - ok
08:45:22.0162 3920 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
08:45:22.0165 3920 LanmanWorkstation - ok
08:45:22.0204 3920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:45:22.0205 3920 lltdio - ok
08:45:22.0235 3920 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:45:22.0241 3920 lltdsvc - ok
08:45:22.0256 3920 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:45:22.0257 3920 lmhosts - ok
08:45:22.0292 3920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:45:22.0293 3920 LSI_FC - ok
08:45:22.0303 3920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:45:22.0304 3920 LSI_SAS - ok
08:45:22.0340 3920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:45:22.0340 3920 LSI_SAS2 - ok
08:45:22.0371 3920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:45:22.0372 3920 LSI_SCSI - ok
08:45:22.0390 3920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:45:22.0392 3920 luafv - ok
08:45:22.0427 3920 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
08:45:22.0429 3920 Mcx2Svc - ok
08:45:22.0441 3920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:45:22.0441 3920 megasas - ok
08:45:22.0494 3920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:45:22.0496 3920 MegaSR - ok
08:45:22.0526 3920 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:45:22.0528 3920 MMCSS - ok
08:45:22.0549 3920 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:45:22.0551 3920 Modem - ok
08:45:22.0573 3920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:45:22.0574 3920 monitor - ok
08:45:22.0621 3920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:45:22.0622 3920 mouclass - ok
08:45:22.0645 3920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:45:22.0646 3920 mouhid - ok
08:45:22.0674 3920 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:45:22.0675 3920 mountmgr - ok
08:45:22.0700 3920 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:45:22.0702 3920 mpio - ok
08:45:22.0733 3920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:45:22.0734 3920 mpsdrv - ok
08:45:22.0762 3920 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:45:22.0763 3920 MRxDAV - ok
08:45:22.0817 3920 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:45:22.0820 3920 mrxsmb - ok
08:45:22.0868 3920 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:45:22.0870 3920 mrxsmb10 - ok
08:45:22.0904 3920 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:45:22.0905 3920 mrxsmb20 - ok
08:45:22.0915 3920 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:45:22.0916 3920 msahci - ok
08:45:22.0935 3920 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:45:22.0936 3920 msdsm - ok
08:45:22.0984 3920 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:45:22.0987 3920 MSDTC - ok
08:45:23.0038 3920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:45:23.0039 3920 Msfs - ok
08:45:23.0051 3920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:45:23.0052 3920 mshidkmdf - ok
08:45:23.0102 3920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:45:23.0103 3920 msisadrv - ok
08:45:23.0147 3920 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:45:23.0150 3920 MSiSCSI - ok
08:45:23.0157 3920 msiserver - ok
08:45:23.0182 3920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:45:23.0183 3920 MSKSSRV - ok
08:45:23.0227 3920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:45:23.0228 3920 MSPCLOCK - ok
08:45:23.0239 3920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:45:23.0239 3920 MSPQM - ok
08:45:23.0307 3920 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:45:23.0310 3920 MsRPC - ok
08:45:23.0327 3920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:45:23.0328 3920 mssmbios - ok
08:45:23.0353 3920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:45:23.0354 3920 MSTEE - ok
08:45:23.0364 3920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:45:23.0365 3920 MTConfig - ok
08:45:23.0423 3920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:45:23.0424 3920 Mup - ok
08:45:23.0469 3920 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
08:45:23.0479 3920 napagent - ok
08:45:23.0513 3920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:45:23.0520 3920 NativeWifiP - ok
08:45:23.0577 3920 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:45:23.0582 3920 NDIS - ok
08:45:23.0595 3920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:45:23.0596 3920 NdisCap - ok
08:45:23.0615 3920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:45:23.0615 3920 NdisTapi - ok
08:45:23.0647 3920 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:45:23.0648 3920 Ndisuio - ok
08:45:23.0668 3920 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:45:23.0670 3920 NdisWan - ok
08:45:23.0677 3920 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:45:23.0679 3920 NDProxy - ok
08:45:23.0725 3920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:45:23.0725 3920 NetBIOS - ok
08:45:23.0751 3920 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:45:23.0753 3920 NetBT - ok
08:45:23.0789 3920 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:45:23.0790 3920 Netlogon - ok
08:45:23.0852 3920 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:45:23.0866 3920 Netman - ok
08:45:23.0894 3920 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:45:23.0905 3920 netprofm - ok
08:45:23.0967 3920 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:45:23.0969 3920 NetTcpPortSharing - ok
08:45:24.0002 3920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:45:24.0003 3920 nfrd960 - ok
08:45:24.0034 3920 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
08:45:24.0042 3920 NlaSvc - ok
08:45:24.0057 3920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:45:24.0058 3920 Npfs - ok
08:45:24.0067 3920 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:45:24.0068 3920 nsi - ok
08:45:24.0078 3920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:45:24.0078 3920 nsiproxy - ok
08:45:24.0190 3920 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
08:45:24.0215 3920 Ntfs - ok
08:45:24.0288 3920 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:45:24.0289 3920 Null - ok
08:45:24.0339 3920 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
08:45:24.0340 3920 nvraid - ok
08:45:24.0362 3920 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
08:45:24.0363 3920 nvstor - ok
08:45:24.0386 3920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:45:24.0388 3920 nv_agp - ok
08:45:24.0404 3920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:45:24.0406 3920 ohci1394 - ok
08:45:24.0441 3920 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:45:24.0447 3920 p2pimsvc - ok
08:45:24.0488 3920 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:45:24.0499 3920 p2psvc - ok
08:45:24.0563 3920 PAC7302 (d61b764b27bf05cccadcc5e1e7b73a21) C:\Windows\system32\DRIVERS\PAC7302.SYS
08:45:24.0567 3920 PAC7302 - ok
08:45:24.0597 3920 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:45:24.0598 3920 Parport - ok
08:45:24.0630 3920 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
08:45:24.0631 3920 partmgr - ok
08:45:24.0649 3920 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:45:24.0652 3920 PcaSvc - ok
08:45:24.0676 3920 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:45:24.0679 3920 pci - ok
08:45:24.0701 3920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
08:45:24.0702 3920 pciide - ok
08:45:24.0727 3920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:45:24.0729 3920 pcmcia - ok
08:45:24.0757 3920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:45:24.0758 3920 pcw - ok
08:45:24.0795 3920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:45:24.0799 3920 PEAUTH - ok
08:45:24.0882 3920 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:45:24.0899 3920 PeerDistSvc - ok
08:45:24.0957 3920 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:45:24.0959 3920 PerfHost - ok
08:45:25.0080 3920 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
08:45:25.0116 3920 pla - ok
08:45:25.0307 3920 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
08:45:25.0313 3920 PlugPlay - ok
08:45:25.0352 3920 PnkBstrA - ok
08:45:25.0371 3920 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:45:25.0372 3920 PNRPAutoReg - ok
08:45:25.0399 3920 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:45:25.0402 3920 PNRPsvc - ok
08:45:25.0444 3920 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
08:45:25.0454 3920 PolicyAgent - ok
08:45:25.0473 3920 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:45:25.0476 3920 Power - ok
08:45:25.0523 3920 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:45:25.0525 3920 PptpMiniport - ok
08:45:25.0556 3920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:45:25.0557 3920 Processor - ok
08:45:25.0576 3920 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
08:45:25.0586 3920 ProfSvc - ok
08:45:25.0614 3920 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:45:25.0615 3920 ProtectedStorage - ok
08:45:25.0640 3920 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:45:25.0641 3920 Psched - ok
08:45:25.0720 3920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:45:25.0729 3920 ql2300 - ok
08:45:25.0797 3920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:45:25.0798 3920 ql40xx - ok
08:45:25.0823 3920 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:45:25.0831 3920 QWAVE - ok
08:45:25.0840 3920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:45:25.0841 3920 QWAVEdrv - ok
08:45:25.0852 3920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:45:25.0853 3920 RasAcd - ok
08:45:25.0866 3920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:45:25.0868 3920 RasAgileVpn - ok
08:45:25.0888 3920 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:45:25.0891 3920 RasAuto - ok
08:45:25.0907 3920 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:45:25.0908 3920 Rasl2tp - ok
08:45:25.0963 3920 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
08:45:25.0978 3920 RasMan - ok
08:45:26.0005 3920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:45:26.0006 3920 RasPppoe - ok
08:45:26.0033 3920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:45:26.0034 3920 RasSstp - ok
08:45:26.0071 3920 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:45:26.0074 3920 rdbss - ok
08:45:26.0102 3920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:45:26.0103 3920 rdpbus - ok
08:45:26.0114 3920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:45:26.0115 3920 RDPCDD - ok
08:45:26.0151 3920 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
08:45:26.0154 3920 RDPDR - ok
08:45:26.0203 3920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:45:26.0204 3920 RDPENCDD - ok
08:45:26.0244 3920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:45:26.0245 3920 RDPREFMP - ok
08:45:26.0303 3920 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
08:45:26.0305 3920 RDPWD - ok
08:45:26.0334 3920 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
08:45:26.0336 3920 rdyboost - ok
08:45:26.0369 3920 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:45:26.0371 3920 RemoteAccess - ok
08:45:26.0399 3920 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:45:26.0402 3920 RemoteRegistry - ok
08:45:26.0415 3920 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:45:26.0418 3920 RpcEptMapper - ok
08:45:26.0445 3920 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:45:26.0446 3920 RpcLocator - ok
08:45:26.0481 3920 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
08:45:26.0485 3920 RpcSs - ok
08:45:26.0524 3920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:45:26.0526 3920 rspndr - ok
08:45:26.0566 3920 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:45:26.0567 3920 RTL8167 - ok
08:45:26.0586 3920 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
08:45:26.0587 3920 s3cap - ok
08:45:26.0614 3920 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:45:26.0616 3920 SamSs - ok
08:45:26.0634 3920 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:45:26.0636 3920 sbp2port - ok
08:45:26.0695 3920 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:45:26.0698 3920 SCardSvr - ok
08:45:26.0718 3920 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:45:26.0719 3920 scfilter - ok
08:45:26.0791 3920 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
08:45:26.0810 3920 Schedule - ok
08:45:26.0836 3920 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
08:45:26.0837 3920 SCPolicySvc - ok
08:45:26.0853 3920 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
08:45:26.0856 3920 SDRSVC - ok
08:45:26.0898 3920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:45:26.0899 3920 secdrv - ok
08:45:26.0905 3920 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
08:45:26.0908 3920 seclogon - ok
08:45:26.0922 3920 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:45:26.0924 3920 SENS - ok
08:45:26.0935 3920 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:45:26.0937 3920 SensrSvc - ok
08:45:26.0948 3920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:45:26.0949 3920 Serenum - ok
08:45:27.0006 3920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:45:27.0007 3920 Serial - ok
08:45:27.0024 3920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:45:27.0025 3920 sermouse - ok
08:45:27.0122 3920 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
08:45:27.0125 3920 SessionEnv - ok
08:45:27.0138 3920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:45:27.0138 3920 sffdisk - ok
08:45:27.0180 3920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:45:27.0181 3920 sffp_mmc - ok
08:45:27.0190 3920 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:45:27.0191 3920 sffp_sd - ok
08:45:27.0246 3920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:45:27.0247 3920 sfloppy - ok
08:45:27.0321 3920 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
08:45:27.0335 3920 ShellHWDetection - ok
08:45:27.0351 3920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:45:27.0352 3920 SiSRaid2 - ok
08:45:27.0369 3920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:45:27.0370 3920 SiSRaid4 - ok
08:45:27.0393 3920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:45:27.0394 3920 Smb - ok
08:45:27.0455 3920 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:45:27.0457 3920 SNMPTRAP - ok
08:45:27.0497 3920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:45:27.0498 3920 spldr - ok
08:45:27.0548 3920 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
08:45:27.0556 3920 Spooler - ok
08:45:27.0700 3920 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
08:45:27.0752 3920 sppsvc - ok
08:45:27.0810 3920 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:45:27.0813 3920 sppuinotify - ok
08:45:27.0873 3920 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
08:45:27.0877 3920 srv - ok
08:45:27.0917 3920 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
08:45:27.0920 3920 srv2 - ok
08:45:27.0956 3920 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
08:45:27.0957 3920 srvnet - ok
08:45:27.0990 3920 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:45:27.0993 3920 SSDPSRV - ok
08:45:28.0014 3920 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:45:28.0016 3920 SstpSvc - ok
08:45:28.0050 3920 Steam Client Service - ok
08:45:28.0075 3920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:45:28.0076 3920 stexstor - ok
08:45:28.0124 3920 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
08:45:28.0141 3920 stisvc - ok
08:45:28.0179 3920 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
08:45:28.0181 3920 storflt - ok
08:45:28.0194 3920 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:45:28.0196 3920 StorSvc - ok
08:45:28.0226 3920 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
08:45:28.0227 3920 storvsc - ok
08:45:28.0246 3920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:45:28.0247 3920 swenum - ok
08:45:28.0280 3920 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:45:28.0299 3920 swprv - ok
08:45:28.0391 3920 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
08:45:28.0422 3920 SysMain - ok
08:45:28.0485 3920 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
08:45:28.0488 3920 TabletInputService - ok
08:45:28.0546 3920 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
08:45:28.0547 3920 tap0901 - ok
08:45:28.0577 3920 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
08:45:28.0583 3920 TapiSrv - ok
08:45:28.0593 3920 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:45:28.0595 3920 TBS - ok
08:45:28.0693 3920 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
08:45:28.0724 3920 Tcpip - ok
08:45:28.0867 3920 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
08:45:28.0878 3920 TCPIP6 - ok
08:45:28.0934 3920 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:45:28.0935 3920 tcpipreg - ok
08:45:28.0950 3920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:45:28.0951 3920 TDPIPE - ok
08:45:28.0974 3920 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
08:45:28.0975 3920 TDTCP - ok
08:45:28.0989 3920 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:45:28.0990 3920 tdx - ok
08:45:29.0009 3920 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:45:29.0011 3920 TermDD - ok
08:45:29.0057 3920 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
08:45:29.0070 3920 TermService - ok
08:45:29.0086 3920 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:45:29.0088 3920 Themes - ok
08:45:29.0109 3920 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:45:29.0110 3920 THREADORDER - ok
08:45:29.0128 3920 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:45:29.0130 3920 TrkWks - ok
08:45:29.0184 3920 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
08:45:29.0187 3920 TrustedInstaller - ok
08:45:29.0203 3920 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:45:29.0205 3920 tssecsrv - ok
08:45:29.0260 3920 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:45:29.0262 3920 tunnel - ok
08:45:29.0290 3920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:45:29.0290 3920 uagp35 - ok
08:45:29.0324 3920 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:45:29.0326 3920 udfs - ok
08:45:29.0370 3920 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:45:29.0372 3920 UI0Detect - ok
08:45:29.0391 3920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:45:29.0392 3920 uliagpkx - ok
08:45:29.0443 3920 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:45:29.0444 3920 umbus - ok
08:45:29.0463 3920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:45:29.0464 3920 UmPass - ok
08:45:29.0512 3920 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
08:45:29.0515 3920 UmRdpService - ok
08:45:29.0544 3920 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:45:29.0558 3920 upnphost - ok
08:45:29.0603 3920 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:45:29.0604 3920 USBAAPL64 - ok
08:45:29.0644 3920 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
08:45:29.0645 3920 usbaudio - ok
08:45:29.0679 3920 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
08:45:29.0681 3920 usbccgp - ok
08:45:29.0715 3920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:45:29.0717 3920 usbcir - ok
08:45:29.0740 3920 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
08:45:29.0742 3920 usbehci - ok
08:45:29.0781 3920 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
08:45:29.0788 3920 usbhub - ok
08:45:29.0812 3920 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
08:45:29.0813 3920 usbohci - ok
08:45:29.0831 3920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:45:29.0832 3920 usbprint - ok
08:45:29.0865 3920 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:45:29.0867 3920 USBSTOR - ok
08:45:29.0880 3920 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:45:29.0881 3920 usbuhci - ok
08:45:29.0905 3920 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:45:29.0907 3920 UxSms - ok
08:45:29.0939 3920 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:45:29.0940 3920 VaultSvc - ok
08:45:29.0975 3920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:45:29.0976 3920 vdrvroot - ok
08:45:30.0013 3920 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
08:45:30.0031 3920 vds - ok
08:45:30.0056 3920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:45:30.0057 3920 vga - ok
08:45:30.0070 3920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:45:30.0072 3920 VgaSave - ok
08:45:30.0096 3920 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:45:30.0099 3920 vhdmp - ok
08:45:30.0127 3920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:45:30.0128 3920 viaide - ok
08:45:30.0166 3920 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
08:45:30.0168 3920 vmbus - ok
08:45:30.0190 3920 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
08:45:30.0191 3920 VMBusHID - ok
08:45:30.0206 3920 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:45:30.0207 3920 volmgr - ok
08:45:30.0254 3920 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:45:30.0257 3920 volmgrx - ok
08:45:30.0286 3920 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:45:30.0290 3920 volsnap - ok
08:45:30.0375 3920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:45:30.0378 3920 vsmraid - ok
08:45:30.0462 3920 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
08:45:30.0487 3920 VSS - ok
08:45:30.0556 3920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:45:30.0557 3920 vwifibus - ok
08:45:30.0588 3920 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:45:30.0601 3920 W32Time - ok
08:45:30.0620 3920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:45:30.0622 3920 WacomPen - ok
08:45:30.0647 3920 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:45:30.0649 3920 WANARP - ok
08:45:30.0654 3920 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:45:30.0655 3920 Wanarpv6 - ok
08:45:30.0754 3920 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:45:30.0770 3920 WatAdminSvc - ok
08:45:30.0847 3920 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
08:45:30.0873 3920 wbengine - ok
08:45:30.0944 3920 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:45:30.0948 3920 WbioSrvc - ok
08:45:30.0986 3920 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
08:45:31.0000 3920 wcncsvc - ok
08:45:31.0017 3920 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:45:31.0019 3920 WcsPlugInService - ok
08:45:31.0054 3920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:45:31.0055 3920 Wd - ok
08:45:31.0098 3920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:45:31.0102 3920 Wdf01000 - ok
08:45:31.0121 3920 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:45:31.0123 3920 WdiServiceHost - ok
08:45:31.0128 3920 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:45:31.0131 3920 WdiSystemHost - ok
08:45:31.0168 3920 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
08:45:31.0177 3920 WebClient - ok
08:45:31.0196 3920 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:45:31.0205 3920 Wecsvc - ok
08:45:31.0220 3920 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:45:31.0222 3920 wercplsupport - ok
08:45:31.0243 3920 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:45:31.0246 3920 WerSvc - ok
08:45:31.0297 3920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:45:31.0298 3920 WfpLwf - ok
08:45:31.0315 3920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:45:31.0316 3920 WIMMount - ok
08:45:31.0324 3920 WinHttpAutoProxySvc - ok
08:45:31.0400 3920 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:45:31.0409 3920 Winmgmt - ok
08:45:31.0485 3920 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
08:45:31.0486 3920 WinRing0_1_2_0 - ok
08:45:31.0580 3920 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
08:45:31.0618 3920 WinRM - ok
08:45:31.0721 3920 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
08:45:31.0722 3920 WinUsb - ok
08:45:31.0780 3920 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:45:31.0797 3920 Wlansvc - ok
08:45:31.0968 3920 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:45:32.0012 3920 wlidsvc - ok
08:45:32.0091 3920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:45:32.0091 3920 WmiAcpi - ok
08:45:32.0134 3920 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:45:32.0137 3920 wmiApSrv - ok
08:45:32.0157 3920 WMPNetworkSvc - ok
08:45:32.0188 3920 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:45:32.0190 3920 WPCSvc - ok
08:45:32.0204 3920 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
08:45:32.0207 3920 WPDBusEnum - ok
08:45:32.0230 3920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:45:32.0231 3920 ws2ifsl - ok
08:45:32.0236 3920 WSearch - ok
08:45:32.0354 3920 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
08:45:32.0370 3920 wuauserv - ok
08:45:32.0440 3920 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:45:32.0441 3920 WudfPf - ok
08:45:32.0460 3920 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:45:32.0461 3920 WUDFRd - ok
08:45:32.0477 3920 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
08:45:32.0479 3920 wudfsvc - ok
08:45:32.0498 3920 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:45:32.0501 3920 WwanSvc - ok
08:45:32.0576 3920 X6va005 - ok
08:45:32.0606 3920 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:45:32.0837 3920 \Device\Harddisk0\DR0 - ok
08:45:32.0844 3920 MBR (0x1B8) (3d221fb8ea3969c061db7c7aafd7321b) \Device\Harddisk1\DR1
08:45:43.0517 3920 \Device\Harddisk1\DR1 - ok
08:45:43.0522 3920 Boot (0x1200) (e037fdd6080d5d1be3e8634ee6e0fefc) \Device\Harddisk0\DR0\Partition0
08:45:43.0524 3920 \Device\Harddisk0\DR0\Partition0 - ok
08:45:43.0537 3920 Boot (0x1200) (910ee31f5288209dbd82dc3046063a62) \Device\Harddisk0\DR0\Partition1
08:45:43.0539 3920 \Device\Harddisk0\DR0\Partition1 - ok
08:45:43.0543 3920 ============================================================
08:45:43.0543 3920 Scan finished
08:45:43.0543 3920 ============================================================
08:45:43.0559 1644 Detected object count: 0
08:45:43.0559 1644 Actual detected object count: 0
08:48:19.0484 1352 Deinitialize success
GMER-
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-13 10:49:35
Windows 6.1.7600
Running: uri9ldyo.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ad[3].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\recaptcha_ajax[1].htm 218 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\690664_077[1].jpg 6066 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\blake-lively-021512-%20(0)[1].jpg 4806 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\blake-lively-noonnoor-time[1].jpg 31058 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\mrssplaylist[1].aspx 3023 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\the-host-movie-image[1].jpg 1810 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\the-perks-of-being-a-wallflower-movie-image[1].jpg 4690 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\a-warriors-heart-movie-image[1].jpg 4488 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\gapro-1[1].swf 59443 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\san-alfonso-del-mar-03[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\iva_quantcast[1].swf 22205 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\iva_shopping[1].swf 87879 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\madagascar-3-poster[1].jpg 4326 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\101095_129_5[1].jpg 3242 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\fbit[1].swf 28526 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\search_bg[1].png 1951 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\katy-perry-part-of-me-poster[1].jpg 3209 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\image-not-yet-available-logo_18[1].jpg 2463 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ping[2].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\header_bg[1].png 217 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\videoscript[1].js 4368 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\views[1].css 1767 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\xd_arbiter[6].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\btn_search[1].png 7673 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\528256_045_2[1].jpg 2632 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\Stylish[1].swf 10853 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\st[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\system-menus[1].css 919 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\fivestar[1].css 2241 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\24903_t_c_clickpayz_com[1].htm 14 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\01[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\blake-lively-021512-%20(8)[1].jpg 4174 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\hot-destinations[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\print[2].css 1300 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\data_sync[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ddc[7].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\dependent[1].js 6628 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\messages[1].css 1255 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\players[1].swf 115230 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\panels[1].css 962 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\spacer[2].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\base[1].js 3493 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\node[1].css 726 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\jquery.min[3].js 91556 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\defaults[1].css 747 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\MR[1].js 2961 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\nonSecureAnonymousFramework[1].js 148630 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\logintoboggan[1].css 345 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\wireframes[1].css 585 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\crossdomain[2].xml 205 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\tabs[1].css 2784 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\liftrtb_3[1].js 19644 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\062_THY_ALL_NAT_ALL_TYNoCap_728x90_MSFT[1].gif 16705 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\112139_091[1].jpg 2904 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\gossipcenter_com[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\header[2].jpg 52240 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\forgreatergloryposter[1].jpg 4828 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\Ad.autoLoad[1].js 20802 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\panels[1].js 797 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\yt-no-image[1].gif 739 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ivaplayer-1.1.min[1].js 175995 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\iva_analytics[1].swf 21448 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\glamadapt_srv[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\glamadapt_srv[3].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\geofilter[1].jpg 302 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\blake-lively-020711-8[1].jpg 5420 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\blake-lively-030511-21[1].jpg 5395 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\blake-lively-040111-8[1].jpg 9217 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\embed[1].xml 16339 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\layout[1].css 6499 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\html-elements[1].css 6474 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\516978990_3[1].jpg 8030 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\user[1].css 1125 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ruby-sparks-movie-image[1].jpg 4562 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ajax_view[1].js 6789 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\twitter_small_logo[1].png 2603 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\557775_148[1].jpg 2140 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\magic_tabs[1].css 1359 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\date[1].css 4010 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\quantv2[2].swf 1591 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\jquery.infinite-carousel[1].js 1621 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\crossdomainCALVC57O.xml 205 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H1K9R9PG.txt 5924 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XQ1MFHQL.txt 1342 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MC1SM0QR.txt 119 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MH88R283.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\47560KG7.txt 179 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C8K36ESI.txt 101 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YZVK7IB1.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W31IWVN9.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HK28ID26.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3B8RHL27.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WRYVZOED.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RWJUV2X9.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B9Y3YHHH.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KDC2OWBT.txt 0 bytes

---- EOF - GMER 1.0.15 ----
ASWMBR_
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 10:51:20
-----------------------------
10:51:20.883 OS Version: Windows x64 6.1.7600
10:51:20.883 Number of processors: 2 586 0x170A
10:51:20.884 ComputerName: ETHAN-PC UserName: Ethan
10:51:23.571 Initialize success
10:52:18.133 AVAST engine defs: 12061300
10:52:52.172 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:52:52.172 Disk 0 Vendor: WDC_WD5000AAKS-00WWPA0 01.03B01 Size: 476940MB BusType: 3
10:52:52.188 Disk 0 MBR read successfully
10:52:52.188 Disk 0 MBR scan
10:52:52.188 Disk 0 Windows 7 default MBR code
10:52:52.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:52:52.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
10:52:52.234 Disk 0 scanning C:\Windows\system32\drivers
10:52:59.208 Service scanning
10:53:15.025 Modules scanning
10:53:15.032 Disk 0 trace - called modules:
10:53:15.042 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
10:53:15.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ee7060]
10:53:15.052 3 CLASSPNP.SYS[fffff8800186f43f] -> nt!IofCallDriver -> [0xfffffa8004a12520]
10:53:15.107 5 ACPI.sys[fffff88000ec2781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004a13680]
10:53:17.614 AVAST engine scan C:\Windows
10:53:20.890 AVAST engine scan C:\Windows\system32
10:54:59.249 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:55:01.060 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:56:10.354 AVAST engine scan C:\Windows\system32\drivers
10:56:22.179 AVAST engine scan C:\Users\Ethan
11:03:08.366 File: C:\Users\Ethan\Downloads\Youtube Subscriber.exe **INFECTED** Win32:Malware-gen
11:04:21.929 AVAST engine scan C:\ProgramData
11:04:42.639 Scan finished successfully
11:11:45.178 Disk 0 MBR has been saved successfully to "C:\Users\Ethan\Desktop\MBR.dat"
11:11:45.194 The log file has been saved successfully to "C:\Users\Ethan\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:34 PM

Posted 13 June 2012 - 10:43 AM

Download

system look

Launch it and copy this script in the search BOX

:filefind 
services.exe

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 13 June 2012 - 10:45 AM.


#5 Redirectingme

Redirectingme
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 13 June 2012 - 03:17 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:50 on 13/06/2012 by Ethan
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.13.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ethan :: ETHAN-PC [administrator]

Protection: Enabled

6/13/2012 12:54:01 PM
mbam-log-2012-06-13 (12-54-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380554
Time elapsed: 31 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\$Recycle.Bin\S-1-5-21-4237748992-413711787-1094834161-1000\$R3K2D2F.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4237748992-413711787-1094834161-1000\$R5K9T7K.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4237748992-413711787-1094834161-1000\$R7DA0SE.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4237748992-413711787-1094834161-1000\$REOVRMD.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4237748992-413711787-1094834161-1000\$ROQP4NM.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4237748992-413711787-1094834161-1000\$RQVBK0Y.exe (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Windows\Installer\{291f560e-69e4-22c5-1f7d-bd5eec1de9a9}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)
I will start the next ones once i restart comp.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users