Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe Taking Up CPU Memory


  • Please log in to reply
4 replies to this topic

#1 Zufox

Zufox

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 21 December 2011 - 09:35 PM

To start off, I'm running Windows XP SP 3.

Ok, well I had the Windows XP Home Security 2012 Virus a couple days ago, which is a scareware that downloads a rogue antivirus in order to get you to purchase a bogus virus remover. I eventually got rid of this virus but I soon ran into this problem.

Whenever I boot up the computer, within 5 minutes the process svchost.exe begins to grow in memory usage until it eventually prevents my computer from running at more than snail speed. Within 20 minutes its at 1GB memory usage and I can't run any programs at all. When I removed the "Windows XP Home Security" virus, I was told to delete more than a few registry values in order to remove it from my system. I'm afraid that this may have caused my current problem.

Steps I've Taken:

1. Thorough virus scan using Malwarebytes' Anti Malware as well as a couple of other virus scanners.
2.I disabled windows update and DNSclient from services
3. I've used a couple programs to repair any problems in my registry.
4. I ran HJT and pasted the logs into an auto-analyzer and it told me that one of my startup files required immediate removal, I haven't done anything yet. I can post logs if needed.

I've tried system restoring as far back as I can, which was only to last Friday for some reason, and I have no registry backups T.T

Please help me as I really don't want to reformat my computer and have to backup my data + reinstall a ton of programs and drivers.

Thanks.

Edited by hamluis, 22 December 2011 - 09:25 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:02:03 AM

Posted 22 December 2011 - 08:23 AM

I suggest you post in the Am I Infected forum on this site.

#3 Zufox

Zufox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 22 December 2011 - 10:47 AM

I suggest you post in the Am I Infected forum on this site.


Hmm ok, I thought it was just a resulting CPU memory leak from deleting a few registry keys but I guess it makes sense that it may be some leftover malware.

#4 Zufox

Zufox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 22 December 2011 - 09:36 PM

I'm going to bump this to prevent it being lost under the mounds of topics :)

#5 Zufox

Zufox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 23 December 2011 - 12:31 PM

I managed to stop the problem by using TDSSKiller, worked flawlessly. Here's the log if anyone's interested. Mod/Admin, please close this thread.

12:04:15.0265 2856 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:04:15.0687 2856 ============================================================
12:04:15.0687 2856 Current date / time: 2011/12/23 12:04:15.0687
12:04:15.0687 2856 SystemInfo:
12:04:15.0687 2856
12:04:15.0687 2856 OS Version: 5.1.2600 ServicePack: 3.0
12:04:15.0687 2856 Product type: Workstation
12:04:15.0687 2856 ComputerName: ZAINDESKTOP
12:04:15.0687 2856 UserName: Zain
12:04:15.0687 2856 Windows directory: C:\WINDOWS
12:04:15.0687 2856 System windows directory: C:\WINDOWS
12:04:15.0687 2856 Processor architecture: Intel x86
12:04:15.0687 2856 Number of processors: 1
12:04:15.0687 2856 Page size: 0x1000
12:04:15.0687 2856 Boot type: Normal boot
12:04:15.0687 2856 ============================================================
12:04:20.0562 2856 Initialize success
12:04:29.0546 2448 ============================================================
12:04:29.0546 2448 Scan started
12:04:29.0546 2448 Mode: Manual;
12:04:29.0546 2448 ============================================================
12:04:32.0953 2448 Abiosdsk - ok
12:04:33.0265 2448 abp480n5 - ok
12:04:33.0718 2448 ACPI (8fd99A680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:04:33.0765 2448 ACPI - ok
12:04:34.0187 2448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:04:34.0234 2448 ACPIEC - ok
12:04:34.0500 2448 adpu160m - ok
12:04:34.0796 2448 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
12:04:34.0890 2448 aeaudio - ok
12:04:35.0234 2448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:04:35.0296 2448 aec - ok
12:04:35.0609 2448 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:04:35.0640 2448 AegisP - ok
12:04:36.0000 2448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:04:36.0046 2448 AFD - ok
12:04:36.0406 2448 Aha154x - ok
12:04:36.0750 2448 aic78u2 - ok
12:04:37.0062 2448 aic78xx - ok
12:04:37.0312 2448 AliIde - ok
12:04:37.0625 2448 amsint - ok
12:04:37.0906 2448 asc - ok
12:04:38.0140 2448 asc3350p - ok
12:04:38.0187 2448 asc3550 - ok
12:04:38.0281 2448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:04:38.0359 2448 AsyncMac - ok
12:04:38.0593 2448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:04:38.0593 2448 atapi - ok
12:04:38.0812 2448 Atdisk - ok
12:04:39.0093 2448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:04:39.0109 2448 Atmarpc - ok
12:04:39.0468 2448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:04:39.0484 2448 audstub - ok
12:04:39.0937 2448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:04:39.0953 2448 Beep - ok
12:04:40.0421 2448 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:04:40.0453 2448 BthEnum - ok
12:04:40.0875 2448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:04:40.0890 2448 cbidf2k - ok
12:04:41.0218 2448 cd20xrnt - ok
12:04:41.0703 2448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:04:41.0703 2448 Cdaudio - ok
12:04:41.0828 2448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:04:41.0828 2448 Cdfs - ok
12:04:42.0406 2448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:04:42.0421 2448 Cdrom - ok
12:04:42.0703 2448 Changer - ok
12:04:42.0921 2448 CmdIde - ok
12:04:43.0203 2448 Cpqarray - ok
12:04:43.0281 2448 cpudrv - ok
12:04:43.0546 2448 dac2w2k - ok
12:04:43.0843 2448 dac960nt - ok
12:04:44.0218 2448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:04:44.0250 2448 Disk - ok
12:04:44.0953 2448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:04:45.0406 2448 dmboot - ok
12:04:45.0750 2448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:04:45.0984 2448 dmio - ok
12:04:46.0250 2448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:04:46.0281 2448 dmload - ok
12:04:46.0625 2448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:04:46.0656 2448 DMusic - ok
12:04:46.0953 2448 dpti2o - ok
12:04:47.0343 2448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:04:47.0375 2448 drmkaud - ok
12:04:47.0625 2448 EagleNT - ok
12:04:48.0000 2448 EagleXNt - ok
12:04:48.0312 2448 EAPPkt - ok
12:04:48.0718 2448 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
12:04:48.0875 2448 EL90X - ok
12:04:49.0296 2448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:04:49.0562 2448 Fastfat - ok
12:04:49.0796 2448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:04:49.0812 2448 Fdc - ok
12:04:50.0156 2448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:04:50.0171 2448 Fips - ok
12:04:50.0546 2448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:04:50.0562 2448 Flpydisk - ok
12:04:51.0015 2448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:04:51.0046 2448 FltMgr - ok
12:04:51.0515 2448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:04:51.0531 2448 Fs_Rec - ok
12:04:51.0921 2448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:04:52.0015 2448 Ftdisk - ok
12:04:52.0531 2448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:04:52.0562 2448 GEARAspiWDM - ok
12:04:52.0734 2448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:04:52.0765 2448 Gpc - ok
12:04:53.0312 2448 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:04:53.0312 2448 hidusb - ok
12:04:53.0593 2448 hpn - ok
12:04:53.0937 2448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:04:53.0984 2448 HTTP - ok
12:04:54.0390 2448 i2omgmt - ok
12:04:54.0687 2448 i2omp - ok
12:04:55.0093 2448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:04:55.0109 2448 i8042prt - ok
12:04:55.0921 2448 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:04:56.0359 2448 ialm - ok
12:04:56.0484 2448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:04:56.0484 2448 Imapi - ok
12:04:56.0796 2448 ini910u - ok
12:04:57.0093 2448 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:04:57.0109 2448 IntelIde - ok
12:04:57.0437 2448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:04:57.0468 2448 Ip6Fw - ok
12:04:57.0843 2448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:04:57.0875 2448 IpFilterDriver - ok
12:04:58.0281 2448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:04:58.0296 2448 IpInIp - ok
12:04:58.0750 2448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:04:58.0812 2448 IpNat - ok
12:04:59.0203 2448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:04:59.0218 2448 IPSec - ok
12:04:59.0703 2448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:04:59.0734 2448 IRENUM - ok
12:05:00.0093 2448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:00.0125 2448 isapnp - ok
12:05:00.0640 2448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:00.0656 2448 Kbdclass - ok
12:05:01.0031 2448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:05:01.0031 2448 kmixer - ok
12:05:01.0390 2448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:01.0406 2448 KSecDD - ok
12:05:01.0765 2448 lbrtfdc - ok
12:05:02.0140 2448 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
12:05:02.0156 2448 MBAMProtector - ok
12:05:02.0625 2448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:02.0656 2448 mnmdd - ok
12:05:03.0046 2448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:05:03.0062 2448 Modem - ok
12:05:03.0437 2448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:03.0437 2448 Mouclass - ok
12:05:03.0546 2448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:03.0687 2448 mouhid - ok
12:05:03.0953 2448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:03.0968 2448 MountMgr - ok
12:05:04.0390 2448 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:05:04.0437 2448 MpFilter - ok
12:05:04.0734 2448 mraid35x - ok
12:05:05.0156 2448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:05.0234 2448 MRxDAV - ok
12:05:05.0843 2448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:05.0984 2448 MRxSmb - ok
12:05:06.0421 2448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:05:06.0437 2448 Msfs - ok
12:05:06.0812 2448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:06.0812 2448 MSKSSRV - ok
12:05:06.0890 2448 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
12:05:07.0015 2448 msloop - ok
12:05:07.0218 2448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:07.0218 2448 MSPCLOCK - ok
12:05:07.0578 2448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:07.0593 2448 MSPQM - ok
12:05:07.0906 2448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:07.0937 2448 mssmbios - ok
12:05:08.0375 2448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:05:08.0421 2448 Mup - ok
12:05:08.0921 2448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:05:08.0968 2448 NDIS - ok
12:05:09.0359 2448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:09.0390 2448 NdisTapi - ok
12:05:09.0843 2448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:09.0843 2448 Ndisuio - ok
12:05:09.0984 2448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:10.0140 2448 NdisWan - ok
12:05:10.0359 2448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:10.0390 2448 NDProxy - ok
12:05:10.0703 2448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:10.0703 2448 NetBIOS - ok
12:05:11.0125 2448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:11.0171 2448 NetBT - ok
12:05:11.0687 2448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:05:11.0703 2448 Npfs - ok
12:05:12.0328 2448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:12.0500 2448 Ntfs - ok
12:05:12.0890 2448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:05:12.0921 2448 Null - ok
12:05:13.0359 2448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:13.0375 2448 NwlnkFlt - ok
12:05:13.0500 2448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:05:13.0546 2448 NwlnkFwd - ok
12:05:13.0828 2448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:05:13.0859 2448 Parport - ok
12:05:14.0234 2448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:05:14.0250 2448 PartMgr - ok
12:05:14.0593 2448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:05:14.0609 2448 ParVdm - ok
12:05:15.0031 2448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:05:15.0062 2448 PCI - ok
12:05:15.0359 2448 PCIDump - ok
12:05:15.0765 2448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
12:05:15.0781 2448 PCIIde - ok
12:05:16.0218 2448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:05:16.0250 2448 Pcmcia - ok
12:05:16.0562 2448 PDCOMP - ok
12:05:16.0734 2448 PDFRAME - ok
12:05:16.0781 2448 PDRELI - ok
12:05:16.0796 2448 PDRFRAME - ok
12:05:16.0812 2448 perc2 - ok
12:05:16.0843 2448 perc2hib - ok
12:05:16.0937 2448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:05:16.0953 2448 PptpMiniport - ok
12:05:17.0234 2448 PROCEXP151 - ok
12:05:17.0515 2448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:17.0531 2448 PSched - ok
12:05:17.0796 2448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:17.0828 2448 Ptilink - ok
12:05:18.0015 2448 ql1080 - ok
12:05:18.0390 2448 Ql10wnt - ok
12:05:18.0687 2448 ql12160 - ok
12:05:18.0984 2448 ql1240 - ok
12:05:19.0281 2448 ql1280 - ok
12:05:19.0640 2448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:19.0656 2448 RasAcd - ok
12:05:20.0000 2448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:20.0031 2448 Rasl2tp - ok
12:05:20.0171 2448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:20.0203 2448 RasPppoe - ok
12:05:20.0531 2448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:20.0531 2448 Raspti - ok
12:05:20.0890 2448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:20.0937 2448 Rdbss - ok
12:05:21.0343 2448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:21.0375 2448 RDPCDD - ok
12:05:21.0843 2448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:05:21.0890 2448 rdpdr - ok
12:05:22.0343 2448 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:22.0421 2448 RDPWD - ok
12:05:22.0796 2448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:22.0796 2448 redbook - ok
12:05:23.0187 2448 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:05:23.0203 2448 RFCOMM - ok
12:05:23.0531 2448 RTLWUSB (f162277dc3d052f2da9c6df85eec3630) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
12:05:23.0687 2448 RTLWUSB - ok
12:05:23.0859 2448 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:05:23.0890 2448 SASDIFSV - ok
12:05:24.0109 2448 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:05:24.0171 2448 SASKUTIL - ok
12:05:24.0546 2448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:05:24.0562 2448 Secdrv - ok
12:05:24.0984 2448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:05:25.0000 2448 serenum - ok
12:05:25.0500 2448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:05:25.0531 2448 Serial - ok
12:05:26.0015 2448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:05:26.0031 2448 Sfloppy - ok
12:05:26.0343 2448 Simbad - ok
12:05:26.0984 2448 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
12:05:27.0156 2448 smwdm - ok
12:05:27.0234 2448 Sparrow - ok
12:05:27.0359 2448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:05:27.0359 2448 splitter - ok
12:05:28.0046 2448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:05:28.0125 2448 sr - ok
12:05:28.0781 2448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:05:28.0906 2448 Srv - ok
12:05:29.0296 2448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:05:29.0312 2448 swenum - ok
12:05:29.0703 2448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:05:29.0734 2448 swmidi - ok
12:05:30.0093 2448 symc810 - ok
12:05:30.0343 2448 symc8xx - ok
12:05:30.0578 2448 sym_hi - ok
12:05:30.0953 2448 sym_u3 - ok
12:05:31.0421 2448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:31.0468 2448 sysaudio - ok
12:05:31.0937 2448 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
12:05:31.0953 2448 taphss - ok
12:05:32.0375 2448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:05:32.0531 2448 Tcpip - ok
12:05:32.0937 2448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:05:32.0953 2448 TDPIPE - ok
12:05:33.0281 2448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:05:33.0296 2448 TDTCP - ok
12:05:33.0687 2448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:05:33.0718 2448 TermDD - ok
12:05:34.0296 2448 TosIde - ok
12:05:34.0953 2448 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
12:05:34.0984 2448 tunmp - ok
12:05:35.0453 2448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:05:35.0453 2448 Udfs - ok
12:05:35.0546 2448 ultra - ok
12:05:35.0796 2448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:05:35.0843 2448 Update - ok
12:05:36.0234 2448 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:05:36.0250 2448 USBAAPL - ok
12:05:36.0625 2448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:05:36.0640 2448 usbehci - ok
12:05:37.0109 2448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:05:37.0125 2448 usbhub - ok
12:05:37.0656 2448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:05:37.0703 2448 usbscan - ok
12:05:38.0437 2448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:05:38.0453 2448 USBSTOR - ok
12:05:39.0015 2448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:05:39.0062 2448 usbuhci - ok
12:05:39.0656 2448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:05:39.0656 2448 VgaSave - ok
12:05:39.0796 2448 ViaIde - ok
12:05:40.0281 2448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:05:40.0328 2448 VolSnap - ok
12:05:40.0687 2448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:05:40.0703 2448 Wanarp - ok
12:05:40.0953 2448 wanatw - ok
12:05:41.0265 2448 WDICA - ok
12:05:41.0671 2448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:05:41.0703 2448 wdmaud - ok
12:05:42.0171 2448 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:05:42.0203 2448 WS2IFSL - ok
12:05:42.0921 2448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:05:43.0000 2448 WudfPf - ok
12:05:43.0421 2448 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:05:43.0453 2448 WudfRd - ok
12:05:43.0531 2448 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
12:05:43.0609 2448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:05:43.0609 2448 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:05:43.0609 2448 Boot (0x1200) (c2d2c0afe857ec7d0349367c06d55d9a) \Device\Harddisk0\DR0\Partition0
12:05:43.0609 2448 \Device\Harddisk0\DR0\Partition0 - ok
12:05:43.0625 2448 ============================================================
12:05:43.0625 2448 Scan finished
12:05:43.0625 2448 ============================================================
12:05:43.0640 0900 Detected object count: 1
12:05:43.0640 0900 Actual detected object count: 1
12:05:55.0609 0900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:05:55.0781 0900 \Device\Harddisk0\DR0 - ok
12:05:55.0781 0900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:06:01.0640 4024 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users