Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Dropper.BCMiner


  • Please log in to reply
7 replies to this topic

#1 Ryne

Ryne

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 15 July 2012 - 10:09 AM

Hello, I've had a Trojan for a few days that just wont go away, I have Windows Vista, and use Firefox. Other users on the computer use Internet Explorer. I keep getting popups on some websites, and I occasionally get redirected when trying to click links on Google. I believe it may have come from a Java update, but I'm not 100% certain.
Malwarebytes detects it, and says that it deletes it, however when I scan it again it comes up again. Here is the most recent Malwarebytes scan.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ryne :: LIVING-ROOM [administrator]

7/15/2012 10:23:18 AM
mbam-log-2012-07-15 (10-23-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302476
Time elapsed: 29 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{21b6760b-0e45-468c-4d5a-1134602cc8f9}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Any help is appreciated, and I'll be checking this thread every few hours. Thanks.

Edited by Ryne, 15 July 2012 - 10:15 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:13 PM

Posted 15 July 2012 - 10:31 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Ryne

Ryne
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 15 July 2012 - 09:36 PM

Alright this took a while. I don't think the aswMBR finished scanning, but it kept... stopping I guess? I exited and ran it again several times, but it kept happening. I even let it run for 45 minutes and it never changed what it said it was scanning.

Also I suspect my anti-virus might have interfered with the ESET, but I'm not sure. It came up when ESET and aswMBR detected the Trojan Horses, however it warned that forcing the deletion could cause system instability or failure so I was cautious. It came up again when the ESET finished. I have AVG Internet Security 2012 btw.

TDSSKiller

13:32:41.0685 4444 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
13:32:42.0075 4444 ============================================================
13:32:42.0075 4444 Current date / time: 2012/07/15 13:32:42.0075
13:32:42.0075 4444 SystemInfo:
13:32:42.0075 4444
13:32:42.0075 4444 OS Version: 6.0.6002 ServicePack: 2.0
13:32:42.0075 4444 Product type: Workstation
13:32:42.0075 4444 ComputerName: LIVING-ROOM
13:32:42.0075 4444 UserName: Ryne
13:32:42.0075 4444 Windows directory: C:\Windows
13:32:42.0075 4444 System windows directory: C:\Windows
13:32:42.0075 4444 Running under WOW64
13:32:42.0075 4444 Processor architecture: Intel x64
13:32:42.0075 4444 Number of processors: 1
13:32:42.0075 4444 Page size: 0x1000
13:32:42.0075 4444 Boot type: Normal boot
13:32:42.0075 4444 ============================================================
13:32:43.0760 4444 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:32:43.0760 4444 ============================================================
13:32:43.0760 4444 \Device\Harddisk0\DR0:
13:32:43.0760 4444 MBR partitions:
13:32:43.0760 4444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
13:32:43.0760 4444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
13:32:43.0760 4444 ============================================================
13:32:43.0822 4444 C: <-> \Device\Harddisk0\DR0\Partition1
13:32:43.0869 4444 D: <-> \Device\Harddisk0\DR0\Partition0
13:32:43.0869 4444 ============================================================
13:32:43.0869 4444 Initialize success
13:32:43.0869 4444 ============================================================
13:33:14.0741 4672 ============================================================
13:33:14.0741 4672 Scan started
13:33:14.0741 4672 Mode: Manual; TDLFS;
13:33:14.0741 4672 ============================================================
13:33:15.0958 4672 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:33:15.0958 4672 ACPI - ok
13:33:16.0083 4672 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:33:16.0083 4672 AdobeARMservice - ok
13:33:16.0286 4672 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:33:16.0348 4672 AdobeFlashPlayerUpdateSvc - ok
13:33:16.0410 4672 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:33:16.0442 4672 adp94xx - ok
13:33:16.0473 4672 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:33:16.0504 4672 adpahci - ok
13:33:16.0520 4672 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:33:16.0551 4672 adpu160m - ok
13:33:16.0566 4672 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:33:16.0598 4672 adpu320 - ok
13:33:16.0644 4672 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
13:33:16.0644 4672 AeLookupSvc - ok
13:33:16.0691 4672 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
13:33:16.0738 4672 AFD - ok
13:33:16.0769 4672 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:33:16.0785 4672 agp440 - ok
13:33:16.0816 4672 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:33:16.0847 4672 aic78xx - ok
13:33:16.0878 4672 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
13:33:16.0878 4672 ALG - ok
13:33:16.0894 4672 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:33:16.0910 4672 aliide - ok
13:33:16.0925 4672 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:33:16.0941 4672 amdide - ok
13:33:16.0956 4672 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:33:16.0988 4672 AmdK8 - ok
13:33:17.0066 4672 AppHostSvc (b11291cbc71231c373743055fb7f5b48) C:\Windows\system32\inetsrv\apphostsvc.dll
13:33:17.0066 4672 AppHostSvc - ok
13:33:17.0128 4672 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
13:33:17.0128 4672 Appinfo - ok
13:33:17.0268 4672 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:33:17.0268 4672 Apple Mobile Device - ok
13:33:17.0393 4672 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:33:17.0409 4672 arc - ok
13:33:17.0424 4672 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:33:17.0440 4672 arcsas - ok
13:33:17.0471 4672 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:17.0471 4672 AsyncMac - ok
13:33:17.0502 4672 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:33:17.0502 4672 atapi - ok
13:33:17.0580 4672 ati2mpad (a9fa2a0fba4295fb5a70fdf15f83339c) C:\Windows\system32\DRIVERS\ati2mpad.sys
13:33:17.0580 4672 ati2mpad - ok
13:33:17.0643 4672 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:33:17.0658 4672 AudioEndpointBuilder - ok
13:33:17.0658 4672 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:33:17.0674 4672 AudioSrv - ok
13:33:18.0002 4672 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
13:33:18.0111 4672 AVGIDSAgent - ok
13:33:18.0298 4672 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:33:18.0298 4672 AVGIDSDriver - ok
13:33:18.0329 4672 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:33:18.0329 4672 AVGIDSEH - ok
13:33:18.0345 4672 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:33:18.0345 4672 AVGIDSFilter - ok
13:33:18.0423 4672 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
13:33:18.0438 4672 Avgldx64 - ok
13:33:18.0470 4672 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:33:18.0501 4672 Avgmfx64 - ok
13:33:18.0516 4672 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:33:18.0532 4672 Avgrkx64 - ok
13:33:18.0579 4672 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
13:33:18.0610 4672 Avgtdia - ok
13:33:18.0844 4672 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:33:18.0844 4672 avgwd - ok
13:33:18.0906 4672 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:33:18.0922 4672 BBSvc - ok
13:33:19.0047 4672 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
13:33:19.0078 4672 BITS - ok
13:33:19.0125 4672 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:33:19.0156 4672 blbdrive - ok
13:33:19.0359 4672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:33:19.0374 4672 Bonjour Service - ok
13:33:19.0390 4672 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:33:19.0390 4672 bowser - ok
13:33:19.0421 4672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:33:19.0437 4672 BrFiltLo - ok
13:33:19.0468 4672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:33:19.0468 4672 BrFiltUp - ok
13:33:19.0499 4672 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
13:33:19.0499 4672 Browser - ok
13:33:19.0530 4672 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:33:19.0546 4672 Brserid - ok
13:33:19.0577 4672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:33:19.0593 4672 BrSerWdm - ok
13:33:19.0608 4672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:33:19.0624 4672 BrUsbMdm - ok
13:33:19.0640 4672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:33:19.0655 4672 BrUsbSer - ok
13:33:19.0671 4672 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:33:19.0686 4672 BTHMODEM - ok
13:33:19.0764 4672 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
13:33:19.0764 4672 CAXHWBS2 - ok
13:33:19.0780 4672 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:19.0796 4672 cdfs - ok
13:33:19.0842 4672 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:19.0858 4672 cdrom - ok
13:33:20.0014 4672 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:33:20.0014 4672 CertPropSvc - ok
13:33:20.0030 4672 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:33:20.0045 4672 circlass - ok
13:33:20.0108 4672 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:33:20.0108 4672 CLFS - ok
13:33:20.0248 4672 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:20.0248 4672 clr_optimization_v2.0.50727_32 - ok
13:33:20.0342 4672 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:33:20.0357 4672 clr_optimization_v2.0.50727_64 - ok
13:33:20.0451 4672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:20.0544 4672 clr_optimization_v4.0.30319_32 - ok
13:33:20.0576 4672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:33:20.0607 4672 clr_optimization_v4.0.30319_64 - ok
13:33:20.0638 4672 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:33:20.0638 4672 cmdide - ok
13:33:20.0669 4672 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:33:20.0669 4672 Compbatt - ok
13:33:20.0685 4672 COMSysApp - ok
13:33:20.0700 4672 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:33:20.0700 4672 crcdisk - ok
13:33:20.0732 4672 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
13:33:20.0747 4672 CryptSvc - ok
13:33:20.0825 4672 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:33:20.0841 4672 DcomLaunch - ok
13:33:20.0872 4672 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:33:20.0872 4672 DfsC - ok
13:33:21.0122 4672 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
13:33:21.0215 4672 DFSR - ok
13:33:21.0512 4672 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
13:33:21.0527 4672 Dhcp - ok
13:33:21.0558 4672 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:33:21.0574 4672 disk - ok
13:33:21.0621 4672 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
13:33:21.0621 4672 Dnscache - ok
13:33:21.0683 4672 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
13:33:21.0683 4672 dot3svc - ok
13:33:21.0746 4672 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
13:33:21.0761 4672 Dot4 - ok
13:33:21.0777 4672 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:33:21.0792 4672 Dot4Print - ok
13:33:21.0808 4672 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
13:33:21.0824 4672 dot4usb - ok
13:33:21.0870 4672 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
13:33:21.0870 4672 DPS - ok
13:33:21.0902 4672 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:33:21.0917 4672 drmkaud - ok
13:33:21.0980 4672 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:21.0995 4672 DXGKrnl - ok
13:33:22.0073 4672 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:33:22.0089 4672 E1G60 - ok
13:33:22.0120 4672 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
13:33:22.0120 4672 EapHost - ok
13:33:22.0167 4672 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:33:22.0182 4672 Ecache - ok
13:33:22.0229 4672 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
13:33:22.0229 4672 ehRecvr - ok
13:33:22.0260 4672 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
13:33:22.0260 4672 ehSched - ok
13:33:22.0276 4672 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
13:33:22.0276 4672 ehstart - ok
13:33:22.0323 4672 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:33:22.0385 4672 elxstor - ok
13:33:22.0541 4672 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
13:33:22.0541 4672 EMDMgmt - ok
13:33:22.0557 4672 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:33:22.0572 4672 ErrDev - ok
13:33:22.0635 4672 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
13:33:22.0635 4672 EventSystem - ok
13:33:22.0666 4672 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:33:22.0682 4672 exfat - ok
13:33:22.0728 4672 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:33:22.0728 4672 fastfat - ok
13:33:22.0760 4672 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:33:22.0760 4672 fdc - ok
13:33:22.0791 4672 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
13:33:22.0791 4672 fdPHost - ok
13:33:22.0791 4672 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
13:33:22.0806 4672 FDResPub - ok
13:33:22.0806 4672 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:33:22.0806 4672 FileInfo - ok
13:33:22.0838 4672 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:33:22.0838 4672 Filetrace - ok
13:33:22.0853 4672 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:22.0869 4672 flpydisk - ok
13:33:22.0916 4672 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:33:22.0916 4672 FltMgr - ok
13:33:23.0025 4672 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
13:33:23.0056 4672 FontCache - ok
13:33:23.0118 4672 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:23.0118 4672 FontCache3.0.0.0 - ok
13:33:23.0181 4672 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:23.0181 4672 Fs_Rec - ok
13:33:23.0228 4672 FTDIBUS (54891a87ba8dbfac580a3d256f4d2ceb) C:\Windows\system32\drivers\ftdibus.sys
13:33:23.0243 4672 FTDIBUS - ok
13:33:23.0274 4672 FTSER2K (7c98f85966a11d1a4214fa8b48be6a44) C:\Windows\system32\drivers\ftser2k.sys
13:33:23.0306 4672 FTSER2K - ok
13:33:23.0321 4672 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:33:23.0337 4672 gagp30kx - ok
13:33:23.0384 4672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:33:23.0477 4672 GEARAspiWDM - ok
13:33:23.0571 4672 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
13:33:23.0602 4672 gpsvc - ok
13:33:23.0852 4672 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:23.0852 4672 gupdate - ok
13:33:23.0852 4672 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:23.0852 4672 gupdatem - ok
13:33:23.0961 4672 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:33:24.0023 4672 gusvc - ok
13:33:24.0117 4672 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
13:33:24.0257 4672 HdAudAddService - ok
13:33:24.0366 4672 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:24.0398 4672 HDAudBus - ok
13:33:24.0444 4672 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:33:24.0460 4672 HidBth - ok
13:33:24.0491 4672 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:33:24.0491 4672 HidIr - ok
13:33:24.0538 4672 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
13:33:24.0538 4672 hidserv - ok
13:33:24.0585 4672 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:24.0585 4672 HidUsb - ok
13:33:24.0600 4672 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
13:33:24.0616 4672 hkmsvc - ok
13:33:24.0647 4672 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:33:24.0663 4672 HpCISSs - ok
13:33:24.0788 4672 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
13:33:24.0819 4672 HSF_DPV - ok
13:33:24.0944 4672 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:33:24.0959 4672 HTTP - ok
13:33:24.0990 4672 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:33:25.0006 4672 i2omp - ok
13:33:25.0068 4672 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:25.0084 4672 i8042prt - ok
13:33:25.0115 4672 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:33:25.0146 4672 iaStorV - ok
13:33:25.0287 4672 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:33:25.0302 4672 IDriverT - ok
13:33:25.0599 4672 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:33:25.0646 4672 idsvc - ok
13:33:26.0613 4672 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:33:26.0784 4672 igfx - ok
13:33:26.0894 4672 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:33:27.0018 4672 iirsp - ok
13:33:27.0096 4672 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
13:33:27.0112 4672 IKEEXT - ok
13:33:27.0143 4672 IntcAzAudAddService - ok
13:33:27.0159 4672 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:33:27.0159 4672 intelide - ok
13:33:27.0174 4672 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:27.0174 4672 intelppm - ok
13:33:27.0206 4672 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
13:33:27.0206 4672 IPBusEnum - ok
13:33:27.0330 4672 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:27.0330 4672 IpFilterDriver - ok
13:33:27.0330 4672 IpInIp - ok
13:33:27.0377 4672 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:33:27.0393 4672 IPMIDRV - ok
13:33:27.0455 4672 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:33:27.0455 4672 IPNAT - ok
13:33:27.0736 4672 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:33:27.0752 4672 iPod Service - ok
13:33:27.0767 4672 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:33:27.0783 4672 IRENUM - ok
13:33:27.0814 4672 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:33:27.0830 4672 isapnp - ok
13:33:27.0876 4672 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:27.0892 4672 iScsiPrt - ok
13:33:27.0908 4672 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:33:27.0923 4672 iteatapi - ok
13:33:27.0970 4672 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:33:27.0986 4672 iteraid - ok
13:33:29.0374 4672 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:29.0374 4672 kbdclass - ok
13:33:30.0310 4672 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:30.0419 4672 kbdhid - ok
13:33:30.0497 4672 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:33:30.0497 4672 KeyIso - ok
13:33:30.0606 4672 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
13:33:30.0622 4672 KSecDD - ok
13:33:30.0638 4672 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:33:30.0638 4672 ksthunk - ok
13:33:30.0684 4672 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
13:33:30.0700 4672 KtmRm - ok
13:33:30.0762 4672 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
13:33:30.0778 4672 LanmanServer - ok
13:33:30.0825 4672 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
13:33:30.0840 4672 LanmanWorkstation - ok
13:33:30.0856 4672 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:30.0856 4672 lltdio - ok
13:33:30.0903 4672 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
13:33:30.0918 4672 lltdsvc - ok
13:33:30.0950 4672 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
13:33:30.0950 4672 lmhosts - ok
13:33:30.0981 4672 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:33:30.0996 4672 LSI_FC - ok
13:33:31.0028 4672 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:33:31.0043 4672 LSI_SAS - ok
13:33:31.0074 4672 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:33:31.0090 4672 LSI_SCSI - ok
13:33:31.0121 4672 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:33:31.0137 4672 luafv - ok
13:33:31.0152 4672 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
13:33:31.0168 4672 Mcx2Svc - ok
13:33:31.0215 4672 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:33:31.0215 4672 mdmxsdk - ok
13:33:31.0246 4672 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:33:31.0262 4672 megasas - ok
13:33:31.0324 4672 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:33:31.0386 4672 MegaSR - ok
13:33:31.0418 4672 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:33:31.0433 4672 MMCSS - ok
13:33:31.0464 4672 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:33:31.0480 4672 Modem - ok
13:33:31.0542 4672 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:33:31.0558 4672 monitor - ok
13:33:31.0636 4672 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:31.0698 4672 mouclass - ok
13:33:31.0761 4672 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:31.0761 4672 mouhid - ok
13:33:31.0917 4672 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:33:31.0932 4672 MountMgr - ok
13:33:32.0166 4672 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:33:32.0229 4672 mpio - ok
13:33:32.0385 4672 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:33:32.0416 4672 mpsdrv - ok
13:33:32.0541 4672 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:33:32.0588 4672 Mraid35x - ok
13:33:32.0931 4672 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:33:32.0962 4672 MRxDAV - ok
13:33:33.0212 4672 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:33.0227 4672 mrxsmb - ok
13:33:33.0914 4672 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:33.0914 4672 mrxsmb10 - ok
13:33:34.0257 4672 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:34.0272 4672 mrxsmb20 - ok
13:33:34.0366 4672 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:33:34.0382 4672 msahci - ok
13:33:34.0662 4672 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:33:34.0709 4672 msdsm - ok
13:33:34.0943 4672 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
13:33:34.0990 4672 MSDTC - ok
13:33:35.0068 4672 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:33:35.0068 4672 Msfs - ok
13:33:35.0130 4672 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:33:35.0162 4672 msisadrv - ok
13:33:35.0489 4672 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
13:33:35.0489 4672 MSiSCSI - ok
13:33:35.0520 4672 msiserver - ok
13:33:35.0676 4672 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:35.0676 4672 MSKSSRV - ok
13:33:35.0770 4672 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:35.0770 4672 MSPCLOCK - ok
13:33:35.0848 4672 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:33:35.0848 4672 MSPQM - ok
13:33:36.0020 4672 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:33:36.0082 4672 MsRPC - ok
13:33:36.0160 4672 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:36.0160 4672 mssmbios - ok
13:33:36.0316 4672 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:33:36.0425 4672 MSTEE - ok
13:33:36.0503 4672 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:33:36.0503 4672 Mup - ok
13:33:36.0659 4672 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
13:33:36.0659 4672 napagent - ok
13:33:36.0893 4672 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:36.0909 4672 NativeWifiP - ok
13:33:37.0283 4672 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:33:37.0283 4672 NDIS - ok
13:33:37.0314 4672 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:37.0314 4672 NdisTapi - ok
13:33:37.0424 4672 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:37.0439 4672 Ndisuio - ok
13:33:37.0548 4672 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:37.0564 4672 NdisWan - ok
13:33:37.0611 4672 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:33:37.0611 4672 NDProxy - ok
13:33:37.0673 4672 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:33:37.0673 4672 NetBIOS - ok
13:33:37.0985 4672 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:33:38.0048 4672 netbt - ok
13:33:38.0157 4672 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:33:38.0157 4672 Netlogon - ok
13:33:38.0578 4672 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
13:33:38.0578 4672 Netman - ok
13:33:38.0765 4672 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
13:33:38.0796 4672 netprofm - ok
13:33:38.0906 4672 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:33:38.0921 4672 NetTcpPortSharing - ok
13:33:38.0968 4672 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:33:38.0984 4672 nfrd960 - ok
13:33:39.0046 4672 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
13:33:39.0077 4672 NlaSvc - ok
13:33:39.0140 4672 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:33:39.0140 4672 Npfs - ok
13:33:39.0155 4672 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
13:33:39.0171 4672 nsi - ok
13:33:39.0186 4672 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:33:39.0186 4672 nsiproxy - ok
13:33:39.0561 4672 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:33:39.0623 4672 Ntfs - ok
13:33:39.0857 4672 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:33:39.0857 4672 Null - ok
13:33:39.0920 4672 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:33:39.0935 4672 nvraid - ok
13:33:39.0966 4672 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:33:39.0998 4672 nvstor - ok
13:33:40.0044 4672 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:33:40.0060 4672 nv_agp - ok
13:33:40.0076 4672 NwlnkFlt - ok
13:33:40.0076 4672 NwlnkFwd - ok
13:33:40.0169 4672 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
13:33:40.0185 4672 ohci1394 - ok
13:33:40.0949 4672 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:33:41.0074 4672 p2pimsvc - ok
13:33:41.0090 4672 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:33:41.0090 4672 p2psvc - ok
13:33:41.0168 4672 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:33:41.0183 4672 Parport - ok
13:33:41.0230 4672 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
13:33:41.0246 4672 partmgr - ok
13:33:41.0355 4672 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
13:33:41.0370 4672 PcaSvc - ok
13:33:41.0714 4672 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:33:41.0714 4672 pci - ok
13:33:41.0760 4672 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
13:33:41.0776 4672 pciide - ok
13:33:41.0823 4672 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:33:41.0870 4672 pcmcia - ok
13:33:41.0916 4672 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:33:41.0948 4672 PEAUTH - ok
13:33:42.0010 4672 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
13:33:42.0010 4672 PerfHost - ok
13:33:42.0119 4672 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
13:33:42.0150 4672 pla - ok
13:33:42.0213 4672 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
13:33:42.0228 4672 PlugPlay - ok
13:33:42.0306 4672 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:33:42.0322 4672 PNRPAutoReg - ok
13:33:42.0338 4672 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:33:42.0353 4672 PNRPsvc - ok
13:33:42.0431 4672 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
13:33:42.0462 4672 PolicyAgent - ok
13:33:42.0540 4672 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:42.0540 4672 PptpMiniport - ok
13:33:42.0587 4672 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:33:42.0603 4672 Processor - ok
13:33:42.0650 4672 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
13:33:42.0681 4672 ProfSvc - ok
13:33:42.0743 4672 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:33:42.0743 4672 ProtectedStorage - ok
13:33:42.0790 4672 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:33:42.0790 4672 PSched - ok
13:33:42.0837 4672 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:33:42.0837 4672 PxHlpa64 - ok
13:33:43.0024 4672 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:33:43.0040 4672 ql2300 - ok
13:33:43.0071 4672 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:33:43.0118 4672 ql40xx - ok
13:33:43.0164 4672 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
13:33:43.0211 4672 QWAVE - ok
13:33:43.0227 4672 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:33:43.0227 4672 QWAVEdrv - ok
13:33:43.0242 4672 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:43.0242 4672 RasAcd - ok
13:33:43.0274 4672 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
13:33:43.0289 4672 RasAuto - ok
13:33:43.0352 4672 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:43.0352 4672 Rasl2tp - ok
13:33:43.0430 4672 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
13:33:43.0476 4672 RasMan - ok
13:33:43.0523 4672 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:43.0523 4672 RasPppoe - ok
13:33:43.0570 4672 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:43.0570 4672 RasSstp - ok
13:33:43.0632 4672 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:43.0632 4672 rdbss - ok
13:33:43.0664 4672 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:43.0664 4672 RDPCDD - ok
13:33:43.0726 4672 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:33:43.0742 4672 rdpdr - ok
13:33:43.0757 4672 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:33:43.0757 4672 RDPENCDD - ok
13:33:43.0804 4672 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
13:33:43.0820 4672 RDPWD - ok
13:33:43.0866 4672 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
13:33:43.0866 4672 RemoteAccess - ok
13:33:43.0929 4672 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
13:33:43.0929 4672 RemoteRegistry - ok
13:33:43.0960 4672 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
13:33:43.0960 4672 RpcLocator - ok
13:33:44.0038 4672 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:33:44.0054 4672 RpcSs - ok
13:33:44.0069 4672 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:44.0069 4672 rspndr - ok
13:33:44.0334 4672 RTL8169 (335352091acc9884b9c527edcdd643bb) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:33:44.0350 4672 RTL8169 - ok
13:33:44.0428 4672 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:33:44.0444 4672 SamSs - ok
13:33:44.0506 4672 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:33:44.0522 4672 sbp2port - ok
13:33:44.0693 4672 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:33:44.0740 4672 SBSDWSCService - ok
13:33:44.0818 4672 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
13:33:44.0818 4672 SCardSvr - ok
13:33:44.0912 4672 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
13:33:44.0927 4672 Schedule - ok
13:33:44.0990 4672 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:33:44.0990 4672 SCPolicySvc - ok
13:33:45.0021 4672 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
13:33:45.0036 4672 SDRSVC - ok
13:33:45.0083 4672 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:33:45.0099 4672 SeaPort - ok
13:33:45.0130 4672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:45.0130 4672 secdrv - ok
13:33:45.0146 4672 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
13:33:45.0146 4672 seclogon - ok
13:33:45.0177 4672 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
13:33:45.0177 4672 SENS - ok
13:33:45.0192 4672 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys
13:33:45.0208 4672 Serenum - ok
13:33:45.0239 4672 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:33:45.0255 4672 Serial - ok
13:33:45.0302 4672 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:33:45.0317 4672 sermouse - ok
13:33:45.0348 4672 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
13:33:45.0348 4672 SessionEnv - ok
13:33:45.0364 4672 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:33:45.0380 4672 sffdisk - ok
13:33:45.0395 4672 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:45.0411 4672 sffp_mmc - ok
13:33:45.0426 4672 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:33:45.0442 4672 sffp_sd - ok
13:33:45.0489 4672 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:33:45.0489 4672 sfloppy - ok
13:33:45.0567 4672 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
13:33:45.0598 4672 ShellHWDetection - ok
13:33:45.0629 4672 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:33:45.0645 4672 SiSRaid2 - ok
13:33:45.0676 4672 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:33:45.0692 4672 SiSRaid4 - ok
13:33:45.0910 4672 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
13:33:45.0957 4672 slsvc - ok
13:33:46.0082 4672 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
13:33:46.0082 4672 SLUINotify - ok
13:33:46.0144 4672 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:33:46.0144 4672 Smb - ok
13:33:46.0175 4672 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
13:33:46.0191 4672 SNMPTRAP - ok
13:33:46.0238 4672 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:33:46.0238 4672 spldr - ok
13:33:46.0284 4672 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
13:33:46.0284 4672 Spooler - ok
13:33:46.0362 4672 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:33:46.0378 4672 srv - ok
13:33:46.0425 4672 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:33:46.0440 4672 srv2 - ok
13:33:46.0472 4672 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:46.0487 4672 srvnet - ok
13:33:46.0518 4672 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
13:33:46.0534 4672 SSDPSRV - ok
13:33:46.0565 4672 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
13:33:46.0565 4672 SstpSvc - ok
13:33:46.0628 4672 Steam Client Service - ok
13:33:46.0690 4672 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
13:33:46.0752 4672 stisvc - ok
13:33:46.0815 4672 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:33:46.0815 4672 stllssvr - ok
13:33:46.0846 4672 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:33:46.0862 4672 swenum - ok
13:33:46.0940 4672 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
13:33:46.0955 4672 swprv - ok
13:33:46.0971 4672 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:33:46.0986 4672 Symc8xx - ok
13:33:47.0033 4672 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:33:47.0049 4672 Sym_hi - ok
13:33:47.0064 4672 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:33:47.0080 4672 Sym_u3 - ok
13:33:47.0314 4672 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
13:33:47.0330 4672 SysMain - ok
13:33:47.0376 4672 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
13:33:47.0392 4672 TabletInputService - ok
13:33:47.0454 4672 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
13:33:47.0470 4672 TapiSrv - ok
13:33:47.0501 4672 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
13:33:47.0501 4672 TBS - ok
13:33:47.0657 4672 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
13:33:47.0688 4672 Tcpip - ok
13:33:47.0829 4672 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:47.0844 4672 Tcpip6 - ok
13:33:47.0938 4672 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
13:33:47.0938 4672 tcpipreg - ok
13:33:47.0969 4672 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:33:47.0969 4672 TDPIPE - ok
13:33:48.0000 4672 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:33:48.0000 4672 TDTCP - ok
13:33:48.0141 4672 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:33:48.0141 4672 tdx - ok
13:33:48.0234 4672 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:33:48.0250 4672 TermDD - ok
13:33:48.0328 4672 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
13:33:48.0344 4672 TermService - ok
13:33:48.0390 4672 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
13:33:48.0406 4672 Themes - ok
13:33:48.0422 4672 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:33:48.0422 4672 THREADORDER - ok
13:33:48.0453 4672 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
13:33:48.0468 4672 TrkWks - ok
13:33:48.0578 4672 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
13:33:48.0578 4672 TrustedInstaller - ok
13:33:48.0609 4672 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:48.0609 4672 tssecsrv - ok
13:33:48.0656 4672 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:33:48.0656 4672 tunmp - ok
13:33:48.0687 4672 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:48.0702 4672 tunnel - ok
13:33:48.0718 4672 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:33:48.0734 4672 uagp35 - ok
13:33:48.0796 4672 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:33:48.0812 4672 udfs - ok
13:33:48.0843 4672 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
13:33:48.0843 4672 UI0Detect - ok
13:33:48.0890 4672 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:33:48.0890 4672 uliagpkx - ok
13:33:48.0936 4672 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:33:48.0952 4672 uliahci - ok
13:33:48.0999 4672 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:33:49.0030 4672 UlSata - ok
13:33:49.0077 4672 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:33:49.0092 4672 ulsata2 - ok
13:33:49.0124 4672 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:33:49.0139 4672 umbus - ok
13:33:49.0170 4672 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
13:33:49.0186 4672 upnphost - ok
13:33:49.0248 4672 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:33:49.0264 4672 USBAAPL64 - ok
13:33:49.0311 4672 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:49.0326 4672 usbccgp - ok
13:33:49.0342 4672 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:33:49.0373 4672 usbcir - ok
13:33:49.0467 4672 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:49.0482 4672 usbehci - ok
13:33:49.0529 4672 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:49.0560 4672 usbhub - ok
13:33:49.0576 4672 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:33:49.0592 4672 usbohci - ok
13:33:49.0623 4672 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:49.0623 4672 usbprint - ok
13:33:49.0701 4672 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:49.0748 4672 USBSTOR - ok
13:33:49.0794 4672 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:49.0794 4672 usbuhci - ok
13:33:49.0904 4672 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
13:33:49.0919 4672 UxSms - ok
13:33:50.0262 4672 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
13:33:50.0278 4672 vds - ok
13:33:50.0325 4672 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:50.0340 4672 vga - ok
13:33:50.0372 4672 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:33:50.0372 4672 VgaSave - ok
13:33:50.0403 4672 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:33:50.0403 4672 viaide - ok
13:33:50.0450 4672 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:33:50.0450 4672 volmgr - ok
13:33:50.0528 4672 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:33:50.0543 4672 volmgrx - ok
13:33:50.0621 4672 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:33:50.0621 4672 volsnap - ok
13:33:50.0668 4672 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:33:50.0699 4672 vsmraid - ok
13:33:50.0949 4672 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
13:33:50.0980 4672 VSS - ok
13:33:51.0105 4672 VST64HWBS2 (23de6f86133361c8dd5410e08a32bb3e) C:\Windows\system32\DRIVERS\VSTBS26.SYS
13:33:51.0136 4672 VST64HWBS2 - ok
13:33:51.0230 4672 VST64_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:33:51.0276 4672 VST64_DPV - ok
13:33:51.0464 4672 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
13:33:51.0479 4672 vToolbarUpdater11.2.0 - ok
13:33:51.0604 4672 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
13:33:51.0635 4672 W32Time - ok
13:33:51.0729 4672 W3SVC (1ed89751bbc0b2a050b6367a613c1c51) C:\Windows\system32\inetsrv\iisw3adm.dll
13:33:51.0744 4672 W3SVC - ok
13:33:51.0776 4672 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:33:51.0791 4672 WacomPen - ok
13:33:51.0869 4672 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:51.0885 4672 Wanarp - ok
13:33:51.0885 4672 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:51.0885 4672 Wanarpv6 - ok
13:33:51.0900 4672 WAS (1ed89751bbc0b2a050b6367a613c1c51) C:\Windows\system32\inetsrv\iisw3adm.dll
13:33:51.0900 4672 WAS - ok
13:33:51.0947 4672 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
13:33:51.0963 4672 wcncsvc - ok
13:33:51.0994 4672 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
13:33:51.0994 4672 WcsPlugInService - ok
13:33:52.0025 4672 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:33:52.0041 4672 Wd - ok
13:33:52.0119 4672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:52.0134 4672 Wdf01000 - ok
13:33:52.0150 4672 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:33:52.0166 4672 WdiServiceHost - ok
13:33:52.0166 4672 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:33:52.0166 4672 WdiSystemHost - ok
13:33:52.0197 4672 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
13:33:52.0197 4672 WebClient - ok
13:33:52.0259 4672 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
13:33:52.0275 4672 Wecsvc - ok
13:33:52.0306 4672 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
13:33:52.0322 4672 wercplsupport - ok
13:33:52.0353 4672 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
13:33:52.0368 4672 WerSvc - ok
13:33:52.0556 4672 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:33:52.0602 4672 winachsf - ok
13:33:52.0618 4672 WinHttpAutoProxySvc - ok
13:33:52.0727 4672 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
13:33:52.0758 4672 Winmgmt - ok
13:33:52.0930 4672 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
13:33:52.0992 4672 WinRM - ok
13:33:53.0211 4672 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
13:33:53.0226 4672 WinUSB - ok
13:33:53.0320 4672 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
13:33:53.0336 4672 Wlansvc - ok
13:33:53.0523 4672 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:33:53.0570 4672 wlidsvc - ok
13:33:53.0648 4672 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:33:53.0663 4672 WmiAcpi - ok
13:33:53.0757 4672 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
13:33:53.0772 4672 wmiApSrv - ok
13:33:53.0804 4672 WMPNetworkSvc - ok
13:33:53.0882 4672 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
13:33:53.0928 4672 WPCSvc - ok
13:33:54.0053 4672 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
13:33:54.0053 4672 WPDBusEnum - ok
13:33:54.0100 4672 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:33:54.0100 4672 WpdUsb - ok
13:33:54.0412 4672 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:33:54.0443 4672 WPFFontCache_v0400 - ok
13:33:54.0490 4672 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:54.0490 4672 ws2ifsl - ok
13:33:54.0506 4672 WSearch - ok
13:33:54.0693 4672 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:33:54.0740 4672 wuauserv - ok
13:33:54.0849 4672 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:33:54.0864 4672 WudfPf - ok
13:33:54.0942 4672 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:54.0958 4672 WUDFRd - ok
13:33:54.0989 4672 wudfsvc (3dcc7bf5afa921b479e622bd999121f3) C:\Windows\System32\WUDFSvc.dll
13:33:55.0005 4672 wudfsvc - ok
13:33:55.0052 4672 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
13:33:55.0052 4672 XAudio - ok
13:33:55.0098 4672 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe
13:33:55.0114 4672 XAudioService - ok
13:33:55.0660 4672 ZuneNetworkSvc (9d6545a29f9e556e3eb7b2b565612b9a) c:\Program Files\Zune\ZuneNss.exe
13:33:55.0785 4672 ZuneNetworkSvc - ok
13:33:55.0925 4672 ZuneWlanCfgSvc (a462202521d21127910f51d1c2bbe1ae) c:\Windows\system32\ZuneWlanCfgSvc.exe
13:33:56.0003 4672 ZuneWlanCfgSvc - ok
13:33:56.0034 4672 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:33:56.0331 4672 \Device\Harddisk0\DR0 - ok
13:33:56.0362 4672 Boot (0x1200) (9312327257205d3f1a3b9b9dd8567354) \Device\Harddisk0\DR0\Partition0
13:33:56.0378 4672 \Device\Harddisk0\DR0\Partition0 - ok
13:33:56.0378 4672 Boot (0x1200) (d9d0dc8310b5f494b1b46e0c5eb5fe2d) \Device\Harddisk0\DR0\Partition1
13:33:56.0378 4672 \Device\Harddisk0\DR0\Partition1 - ok
13:33:56.0378 4672 ============================================================
13:33:56.0378 4672 Scan finished
13:33:56.0378 4672 ============================================================
13:33:56.0409 4664 Detected object count: 0
13:33:56.0409 4664 Actual detected object count: 0

aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 16:39:43
-----------------------------
16:39:43.455 OS Version: Windows x64 6.0.6002 Service Pack 2
16:39:43.455 Number of processors: 1 586 0x1601
16:39:43.455 ComputerName: LIVING-ROOM UserName: Ryne
16:39:45.670 Initialize success
16:39:59.367 AVAST engine defs: 12071500
16:40:02.549 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:40:02.565 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 3
16:40:02.674 Disk 0 MBR read successfully
16:40:02.689 Disk 0 MBR scan
16:40:02.689 Disk 0 Windows VISTA default MBR code
16:40:02.705 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:40:02.736 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
16:40:02.783 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
16:40:02.923 Disk 0 scanning C:\Windows\system32\drivers
16:40:46.308 Service scanning
16:41:15.996 Modules scanning
16:41:16.027 Disk 0 trace - called modules:
16:41:16.058 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
16:41:16.573 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80037cb3c0]
16:41:16.573 3 CLASSPNP.SYS[fffffa6000fd5c33] -> nt!IofCallDriver -> [0xfffffa80026cc520]
16:41:16.589 5 acpi.sys[fffffa60008c9fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80026b3060]
16:41:17.837 AVAST engine scan C:\Windows
16:42:22.893 AVAST engine scan C:\Windows\system32
16:49:01.839 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:49:15.474 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:54:22.887 AVAST engine scan C:\Windows\system32\drivers
16:56:07.314 AVAST engine scan C:\Users\Ryne
17:45:34.737 Disk 0 MBR has been saved successfully to "C:\Users\Ryne\Documents\MBR.dat"
17:45:34.862 The log file has been saved successfully to "C:\Users\Ryne\Documents\aswMBR.txt"

ESET
C:\Users\Doug\AppData\Local\Temp\hD7_m1A1.exe.part a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Doug\AppData\Local\Temp\Q+bGKNAG.exe.part a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Doug\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application deleted - quarantined
C:\Users\Doug\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kaye\AppData\Local\Temp\ICReinstall\cnet2_parentalcontrolsetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Kaye\Favorites\Downloads\cnet2_parentalcontrolsetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Ryne\Downloads\SoftonicDownloader66221.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Windows\Installer\{21b6760b-0e45-468c-4d5a-1134602cc8f9}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{21b6760b-0e45-468c-4d5a-1134602cc8f9}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{21b6760b-0e45-468c-4d5a-1134602cc8f9}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan


I'll check the thread again in the morning before I go to work, thanks for all the help so far.

Edited by Ryne, 15 July 2012 - 09:37 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:13 PM

Posted 15 July 2012 - 09:39 PM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 Ryne

Ryne
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 16 July 2012 - 08:23 PM

Thanks man, I'll take some time tomorrow and try and do that.
Though I might just end up upgrading to a new computer.
Out of curiosity, if I transfered my pictures (jpg,png, and gif) my videos, my music, and my Firefox favorites via USB, would I risk infecting the new computer?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:13 PM

Posted 16 July 2012 - 08:27 PM

Out of curiosity, if I transfered my pictures (jpg,png, and gif) my videos, my music, and my Firefox favorites via USB, would I risk infecting the new computer?


Nope.

This is not a difficult one to remove.I would suggest you to stick to my previous instructions.

good luck

#7 Ryne

Ryne
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 17 July 2012 - 12:47 AM

Alright, hopefully I'll have the time to do it tomorrow.
Thanks again for the assistance.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:13 PM

Posted 17 July 2012 - 12:51 AM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users