Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple redirects after SMART HDD removal


  • Please log in to reply
3 replies to this topic

#1 adon1s

adon1s

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 02 April 2012 - 06:03 PM

I recently was infected with SMART HDD, and was battling a Happili redirect for some time prior to the infection. I followed the removal steps for SMART HDD I found on your website, which removed the scareware, but still the SMART HDD reset a number of preferences which let to running a system restore. All preferences are now corrected but the Happili has now mutated into some other redirect. The redirect will do multiple things as in send us to "askthepros", "get-answers-fast", random websites, but most often it will just reload the page multiple times after clicking on a link. The re-load happens most often on google, and the redirects happen fairly evenly among IE, Firefox, and chrome.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:25 PM

Posted 02 April 2012 - 06:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 adon1s

adon1s
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 02 April 2012 - 08:33 PM

I have a 64 bit OS, so no GMER.

20:52:05.0348 5500 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
20:52:05.0691 5500 ============================================================
20:52:05.0691 5500 Current date / time: 2012/04/02 20:52:05.0691
20:52:05.0691 5500 SystemInfo:
20:52:05.0691 5500
20:52:05.0692 5500 OS Version: 6.1.7601 ServicePack: 1.0
20:52:05.0692 5500 Product type: Workstation
20:52:05.0692 5500 ComputerName: YAROSHERTEL-HP
20:52:05.0692 5500 UserName: yaroshertel
20:52:05.0692 5500 Windows directory: C:\Windows
20:52:05.0692 5500 System windows directory: C:\Windows
20:52:05.0692 5500 Running under WOW64
20:52:05.0692 5500 Processor architecture: Intel x64
20:52:05.0692 5500 Number of processors: 4
20:52:05.0692 5500 Page size: 0x1000
20:52:05.0692 5500 Boot type: Normal boot
20:52:05.0692 5500 ============================================================
20:52:06.0087 5500 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:52:06.0510 5500 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:52:06.0545 5500 \Device\Harddisk0\DR0:
20:52:06.0545 5500 MBR used
20:52:06.0545 5500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:52:06.0546 5500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72DE5000
20:52:06.0546 5500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72E17800, BlocksNum 0x18EA5B0
20:52:06.0546 5500 \Device\Harddisk1\DR1:
20:52:06.0546 5500 GPT used
20:52:06.0546 5500 \Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {7151BD19-6193-43FD-B799-DB6D39476A84}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
20:52:06.0546 5500 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {21C81131-8232-4F3C-94CF-2D6FB6A1F213}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
20:52:06.0627 5500 Initialize success
20:52:06.0627 5500 ============================================================
20:52:19.0905 4556 ============================================================
20:52:19.0905 4556 Scan started
20:52:19.0905 4556 Mode: Manual; TDLFS;
20:52:19.0905 4556 ============================================================
20:52:20.0251 4556 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:52:20.0254 4556 !SASCORE - ok
20:52:20.0361 4556 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:52:20.0364 4556 1394ohci - ok
20:52:20.0409 4556 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:52:20.0411 4556 ACPI - ok
20:52:20.0445 4556 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:52:20.0446 4556 AcpiPmi - ok
20:52:20.0528 4556 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:52:20.0529 4556 AdobeARMservice - ok
20:52:20.0566 4556 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:52:20.0570 4556 adp94xx - ok
20:52:20.0592 4556 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:52:20.0595 4556 adpahci - ok
20:52:20.0616 4556 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:52:20.0618 4556 adpu320 - ok
20:52:20.0638 4556 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:52:20.0639 4556 AeLookupSvc - ok
20:52:20.0683 4556 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:52:20.0688 4556 AFD - ok
20:52:20.0711 4556 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:52:20.0713 4556 agp440 - ok
20:52:20.0735 4556 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:52:20.0736 4556 ALG - ok
20:52:20.0761 4556 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:52:20.0762 4556 aliide - ok
20:52:20.0816 4556 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
20:52:20.0818 4556 AMD External Events Utility - ok
20:52:20.0841 4556 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:52:20.0842 4556 amdide - ok
20:52:20.0860 4556 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:52:20.0861 4556 AmdK8 - ok
20:52:21.0023 4556 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
20:52:21.0107 4556 amdkmdag - ok
20:52:21.0140 4556 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
20:52:21.0143 4556 amdkmdap - ok
20:52:21.0212 4556 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:52:21.0213 4556 AmdPPM - ok
20:52:21.0257 4556 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:52:21.0259 4556 amdsata - ok
20:52:21.0272 4556 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:52:21.0275 4556 amdsbs - ok
20:52:21.0297 4556 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:52:21.0298 4556 amdxata - ok
20:52:21.0327 4556 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:52:21.0329 4556 AppID - ok
20:52:21.0346 4556 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:52:21.0347 4556 AppIDSvc - ok
20:52:21.0379 4556 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:52:21.0380 4556 Appinfo - ok
20:52:21.0447 4556 Application Updater (a1f105cb15118f3d4aef799da40c08f9) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
20:52:21.0454 4556 Application Updater - ok
20:52:21.0515 4556 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:52:21.0517 4556 arc - ok
20:52:21.0530 4556 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:52:21.0531 4556 arcsas - ok
20:52:21.0620 4556 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:52:21.0634 4556 aspnet_state - ok
20:52:21.0651 4556 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:21.0652 4556 AsyncMac - ok
20:52:21.0701 4556 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:52:21.0702 4556 atapi - ok
20:52:21.0738 4556 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
20:52:21.0740 4556 AtiHdmiService - ok
20:52:21.0781 4556 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:52:21.0790 4556 AudioEndpointBuilder - ok
20:52:21.0805 4556 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:52:21.0808 4556 AudioSrv - ok
20:52:21.0843 4556 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:52:21.0845 4556 AxInstSV - ok
20:52:21.0873 4556 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:52:21.0878 4556 b06bdrv - ok
20:52:21.0898 4556 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:52:21.0902 4556 b57nd60a - ok
20:52:21.0946 4556 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:52:21.0947 4556 BDESVC - ok
20:52:21.0965 4556 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:52:21.0967 4556 Beep - ok
20:52:22.0025 4556 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:52:22.0035 4556 BFE - ok
20:52:22.0073 4556 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:52:22.0112 4556 BITS - ok
20:52:22.0130 4556 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:52:22.0136 4556 blbdrive - ok
20:52:22.0177 4556 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:52:22.0179 4556 bowser - ok
20:52:22.0206 4556 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:52:22.0208 4556 BrFiltLo - ok
20:52:22.0223 4556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:52:22.0224 4556 BrFiltUp - ok
20:52:22.0251 4556 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:52:22.0253 4556 Browser - ok
20:52:22.0276 4556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:52:22.0280 4556 Brserid - ok
20:52:22.0293 4556 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:52:22.0294 4556 BrSerWdm - ok
20:52:22.0315 4556 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:52:22.0316 4556 BrUsbMdm - ok
20:52:22.0330 4556 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:52:22.0331 4556 BrUsbSer - ok
20:52:22.0344 4556 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:52:22.0345 4556 BTHMODEM - ok
20:52:22.0366 4556 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:52:22.0367 4556 bthserv - ok
20:52:22.0403 4556 catchme - ok
20:52:22.0431 4556 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:52:22.0433 4556 cdfs - ok
20:52:22.0502 4556 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:52:22.0504 4556 cdrom - ok
20:52:22.0540 4556 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:52:22.0542 4556 CertPropSvc - ok
20:52:22.0614 4556 CinemaNow Service (ea3333db9ab03106eec0d6d9d487ed01) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
20:52:22.0621 4556 CinemaNow Service - ok
20:52:22.0640 4556 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:52:22.0642 4556 circlass - ok
20:52:22.0671 4556 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:52:22.0674 4556 CLFS - ok
20:52:22.0730 4556 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:22.0735 4556 clr_optimization_v2.0.50727_32 - ok
20:52:22.0777 4556 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:52:22.0782 4556 clr_optimization_v2.0.50727_64 - ok
20:52:22.0847 4556 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:52:22.0881 4556 clr_optimization_v4.0.30319_32 - ok
20:52:22.0924 4556 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:52:22.0942 4556 clr_optimization_v4.0.30319_64 - ok
20:52:22.0962 4556 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:22.0963 4556 CmBatt - ok
20:52:22.0993 4556 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:52:22.0995 4556 cmdide - ok
20:52:23.0031 4556 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:52:23.0037 4556 CNG - ok
20:52:23.0064 4556 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:52:23.0065 4556 Compbatt - ok
20:52:23.0104 4556 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:52:23.0105 4556 CompositeBus - ok
20:52:23.0119 4556 COMSysApp - ok
20:52:23.0147 4556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:52:23.0148 4556 crcdisk - ok
20:52:23.0178 4556 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:52:23.0181 4556 CryptSvc - ok
20:52:23.0255 4556 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:52:23.0257 4556 DAUpdaterSvc - ok
20:52:23.0313 4556 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:52:23.0322 4556 DcomLaunch - ok
20:52:23.0350 4556 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:52:23.0354 4556 defragsvc - ok
20:52:23.0397 4556 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:52:23.0399 4556 DfsC - ok
20:52:23.0417 4556 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:52:23.0422 4556 Dhcp - ok
20:52:23.0442 4556 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:52:23.0443 4556 discache - ok
20:52:23.0491 4556 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:52:23.0493 4556 Disk - ok
20:52:23.0520 4556 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:52:23.0524 4556 Dnscache - ok
20:52:23.0560 4556 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:52:23.0565 4556 dot3svc - ok
20:52:23.0597 4556 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:52:23.0600 4556 DPS - ok
20:52:23.0633 4556 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:52:23.0634 4556 drmkaud - ok
20:52:23.0675 4556 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:52:23.0679 4556 dtsoftbus01 - ok
20:52:23.0723 4556 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:52:23.0737 4556 DXGKrnl - ok
20:52:23.0759 4556 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:52:23.0762 4556 EapHost - ok
20:52:23.0840 4556 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:52:23.0868 4556 ebdrv - ok
20:52:23.0901 4556 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:52:23.0902 4556 EFS - ok
20:52:23.0941 4556 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:52:23.0951 4556 ehRecvr - ok
20:52:23.0980 4556 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:52:23.0982 4556 ehSched - ok
20:52:24.0014 4556 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:52:24.0021 4556 elxstor - ok
20:52:24.0060 4556 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:52:24.0061 4556 ErrDev - ok
20:52:24.0102 4556 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:52:24.0107 4556 EventSystem - ok
20:52:24.0146 4556 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:52:24.0150 4556 exfat - ok
20:52:24.0190 4556 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:52:24.0193 4556 fastfat - ok
20:52:24.0248 4556 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:52:24.0257 4556 Fax - ok
20:52:24.0288 4556 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:52:24.0289 4556 fdc - ok
20:52:24.0320 4556 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:52:24.0321 4556 fdPHost - ok
20:52:24.0333 4556 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:52:24.0334 4556 FDResPub - ok
20:52:24.0353 4556 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:52:24.0354 4556 FileInfo - ok
20:52:24.0370 4556 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:52:24.0371 4556 Filetrace - ok
20:52:24.0390 4556 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:52:24.0391 4556 flpydisk - ok
20:52:24.0412 4556 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:52:24.0415 4556 FltMgr - ok
20:52:24.0457 4556 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:52:24.0469 4556 FontCache - ok
20:52:24.0521 4556 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:52:24.0523 4556 FontCache3.0.0.0 - ok
20:52:24.0538 4556 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:52:24.0539 4556 FsDepends - ok
20:52:24.0564 4556 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:52:24.0565 4556 Fs_Rec - ok
20:52:24.0606 4556 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:52:24.0609 4556 fvevol - ok
20:52:24.0633 4556 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:52:24.0635 4556 gagp30kx - ok
20:52:24.0710 4556 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:52:24.0715 4556 GameConsoleService - ok
20:52:24.0757 4556 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:52:24.0768 4556 gpsvc - ok
20:52:24.0788 4556 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:52:24.0790 4556 hcw85cir - ok
20:52:24.0842 4556 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:52:24.0847 4556 HdAudAddService - ok
20:52:24.0898 4556 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:52:24.0900 4556 HDAudBus - ok
20:52:24.0936 4556 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:52:24.0938 4556 HECIx64 - ok
20:52:24.0955 4556 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:52:24.0956 4556 HidBatt - ok
20:52:24.0975 4556 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:52:24.0977 4556 HidBth - ok
20:52:24.0989 4556 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:52:24.0990 4556 HidIr - ok
20:52:25.0010 4556 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:52:25.0012 4556 hidserv - ok
20:52:25.0043 4556 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:52:25.0044 4556 HidUsb - ok
20:52:25.0072 4556 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:52:25.0074 4556 hkmsvc - ok
20:52:25.0112 4556 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:52:25.0115 4556 HomeGroupListener - ok
20:52:25.0132 4556 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:52:25.0134 4556 HomeGroupProvider - ok
20:52:25.0215 4556 HP Health Check Service (f859f81a4c3aa52fbd734434dafe1647) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:52:25.0217 4556 HP Health Check Service - ok
20:52:25.0295 4556 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:52:25.0300 4556 hpqwmiex - ok
20:52:25.0336 4556 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:52:25.0338 4556 HpSAMD - ok
20:52:25.0379 4556 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:52:25.0389 4556 HTTP - ok
20:52:25.0425 4556 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:52:25.0425 4556 hwpolicy - ok
20:52:25.0458 4556 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:52:25.0460 4556 i8042prt - ok
20:52:25.0500 4556 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
20:52:25.0505 4556 iaStor - ok
20:52:25.0569 4556 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:52:25.0572 4556 IAStorDataMgrSvc - ok
20:52:25.0615 4556 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:52:25.0621 4556 iaStorV - ok
20:52:25.0718 4556 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:52:25.0721 4556 IDriverT - ok
20:52:25.0806 4556 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:52:25.0819 4556 idsvc - ok
20:52:25.0852 4556 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:52:25.0853 4556 iirsp - ok
20:52:25.0898 4556 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:52:25.0910 4556 IKEEXT - ok
20:52:25.0982 4556 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
20:52:26.0013 4556 IntcAzAudAddService - ok
20:52:26.0035 4556 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:52:26.0036 4556 intelide - ok
20:52:26.0068 4556 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:52:26.0069 4556 intelppm - ok
20:52:26.0102 4556 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:52:26.0105 4556 IPBusEnum - ok
20:52:26.0143 4556 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:26.0145 4556 IpFilterDriver - ok
20:52:26.0171 4556 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:52:26.0181 4556 iphlpsvc - ok
20:52:26.0200 4556 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:52:26.0202 4556 IPMIDRV - ok
20:52:26.0225 4556 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:52:26.0227 4556 IPNAT - ok
20:52:26.0258 4556 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:52:26.0259 4556 IRENUM - ok
20:52:26.0282 4556 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:52:26.0283 4556 isapnp - ok
20:52:26.0304 4556 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:52:26.0307 4556 iScsiPrt - ok
20:52:26.0336 4556 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:52:26.0337 4556 kbdclass - ok
20:52:26.0365 4556 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:52:26.0366 4556 kbdhid - ok
20:52:26.0393 4556 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:26.0394 4556 KeyIso - ok
20:52:26.0407 4556 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:52:26.0409 4556 KSecDD - ok
20:52:26.0422 4556 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:52:26.0424 4556 KSecPkg - ok
20:52:26.0435 4556 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:52:26.0436 4556 ksthunk - ok
20:52:26.0473 4556 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:52:26.0478 4556 KtmRm - ok
20:52:26.0499 4556 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:52:26.0503 4556 LanmanServer - ok
20:52:26.0520 4556 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:52:26.0523 4556 LanmanWorkstation - ok
20:52:26.0585 4556 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:52:26.0588 4556 LightScribeService - ok
20:52:26.0624 4556 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:52:26.0625 4556 lltdio - ok
20:52:26.0643 4556 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:52:26.0648 4556 lltdsvc - ok
20:52:26.0667 4556 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:52:26.0669 4556 lmhosts - ok
20:52:26.0737 4556 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:52:26.0741 4556 LMS - ok
20:52:26.0780 4556 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:52:26.0782 4556 LSI_FC - ok
20:52:26.0799 4556 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:52:26.0801 4556 LSI_SAS - ok
20:52:26.0824 4556 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:52:26.0825 4556 LSI_SAS2 - ok
20:52:26.0844 4556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:52:26.0846 4556 LSI_SCSI - ok
20:52:26.0865 4556 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:52:26.0867 4556 luafv - ok
20:52:26.0892 4556 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:52:26.0895 4556 Mcx2Svc - ok
20:52:26.0914 4556 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:52:26.0916 4556 megasas - ok
20:52:26.0936 4556 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:52:26.0939 4556 MegaSR - ok
20:52:26.0963 4556 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:52:26.0965 4556 MMCSS - ok
20:52:26.0989 4556 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:52:26.0990 4556 Modem - ok
20:52:27.0014 4556 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:52:27.0015 4556 monitor - ok
20:52:27.0033 4556 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:52:27.0034 4556 mouclass - ok
20:52:27.0043 4556 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:52:27.0044 4556 mouhid - ok
20:52:27.0086 4556 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:52:27.0088 4556 mountmgr - ok
20:52:27.0115 4556 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:52:27.0118 4556 mpio - ok
20:52:27.0142 4556 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:52:27.0144 4556 mpsdrv - ok
20:52:27.0206 4556 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:52:27.0219 4556 MpsSvc - ok
20:52:27.0254 4556 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:52:27.0257 4556 MRxDAV - ok
20:52:27.0291 4556 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:27.0295 4556 mrxsmb - ok
20:52:27.0325 4556 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:27.0330 4556 mrxsmb10 - ok
20:52:27.0345 4556 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:27.0348 4556 mrxsmb20 - ok
20:52:27.0381 4556 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:52:27.0382 4556 msahci - ok
20:52:27.0406 4556 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:52:27.0409 4556 msdsm - ok
20:52:27.0435 4556 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:52:27.0439 4556 MSDTC - ok
20:52:27.0472 4556 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:52:27.0474 4556 Msfs - ok
20:52:27.0497 4556 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:52:27.0498 4556 mshidkmdf - ok
20:52:27.0508 4556 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:52:27.0510 4556 msisadrv - ok
20:52:27.0547 4556 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:52:27.0551 4556 MSiSCSI - ok
20:52:27.0559 4556 msiserver - ok
20:52:27.0593 4556 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:52:27.0594 4556 MSKSSRV - ok
20:52:27.0607 4556 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:27.0608 4556 MSPCLOCK - ok
20:52:27.0623 4556 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:52:27.0624 4556 MSPQM - ok
20:52:27.0652 4556 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:52:27.0656 4556 MsRPC - ok
20:52:27.0688 4556 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:52:27.0689 4556 mssmbios - ok
20:52:27.0771 4556 MSSQL$BWDATOOLSET - ok
20:52:27.0831 4556 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:52:27.0846 4556 MSSQLServerADHelper - ok
20:52:27.0866 4556 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:52:27.0868 4556 MSTEE - ok
20:52:27.0886 4556 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:52:27.0887 4556 MTConfig - ok
20:52:27.0908 4556 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:52:27.0909 4556 Mup - ok
20:52:27.0949 4556 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:52:27.0956 4556 napagent - ok
20:52:27.0992 4556 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:52:27.0996 4556 NativeWifiP - ok
20:52:28.0055 4556 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:52:28.0067 4556 NDIS - ok
20:52:28.0086 4556 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:52:28.0087 4556 NdisCap - ok
20:52:28.0115 4556 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:28.0116 4556 NdisTapi - ok
20:52:28.0147 4556 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:28.0148 4556 Ndisuio - ok
20:52:28.0179 4556 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:28.0182 4556 NdisWan - ok
20:52:28.0213 4556 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:52:28.0215 4556 NDProxy - ok
20:52:28.0226 4556 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:52:28.0228 4556 NetBIOS - ok
20:52:28.0247 4556 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:52:28.0250 4556 NetBT - ok
20:52:28.0306 4556 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:28.0307 4556 Netlogon - ok
20:52:28.0337 4556 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:52:28.0343 4556 Netman - ok
20:52:28.0415 4556 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:28.0431 4556 NetMsmqActivator - ok
20:52:28.0450 4556 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:28.0452 4556 NetPipeActivator - ok
20:52:28.0481 4556 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:52:28.0489 4556 netprofm - ok
20:52:28.0508 4556 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:28.0510 4556 NetTcpActivator - ok
20:52:28.0516 4556 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:28.0518 4556 NetTcpPortSharing - ok
20:52:28.0545 4556 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:52:28.0547 4556 nfrd960 - ok
20:52:28.0576 4556 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:52:28.0582 4556 NlaSvc - ok
20:52:28.0669 4556 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
20:52:28.0694 4556 NOBU - ok
20:52:28.0709 4556 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:52:28.0710 4556 Npfs - ok
20:52:28.0737 4556 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:52:28.0739 4556 nsi - ok
20:52:28.0751 4556 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:52:28.0751 4556 nsiproxy - ok
20:52:28.0807 4556 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:52:28.0826 4556 Ntfs - ok
20:52:28.0839 4556 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:52:28.0840 4556 Null - ok
20:52:29.0037 4556 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:52:29.0142 4556 nvlddmkm - ok
20:52:29.0191 4556 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:52:29.0194 4556 nvraid - ok
20:52:29.0211 4556 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:52:29.0214 4556 nvstor - ok
20:52:29.0265 4556 NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe
20:52:29.0280 4556 NVSvc - ok
20:52:29.0323 4556 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:52:29.0325 4556 nv_agp - ok
20:52:29.0354 4556 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:52:29.0356 4556 ohci1394 - ok
20:52:29.0425 4556 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:52:29.0428 4556 ose - ok
20:52:29.0458 4556 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:52:29.0465 4556 p2pimsvc - ok
20:52:29.0502 4556 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:52:29.0509 4556 p2psvc - ok
20:52:29.0536 4556 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:52:29.0538 4556 Parport - ok
20:52:29.0570 4556 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:52:29.0572 4556 partmgr - ok
20:52:29.0596 4556 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:52:29.0600 4556 PcaSvc - ok
20:52:29.0620 4556 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:52:29.0622 4556 pci - ok
20:52:29.0653 4556 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:52:29.0654 4556 pciide - ok
20:52:29.0674 4556 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:52:29.0678 4556 pcmcia - ok
20:52:29.0700 4556 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:52:29.0702 4556 pcw - ok
20:52:29.0727 4556 pdfcDispatcher - ok
20:52:29.0755 4556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:52:29.0764 4556 PEAUTH - ok
20:52:29.0799 4556 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:52:29.0801 4556 PerfHost - ok
20:52:29.0858 4556 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:52:29.0873 4556 pla - ok
20:52:29.0918 4556 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:52:29.0923 4556 PlugPlay - ok
20:52:29.0951 4556 PnkBstrA - ok
20:52:29.0983 4556 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:52:29.0987 4556 PNRPAutoReg - ok
20:52:30.0001 4556 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:52:30.0005 4556 PNRPsvc - ok
20:52:30.0033 4556 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:52:30.0040 4556 PolicyAgent - ok
20:52:30.0065 4556 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:52:30.0069 4556 Power - ok
20:52:30.0099 4556 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:52:30.0101 4556 PptpMiniport - ok
20:52:30.0121 4556 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:52:30.0122 4556 Processor - ok
20:52:30.0158 4556 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:52:30.0163 4556 ProfSvc - ok
20:52:30.0210 4556 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:30.0212 4556 ProtectedStorage - ok
20:52:30.0256 4556 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:52:30.0259 4556 Psched - ok
20:52:30.0312 4556 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:52:30.0333 4556 ql2300 - ok
20:52:30.0360 4556 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:52:30.0363 4556 ql40xx - ok
20:52:30.0403 4556 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:52:30.0408 4556 QWAVE - ok
20:52:30.0428 4556 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:52:30.0430 4556 QWAVEdrv - ok
20:52:30.0448 4556 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:52:30.0449 4556 RasAcd - ok
20:52:30.0475 4556 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:52:30.0476 4556 RasAgileVpn - ok
20:52:30.0490 4556 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:52:30.0493 4556 RasAuto - ok
20:52:30.0519 4556 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:30.0522 4556 Rasl2tp - ok
20:52:30.0567 4556 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:52:30.0574 4556 RasMan - ok
20:52:30.0603 4556 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:30.0606 4556 RasPppoe - ok
20:52:30.0619 4556 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:52:30.0621 4556 RasSstp - ok
20:52:30.0643 4556 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:52:30.0647 4556 rdbss - ok
20:52:30.0669 4556 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:52:30.0670 4556 rdpbus - ok
20:52:30.0689 4556 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:30.0689 4556 RDPCDD - ok
20:52:30.0708 4556 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:52:30.0708 4556 RDPENCDD - ok
20:52:30.0720 4556 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:52:30.0720 4556 RDPREFMP - ok
20:52:30.0746 4556 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:52:30.0749 4556 RDPWD - ok
20:52:30.0783 4556 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:52:30.0786 4556 rdyboost - ok
20:52:30.0815 4556 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:52:30.0818 4556 RemoteAccess - ok
20:52:30.0839 4556 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:52:30.0843 4556 RemoteRegistry - ok
20:52:30.0857 4556 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:52:30.0860 4556 RpcEptMapper - ok
20:52:30.0874 4556 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:52:30.0876 4556 RpcLocator - ok
20:52:30.0913 4556 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:52:30.0917 4556 RpcSs - ok
20:52:30.0937 4556 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:52:30.0939 4556 rspndr - ok
20:52:30.0978 4556 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:52:30.0982 4556 RTL8167 - ok
20:52:31.0015 4556 SaiK0CCB (7449b5949bb85742cdf247be7f9b653a) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
20:52:31.0018 4556 SaiK0CCB - ok
20:52:31.0060 4556 SaiMini (4b6dd6826cee2342a86e375cc0183ab0) C:\Windows\system32\DRIVERS\SaiMini.sys
20:52:31.0062 4556 SaiMini - ok
20:52:31.0089 4556 SaiNtBus (b2d3a1e5818a51f4691e44a3cb6aff42) C:\Windows\system32\drivers\SaiBus.sys
20:52:31.0091 4556 SaiNtBus - ok
20:52:31.0130 4556 SaiU0CCB (325f2aab1df5f37d6aee3c1db1d9fee1) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
20:52:31.0136 4556 SaiU0CCB - ok
20:52:31.0170 4556 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:31.0172 4556 SamSs - ok
20:52:31.0273 4556 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:52:31.0274 4556 SASDIFSV - ok
20:52:31.0297 4556 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:52:31.0298 4556 SASKUTIL - ok
20:52:31.0333 4556 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:52:31.0336 4556 sbp2port - ok
20:52:31.0362 4556 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:52:31.0367 4556 SCardSvr - ok
20:52:31.0395 4556 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
20:52:31.0398 4556 SCDEmu - ok
20:52:31.0435 4556 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:52:31.0437 4556 scfilter - ok
20:52:31.0487 4556 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:52:31.0503 4556 Schedule - ok
20:52:31.0540 4556 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:52:31.0541 4556 SCPolicySvc - ok
20:52:31.0558 4556 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:52:31.0563 4556 SDRSVC - ok
20:52:31.0583 4556 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:52:31.0584 4556 secdrv - ok
20:52:31.0617 4556 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:52:31.0620 4556 seclogon - ok
20:52:31.0647 4556 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:52:31.0651 4556 SENS - ok
20:52:31.0673 4556 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:52:31.0676 4556 SensrSvc - ok
20:52:31.0714 4556 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
20:52:31.0717 4556 Sentinel64 - ok
20:52:31.0800 4556 SentinelKeysServer (a9eeb7b09b898a53ec8b7063b923ac32) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
20:52:31.0804 4556 SentinelKeysServer - ok
20:52:31.0843 4556 SentinelProtectionServer (fd8723219c907c7ab753c93334fa4610) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
20:52:31.0847 4556 SentinelProtectionServer - ok
20:52:31.0870 4556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:52:31.0871 4556 Serenum - ok
20:52:31.0893 4556 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:52:31.0895 4556 Serial - ok
20:52:31.0933 4556 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:52:31.0935 4556 sermouse - ok
20:52:31.0971 4556 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:52:31.0974 4556 SessionEnv - ok
20:52:32.0001 4556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:52:32.0002 4556 sffdisk - ok
20:52:32.0025 4556 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:52:32.0026 4556 sffp_mmc - ok
20:52:32.0043 4556 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:52:32.0045 4556 sffp_sd - ok
20:52:32.0072 4556 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:52:32.0072 4556 sfloppy - ok
20:52:32.0105 4556 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:52:32.0109 4556 SharedAccess - ok
20:52:32.0148 4556 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:52:32.0155 4556 ShellHWDetection - ok
20:52:32.0203 4556 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:52:32.0205 4556 SiSRaid2 - ok
20:52:32.0224 4556 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:52:32.0226 4556 SiSRaid4 - ok
20:52:32.0254 4556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:52:32.0256 4556 Smb - ok
20:52:32.0294 4556 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:52:32.0297 4556 SNMPTRAP - ok
20:52:32.0323 4556 SNTUSB64 (b3d47be53a032eb8cd0a9b77d946dc19) C:\Windows\system32\DRIVERS\SNTUSB64.SYS
20:52:32.0325 4556 SNTUSB64 - ok
20:52:32.0342 4556 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:52:32.0344 4556 spldr - ok
20:52:32.0370 4556 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:52:32.0379 4556 Spooler - ok
20:52:32.0458 4556 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:52:32.0492 4556 sppsvc - ok
20:52:32.0514 4556 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:52:32.0517 4556 sppuinotify - ok
20:52:32.0598 4556 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:52:32.0602 4556 SQLBrowser - ok
20:52:32.0657 4556 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:52:32.0660 4556 SQLWriter - ok
20:52:32.0702 4556 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:52:32.0709 4556 srv - ok
20:52:32.0737 4556 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:52:32.0744 4556 srv2 - ok
20:52:32.0765 4556 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:52:32.0768 4556 srvnet - ok
20:52:32.0802 4556 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:52:32.0807 4556 SSDPSRV - ok
20:52:32.0824 4556 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:52:32.0828 4556 SstpSvc - ok
20:52:32.0889 4556 Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:52:32.0895 4556 Stereo Service - ok
20:52:32.0920 4556 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:52:32.0921 4556 stexstor - ok
20:52:32.0980 4556 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:52:32.0990 4556 stisvc - ok
20:52:33.0020 4556 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:52:33.0021 4556 swenum - ok
20:52:33.0049 4556 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:52:33.0059 4556 swprv - ok
20:52:33.0122 4556 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:52:33.0151 4556 SysMain - ok
20:52:33.0185 4556 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:52:33.0189 4556 TabletInputService - ok
20:52:33.0207 4556 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:52:33.0214 4556 TapiSrv - ok
20:52:33.0236 4556 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:52:33.0240 4556 TBS - ok
20:52:33.0305 4556 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:52:33.0331 4556 Tcpip - ok
20:52:33.0381 4556 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:52:33.0397 4556 TCPIP6 - ok
20:52:33.0434 4556 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:52:33.0436 4556 tcpipreg - ok
20:52:33.0462 4556 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:52:33.0463 4556 TDPIPE - ok
20:52:33.0489 4556 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:52:33.0490 4556 TDTCP - ok
20:52:33.0540 4556 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:52:33.0543 4556 tdx - ok
20:52:33.0559 4556 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:52:33.0561 4556 TermDD - ok
20:52:33.0591 4556 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:52:33.0600 4556 TermService - ok
20:52:33.0612 4556 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:52:33.0615 4556 Themes - ok
20:52:33.0645 4556 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:52:33.0647 4556 THREADORDER - ok
20:52:33.0664 4556 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:52:33.0668 4556 TrkWks - ok
20:52:33.0692 4556 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:52:33.0695 4556 TrustedInstaller - ok
20:52:33.0733 4556 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:33.0734 4556 tssecsrv - ok
20:52:33.0754 4556 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:52:33.0756 4556 TsUsbFlt - ok
20:52:33.0798 4556 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:52:33.0801 4556 tunnel - ok
20:52:33.0818 4556 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:52:33.0820 4556 uagp35 - ok
20:52:33.0844 4556 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:52:33.0849 4556 udfs - ok
20:52:33.0870 4556 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:52:33.0873 4556 UI0Detect - ok
20:52:33.0900 4556 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:52:33.0902 4556 uliagpkx - ok
20:52:33.0933 4556 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:52:33.0934 4556 umbus - ok
20:52:33.0950 4556 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:52:33.0951 4556 UmPass - ok
20:52:34.0060 4556 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:52:34.0088 4556 UNS - ok
20:52:34.0103 4556 Updater Service for StartNow Toolbar - ok
20:52:34.0138 4556 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:52:34.0144 4556 upnphost - ok
20:52:34.0199 4556 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:34.0201 4556 usbccgp - ok
20:52:34.0240 4556 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:52:34.0243 4556 usbcir - ok
20:52:34.0262 4556 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:52:34.0263 4556 usbehci - ok
20:52:34.0282 4556 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:52:34.0287 4556 usbhub - ok
20:52:34.0308 4556 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:52:34.0310 4556 usbohci - ok
20:52:34.0351 4556 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:52:34.0352 4556 usbprint - ok
20:52:34.0384 4556 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:52:34.0386 4556 usbscan - ok
20:52:34.0422 4556 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:34.0424 4556 USBSTOR - ok
20:52:34.0449 4556 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:52:34.0451 4556 usbuhci - ok
20:52:34.0474 4556 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:52:34.0477 4556 UxSms - ok
20:52:34.0515 4556 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:52:34.0517 4556 VaultSvc - ok
20:52:34.0551 4556 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:52:34.0553 4556 vdrvroot - ok
20:52:34.0592 4556 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:52:34.0601 4556 vds - ok
20:52:34.0629 4556 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:34.0630 4556 vga - ok
20:52:34.0654 4556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:52:34.0655 4556 VgaSave - ok
20:52:34.0686 4556 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:52:34.0689 4556 vhdmp - ok
20:52:34.0704 4556 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:52:34.0706 4556 viaide - ok
20:52:34.0731 4556 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:52:34.0733 4556 volmgr - ok
20:52:34.0771 4556 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:52:34.0776 4556 volmgrx - ok
20:52:34.0797 4556 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:52:34.0802 4556 volsnap - ok
20:52:34.0822 4556 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:52:34.0825 4556 vsmraid - ok
20:52:34.0869 4556 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:52:34.0884 4556 VSS - ok
20:52:34.0901 4556 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:52:34.0902 4556 vwifibus - ok
20:52:34.0931 4556 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:52:34.0936 4556 W32Time - ok
20:52:34.0950 4556 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:52:34.0951 4556 WacomPen - ok
20:52:34.0963 4556 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:34.0964 4556 WANARP - ok
20:52:34.0968 4556 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:34.0968 4556 Wanarpv6 - ok
20:52:35.0019 4556 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:52:35.0031 4556 WatAdminSvc - ok
20:52:35.0076 4556 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:52:35.0096 4556 wbengine - ok
20:52:35.0117 4556 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:52:35.0121 4556 WbioSrvc - ok
20:52:35.0146 4556 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:52:35.0151 4556 wcncsvc - ok
20:52:35.0185 4556 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:52:35.0187 4556 WcsPlugInService - ok
20:52:35.0210 4556 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:52:35.0211 4556 Wd - ok
20:52:35.0240 4556 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:52:35.0247 4556 Wdf01000 - ok
20:52:35.0261 4556 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:52:35.0264 4556 WdiServiceHost - ok
20:52:35.0267 4556 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:52:35.0269 4556 WdiSystemHost - ok
20:52:35.0306 4556 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:52:35.0312 4556 WebClient - ok
20:52:35.0332 4556 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:52:35.0339 4556 Wecsvc - ok
20:52:35.0354 4556 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:52:35.0358 4556 wercplsupport - ok
20:52:35.0385 4556 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:52:35.0389 4556 WerSvc - ok
20:52:35.0410 4556 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:52:35.0411 4556 WfpLwf - ok
20:52:35.0427 4556 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:52:35.0429 4556 WIMMount - ok
20:52:35.0462 4556 WinDefend - ok
20:52:35.0474 4556 WinHttpAutoProxySvc - ok
20:52:35.0517 4556 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:52:35.0521 4556 Winmgmt - ok
20:52:35.0570 4556 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:52:35.0597 4556 WinRM - ok
20:52:35.0639 4556 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:52:35.0641 4556 WinUsb - ok
20:52:35.0673 4556 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:52:35.0687 4556 Wlansvc - ok
20:52:35.0792 4556 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:52:35.0817 4556 wlidsvc - ok
20:52:35.0859 4556 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:52:35.0860 4556 WmiAcpi - ok
20:52:35.0887 4556 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:52:35.0890 4556 wmiApSrv - ok
20:52:35.0900 4556 WMPNetworkSvc - ok
20:52:35.0928 4556 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:52:35.0931 4556 WPCSvc - ok
20:52:35.0957 4556 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:52:35.0960 4556 WPDBusEnum - ok
20:52:35.0977 4556 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:52:35.0978 4556 ws2ifsl - ok
20:52:35.0996 4556 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:52:35.0998 4556 wscsvc - ok
20:52:36.0006 4556 WSearch - ok
20:52:36.0053 4556 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:52:36.0078 4556 wuauserv - ok
20:52:36.0114 4556 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:52:36.0117 4556 WudfPf - ok
20:52:36.0151 4556 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:36.0155 4556 WUDFRd - ok
20:52:36.0189 4556 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:52:36.0193 4556 wudfsvc - ok
20:52:36.0234 4556 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:52:36.0241 4556 WwanSvc - ok
20:52:36.0258 4556 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
20:52:36.0285 4556 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:52:36.0285 4556 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:52:36.0311 4556 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:52:36.0311 4556 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:52:36.0316 4556 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:52:36.0898 4556 \Device\Harddisk1\DR1 - ok
20:52:36.0927 4556 Boot (0x1200) (5ecfd499b3a0724139301ed05b613676) \Device\Harddisk0\DR0\Partition0
20:52:36.0929 4556 \Device\Harddisk0\DR0\Partition0 - ok
20:52:36.0941 4556 Boot (0x1200) (e176f49b15845ac244d7fb0867f37d0c) \Device\Harddisk0\DR0\Partition1
20:52:36.0942 4556 \Device\Harddisk0\DR0\Partition1 - ok
20:52:36.0970 4556 Boot (0x1200) (e69c573170a16d7d72655af24e5ee479) \Device\Harddisk0\DR0\Partition2
20:52:36.0972 4556 \Device\Harddisk0\DR0\Partition2 - ok
20:52:36.0975 4556 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR1\Partition0
20:52:36.0975 4556 \Device\Harddisk1\DR1\Partition0 - ok
20:52:37.0018 4556 Boot (0x1200) (9547a2b7c12bdf23dec02b365582d039) \Device\Harddisk1\DR1\Partition1
20:52:37.0020 4556 \Device\Harddisk1\DR1\Partition1 - ok
20:52:37.0021 4556 ============================================================
20:52:37.0021 4556 Scan finished
20:52:37.0021 4556 ============================================================
20:52:37.0036 7940 Detected object count: 2
20:52:37.0036 7940 Actual detected object count: 2
20:52:57.0303 7940 \Device\Harddisk0\DR0\# - copied to quarantine
20:52:57.0304 7940 \Device\Harddisk0\DR0 - copied to quarantine
20:52:57.0318 7940 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:52:57.0320 7940 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:52:57.0322 7940 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:52:57.0327 7940 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:52:57.0331 7940 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:52:57.0331 7940 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:52:57.0332 7940 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:52:57.0333 7940 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:52:57.0333 7940 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:52:57.0334 7940 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:52:57.0335 7940 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:52:57.0356 7940 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:52:57.0360 7940 \Device\Harddisk0\DR0 - ok
20:52:57.0485 7940 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
20:52:57.0492 7940 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:52:57.0495 7940 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:52:57.0498 7940 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:52:57.0505 7940 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:52:57.0510 7940 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:52:57.0511 7940 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:52:57.0512 7940 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:52:57.0513 7940 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:52:57.0515 7940 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:52:57.0517 7940 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:52:57.0518 7940 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:52:57.0518 7940 \Device\Harddisk0\DR0\TDLFS - deleted
20:52:57.0518 7940 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 21:15:39
-----------------------------
21:15:39.474 OS Version: Windows x64 6.1.7601 Service Pack 1
21:15:39.474 Number of processors: 4 586 0x1E05
21:15:39.474 ComputerName: YAROSHERTEL-HP UserName: yaroshertel
21:15:40.160 Initialize success
21:16:20.389 AVAST engine defs: 12040201
21:16:27.768 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:16:27.768 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 8
21:16:27.783 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
21:16:27.783 Disk 1 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 8
21:16:27.799 Disk 0 MBR read successfully
21:16:27.814 Disk 0 MBR scan
21:16:27.814 Disk 0 Windows 7 default MBR code
21:16:27.830 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:16:27.846 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941002 MB offset 206848
21:16:27.877 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12756 MB offset 1927378944
21:16:27.908 Disk 0 scanning C:\Windows\system32\drivers
21:16:36.114 Service scanning
21:16:52.743 Modules scanning
21:16:52.759 Disk 0 trace - called modules:
21:16:52.774 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:16:52.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800630d060]
21:16:52.790 3 CLASSPNP.SYS[fffff88001b8543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005fc2050]
21:16:53.570 AVAST engine scan C:\Windows
21:16:55.801 AVAST engine scan C:\Windows\system32
21:18:04.210 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
21:18:05.692 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
21:18:41.244 AVAST engine scan C:\Windows\system32\drivers
21:18:49.621 AVAST engine scan C:\Users\yaroshertel
21:30:33.696 AVAST engine scan C:\ProgramData
21:32:09.699 Scan finished successfully
21:32:57.232 Disk 0 MBR has been saved successfully to "C:\Users\yaroshertel\Desktop\MBR.dat"
21:32:57.247 The log file has been saved successfully to "C:\Users\yaroshertel\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:25 PM

Posted 02 April 2012 - 08:44 PM

We need advanced tools to remove this infection

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users