Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost trojan removal


  • Please log in to reply
6 replies to this topic

#1 Theebs

Theebs

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 15 April 2012 - 12:50 AM

Hi, I have seemed to picked up this trojan that malwarebytes can not get rid of, it just shows back up after every scan-delete-reboot.

So I need some help, this is my work computer and I need to solve this fast.....NOt sure how I got it either which is a bigger problem...

anyway here is my last mbam log...

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: MEDIACOMPOSER [administrator]

4/15/2012 12:21:19 AM
mbam-log-2012-04-15 (00-21-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211837
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1516 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


and here is the first one that had 10 hits....rebooted and then only have the 2 above..

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: MEDIACOMPOSER [administrator]

4/15/2012 12:08:48 AM
mbam-log-2012-04-15 (00-08-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211788
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Detected: 2
C:\ProgramData\QkqnRvQCEE.exe (Trojan.Agent) -> 2620 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 3412 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QkqnRvQCEE.exe (Trojan.Agent) -> Data: C:\ProgramData\QkqnRvQCEE.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\ProgramData\QkqnRvQCEE.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\Temp\gcpxemihceavbwaoweqqr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\lniawatsmxvvwlywgcbdgqfav.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\urqatzfoptoe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

BC AdBot (Login to Remove)

 


#2 Theebs

Theebs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 15 April 2012 - 12:58 AM

just ran malwarebytes again...and the two keeping showing up

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: MEDIACOMPOSER [administrator]

4/15/2012 12:55:49 AM
mbam-log-2012-04-15 (00-55-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213018
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3264 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:37 AM

Posted 15 April 2012 - 10:45 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 15 April 2012 - 10:45 AM.


#4 Theebs

Theebs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 15 April 2012 - 11:09 AM

tdskiller log

11:07:02.0931 3516 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:07:03.0368 3516 ============================================================
11:07:03.0368 3516 Current date / time: 2012/04/15 11:07:03.0368
11:07:03.0368 3516 SystemInfo:
11:07:03.0368 3516
11:07:03.0368 3516 OS Version: 6.1.7600 ServicePack: 0.0
11:07:03.0368 3516 Product type: Workstation
11:07:03.0368 3516 ComputerName: MEDIACOMPOSER
11:07:03.0368 3516 UserName: Administrator
11:07:03.0368 3516 Windows directory: C:\Windows
11:07:03.0368 3516 System windows directory: C:\Windows
11:07:03.0368 3516 Running under WOW64
11:07:03.0368 3516 Processor architecture: Intel x64
11:07:03.0368 3516 Number of processors: 8
11:07:03.0368 3516 Page size: 0x1000
11:07:03.0368 3516 Boot type: Normal boot
11:07:03.0368 3516 ============================================================
11:07:05.0630 3516 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:05.0645 3516 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:05.0661 3516 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:05.0661 3516 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:05.0661 3516 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:05.0677 3516 \Device\Harddisk0\DR0:
11:07:05.0677 3516 MBR used
11:07:05.0677 3516 \Device\Harddisk1\DR1:
11:07:05.0677 3516 MBR used
11:07:05.0677 3516 \Device\Harddisk2\DR2:
11:07:05.0677 3516 MBR used
11:07:05.0677 3516 \Device\Harddisk3\DR3:
11:07:05.0677 3516 MBR used
11:07:05.0677 3516 \Device\Harddisk4\DR4:
11:07:05.0677 3516 MBR used
11:07:05.0677 3516 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:07:05.0677 3516 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
11:07:05.0708 3516 Initialize success
11:07:05.0708 3516 ============================================================
11:07:18.0718 4704 ============================================================
11:07:18.0718 4704 Scan started
11:07:18.0718 4704 Mode: Manual; TDLFS;
11:07:18.0718 4704 ============================================================
11:07:21.0074 4704 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:07:21.0074 4704 1394ohci - ok
11:07:21.0121 4704 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
11:07:21.0121 4704 61883 - ok
11:07:21.0136 4704 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:07:21.0136 4704 ACPI - ok
11:07:21.0167 4704 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:07:21.0167 4704 AcpiPmi - ok
11:07:21.0214 4704 ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys
11:07:21.0214 4704 ADIHdAudAddService - ok
11:07:21.0292 4704 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:07:21.0292 4704 AdobeFlashPlayerUpdateSvc - ok
11:07:21.0323 4704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:07:21.0323 4704 adp94xx - ok
11:07:21.0339 4704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:07:21.0339 4704 adpahci - ok
11:07:21.0355 4704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:07:21.0355 4704 adpu320 - ok
11:07:21.0386 4704 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
11:07:21.0386 4704 AEADIFilters - ok
11:07:21.0401 4704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:07:21.0401 4704 AeLookupSvc - ok
11:07:21.0433 4704 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
11:07:21.0433 4704 AFD - ok
11:07:21.0448 4704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:07:21.0448 4704 agp440 - ok
11:07:21.0464 4704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:07:21.0464 4704 ALG - ok
11:07:21.0479 4704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:07:21.0479 4704 aliide - ok
11:07:21.0495 4704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:07:21.0495 4704 amdide - ok
11:07:21.0495 4704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:07:21.0511 4704 AmdK8 - ok
11:07:21.0542 4704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:07:21.0542 4704 AmdPPM - ok
11:07:21.0557 4704 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
11:07:21.0557 4704 amdsata - ok
11:07:21.0573 4704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:07:21.0589 4704 amdsbs - ok
11:07:21.0589 4704 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
11:07:21.0604 4704 amdxata - ok
11:07:21.0604 4704 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:07:21.0604 4704 AppID - ok
11:07:21.0635 4704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:07:21.0635 4704 AppIDSvc - ok
11:07:21.0651 4704 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
11:07:21.0651 4704 Appinfo - ok
11:07:21.0682 4704 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:07:21.0682 4704 AppMgmt - ok
11:07:21.0698 4704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:07:21.0698 4704 arc - ok
11:07:21.0713 4704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:07:21.0729 4704 arcsas - ok
11:07:21.0760 4704 AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
11:07:21.0760 4704 AsIO - ok
11:07:21.0791 4704 Aspi32 - ok
11:07:21.0807 4704 aspnet_state - ok
11:07:21.0823 4704 AsSysCtrlService (798a87b2d7ad73b16b7cd968c5d1f18f) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
11:07:21.0838 4704 AsSysCtrlService - ok
11:07:21.0854 4704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:07:21.0854 4704 AsyncMac - ok
11:07:21.0869 4704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:07:21.0869 4704 atapi - ok
11:07:21.0901 4704 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:07:21.0901 4704 AudioEndpointBuilder - ok
11:07:21.0916 4704 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:07:21.0916 4704 AudioSrv - ok
11:07:21.0963 4704 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
11:07:21.0963 4704 Avc - ok
11:07:21.0979 4704 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
11:07:21.0979 4704 AxInstSV - ok
11:07:22.0010 4704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:07:22.0010 4704 b06bdrv - ok
11:07:22.0025 4704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:07:22.0025 4704 b57nd60a - ok
11:07:22.0041 4704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:07:22.0041 4704 BDESVC - ok
11:07:22.0057 4704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:07:22.0057 4704 Beep - ok
11:07:22.0088 4704 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
11:07:22.0088 4704 BITS - ok
11:07:22.0103 4704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:07:22.0103 4704 blbdrive - ok
11:07:22.0119 4704 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
11:07:22.0119 4704 bowser - ok
11:07:22.0135 4704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:07:22.0135 4704 BrFiltLo - ok
11:07:22.0135 4704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:07:22.0135 4704 BrFiltUp - ok
11:07:22.0166 4704 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
11:07:22.0166 4704 Browser - ok
11:07:22.0181 4704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:07:22.0197 4704 Brserid - ok
11:07:22.0197 4704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:07:22.0197 4704 BrSerWdm - ok
11:07:22.0213 4704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:07:22.0213 4704 BrUsbMdm - ok
11:07:22.0213 4704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:07:22.0213 4704 BrUsbSer - ok
11:07:22.0228 4704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:07:22.0228 4704 BTHMODEM - ok
11:07:22.0244 4704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:07:22.0244 4704 bthserv - ok
11:07:22.0259 4704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:07:22.0259 4704 cdfs - ok
11:07:22.0275 4704 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:07:22.0275 4704 cdrom - ok
11:07:22.0275 4704 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:07:22.0275 4704 CertPropSvc - ok
11:07:22.0291 4704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:07:22.0291 4704 circlass - ok
11:07:22.0306 4704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:07:22.0306 4704 CLFS - ok
11:07:22.0353 4704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:07:22.0353 4704 clr_optimization_v2.0.50727_32 - ok
11:07:22.0369 4704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:07:22.0384 4704 clr_optimization_v2.0.50727_64 - ok
11:07:22.0400 4704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:07:22.0400 4704 CmBatt - ok
11:07:22.0415 4704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:07:22.0415 4704 cmdide - ok
11:07:22.0431 4704 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:07:22.0431 4704 CNG - ok
11:07:22.0447 4704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:07:22.0447 4704 Compbatt - ok
11:07:22.0462 4704 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:07:22.0478 4704 CompositeBus - ok
11:07:22.0478 4704 COMSysApp - ok
11:07:22.0493 4704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:07:22.0493 4704 crcdisk - ok
11:07:22.0509 4704 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
11:07:22.0509 4704 CryptSvc - ok
11:07:22.0540 4704 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
11:07:22.0540 4704 CSC - ok
11:07:22.0556 4704 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
11:07:22.0571 4704 CscService - ok
11:07:22.0603 4704 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:07:22.0603 4704 DcomLaunch - ok
11:07:22.0618 4704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:07:22.0618 4704 defragsvc - ok
11:07:22.0634 4704 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
11:07:22.0634 4704 DfsC - ok
11:07:22.0649 4704 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
11:07:22.0649 4704 Dhcp - ok
11:07:22.0712 4704 DigiRefresh - ok
11:07:22.0727 4704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:07:22.0727 4704 discache - ok
11:07:22.0743 4704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:07:22.0743 4704 Disk - ok
11:07:22.0774 4704 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
11:07:22.0774 4704 Dnscache - ok
11:07:22.0805 4704 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
11:07:22.0805 4704 dot3svc - ok
11:07:22.0805 4704 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
11:07:22.0805 4704 DPS - ok
11:07:22.0821 4704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:07:22.0821 4704 drmkaud - ok
11:07:22.0868 4704 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
11:07:22.0868 4704 DXGKrnl - ok
11:07:22.0868 4704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:07:22.0883 4704 EapHost - ok
11:07:22.0915 4704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:07:22.0977 4704 ebdrv - ok
11:07:22.0993 4704 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
11:07:23.0008 4704 EFS - ok
11:07:23.0039 4704 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
11:07:23.0039 4704 ehRecvr - ok
11:07:23.0055 4704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:07:23.0055 4704 ehSched - ok
11:07:23.0071 4704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:07:23.0071 4704 elxstor - ok
11:07:23.0086 4704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:07:23.0086 4704 ErrDev - ok
11:07:23.0117 4704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:07:23.0117 4704 EventSystem - ok
11:07:23.0133 4704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:07:23.0133 4704 exfat - ok
11:07:23.0149 4704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:07:23.0149 4704 fastfat - ok
11:07:23.0164 4704 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
11:07:23.0164 4704 Fax - ok
11:07:23.0195 4704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:07:23.0195 4704 fdc - ok
11:07:23.0211 4704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:07:23.0211 4704 fdPHost - ok
11:07:23.0211 4704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:07:23.0211 4704 FDResPub - ok
11:07:23.0227 4704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:07:23.0227 4704 FileInfo - ok
11:07:23.0242 4704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:07:23.0242 4704 Filetrace - ok
11:07:23.0258 4704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:07:23.0258 4704 flpydisk - ok
11:07:23.0273 4704 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:07:23.0273 4704 FltMgr - ok
11:07:23.0305 4704 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
11:07:23.0320 4704 FontCache - ok
11:07:23.0367 4704 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:07:23.0367 4704 FontCache3.0.0.0 - ok
11:07:23.0383 4704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:07:23.0383 4704 FsDepends - ok
11:07:23.0398 4704 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:07:23.0398 4704 Fs_Rec - ok
11:07:23.0429 4704 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:07:23.0429 4704 fvevol - ok
11:07:23.0461 4704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:07:23.0461 4704 gagp30kx - ok
11:07:23.0476 4704 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
11:07:23.0492 4704 gpsvc - ok
11:07:23.0507 4704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:07:23.0507 4704 hcw85cir - ok
11:07:23.0523 4704 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:07:23.0539 4704 HdAudAddService - ok
11:07:23.0554 4704 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:07:23.0554 4704 HDAudBus - ok
11:07:23.0570 4704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:07:23.0570 4704 HidBatt - ok
11:07:23.0585 4704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:07:23.0585 4704 HidBth - ok
11:07:23.0585 4704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:07:23.0601 4704 HidIr - ok
11:07:23.0617 4704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:07:23.0617 4704 hidserv - ok
11:07:23.0632 4704 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:07:23.0632 4704 HidUsb - ok
11:07:23.0648 4704 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
11:07:23.0648 4704 hkmsvc - ok
11:07:23.0679 4704 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
11:07:23.0679 4704 HomeGroupListener - ok
11:07:23.0695 4704 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
11:07:23.0695 4704 HomeGroupProvider - ok
11:07:23.0710 4704 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:07:23.0710 4704 HpSAMD - ok
11:07:23.0741 4704 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:07:23.0757 4704 HTTP - ok
11:07:23.0757 4704 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:07:23.0757 4704 hwpolicy - ok
11:07:23.0788 4704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:07:23.0788 4704 i8042prt - ok
11:07:23.0835 4704 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
11:07:23.0835 4704 iaStorV - ok
11:07:23.0866 4704 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:07:23.0882 4704 idsvc - ok
11:07:23.0897 4704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:07:23.0897 4704 iirsp - ok
11:07:23.0929 4704 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
11:07:23.0944 4704 IKEEXT - ok
11:07:23.0960 4704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:07:23.0960 4704 intelide - ok
11:07:23.0975 4704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:07:23.0975 4704 intelppm - ok
11:07:23.0991 4704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:07:23.0991 4704 IPBusEnum - ok
11:07:24.0007 4704 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:07:24.0007 4704 IpFilterDriver - ok
11:07:24.0007 4704 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:07:24.0007 4704 IPMIDRV - ok
11:07:24.0022 4704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:07:24.0022 4704 IPNAT - ok
11:07:24.0038 4704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:07:24.0038 4704 IRENUM - ok
11:07:24.0053 4704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:07:24.0053 4704 isapnp - ok
11:07:24.0069 4704 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:07:24.0069 4704 iScsiPrt - ok
11:07:24.0085 4704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:07:24.0085 4704 kbdclass - ok
11:07:24.0100 4704 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:07:24.0100 4704 kbdhid - ok
11:07:24.0116 4704 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
11:07:24.0131 4704 KeyIso - ok
11:07:24.0131 4704 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:07:24.0131 4704 KSecDD - ok
11:07:24.0163 4704 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:07:24.0163 4704 KSecPkg - ok
11:07:24.0178 4704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:07:24.0178 4704 ksthunk - ok
11:07:24.0194 4704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:07:24.0194 4704 KtmRm - ok
11:07:24.0225 4704 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
11:07:24.0225 4704 LanmanServer - ok
11:07:24.0241 4704 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
11:07:24.0241 4704 LanmanWorkstation - ok
11:07:24.0272 4704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:07:24.0272 4704 lltdio - ok
11:07:24.0287 4704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:07:24.0287 4704 lltdsvc - ok
11:07:24.0303 4704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:07:24.0319 4704 lmhosts - ok
11:07:24.0350 4704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:07:24.0350 4704 LSI_FC - ok
11:07:24.0365 4704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:07:24.0365 4704 LSI_SAS - ok
11:07:24.0381 4704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:07:24.0381 4704 LSI_SAS2 - ok
11:07:24.0397 4704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:07:24.0397 4704 LSI_SCSI - ok
11:07:24.0412 4704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:07:24.0428 4704 luafv - ok
11:07:24.0443 4704 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
11:07:24.0443 4704 Mcx2Svc - ok
11:07:24.0506 4704 MDES (3283da404b2ece50c1e2aa1f5ce7a08a) C:\ASUS.SYS\CONFIG\DVMExportService.exe
11:07:24.0506 4704 MDES - ok
11:07:24.0521 4704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:07:24.0521 4704 megasas - ok
11:07:24.0553 4704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:07:24.0553 4704 MegaSR - ok
11:07:24.0568 4704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:07:24.0568 4704 MMCSS - ok
11:07:24.0599 4704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:07:24.0599 4704 Modem - ok
11:07:24.0615 4704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:07:24.0615 4704 monitor - ok
11:07:24.0631 4704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:07:24.0631 4704 mouclass - ok
11:07:24.0646 4704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:07:24.0662 4704 mouhid - ok
11:07:24.0677 4704 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:07:24.0693 4704 mountmgr - ok
11:07:24.0693 4704 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:07:24.0693 4704 mpio - ok
11:07:24.0724 4704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:07:24.0724 4704 mpsdrv - ok
11:07:24.0740 4704 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:07:24.0740 4704 MRxDAV - ok
11:07:24.0755 4704 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:07:24.0755 4704 mrxsmb - ok
11:07:24.0771 4704 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:07:24.0771 4704 mrxsmb10 - ok
11:07:24.0802 4704 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:07:24.0802 4704 mrxsmb20 - ok
11:07:24.0818 4704 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:07:24.0818 4704 msahci - ok
11:07:24.0833 4704 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:07:24.0833 4704 msdsm - ok
11:07:24.0865 4704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:07:24.0865 4704 MSDTC - ok
11:07:24.0911 4704 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
11:07:24.0911 4704 MSDV - ok
11:07:24.0911 4704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:07:24.0911 4704 Msfs - ok
11:07:24.0943 4704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:07:24.0943 4704 mshidkmdf - ok
11:07:24.0958 4704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:07:24.0958 4704 msisadrv - ok
11:07:24.0989 4704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:07:24.0989 4704 MSiSCSI - ok
11:07:24.0989 4704 msiserver - ok
11:07:25.0021 4704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:07:25.0021 4704 MSKSSRV - ok
11:07:25.0036 4704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:07:25.0036 4704 MSPCLOCK - ok
11:07:25.0052 4704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:07:25.0052 4704 MSPQM - ok
11:07:25.0083 4704 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:07:25.0083 4704 MsRPC - ok
11:07:25.0099 4704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:07:25.0099 4704 mssmbios - ok
11:07:25.0114 4704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:07:25.0114 4704 MSTEE - ok
11:07:25.0130 4704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:07:25.0130 4704 MTConfig - ok
11:07:25.0177 4704 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
11:07:25.0177 4704 MTsensor - ok
11:07:25.0192 4704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:07:25.0192 4704 Mup - ok
11:07:25.0239 4704 mv61xx (42ab117ab98ac93f487b2913ee4fbdd8) C:\Windows\system32\DRIVERS\mv61xx.sys
11:07:25.0239 4704 mv61xx - ok
11:07:25.0255 4704 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
11:07:25.0270 4704 napagent - ok
11:07:25.0301 4704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:07:25.0301 4704 NativeWifiP - ok
11:07:25.0348 4704 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:07:25.0348 4704 NDIS - ok
11:07:25.0379 4704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:07:25.0379 4704 NdisCap - ok
11:07:25.0395 4704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:07:25.0395 4704 NdisTapi - ok
11:07:25.0411 4704 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:07:25.0411 4704 Ndisuio - ok
11:07:25.0442 4704 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:07:25.0442 4704 NdisWan - ok
11:07:25.0442 4704 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:07:25.0457 4704 NDProxy - ok
11:07:25.0457 4704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:07:25.0457 4704 NetBIOS - ok
11:07:25.0473 4704 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:07:25.0473 4704 NetBT - ok
11:07:25.0504 4704 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
11:07:25.0504 4704 Netlogon - ok
11:07:25.0535 4704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:07:25.0535 4704 Netman - ok
11:07:25.0551 4704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:07:25.0551 4704 netprofm - ok
11:07:25.0582 4704 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:07:25.0582 4704 NetTcpPortSharing - ok
11:07:25.0613 4704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:07:25.0613 4704 nfrd960 - ok
11:07:25.0629 4704 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
11:07:25.0629 4704 NlaSvc - ok
11:07:25.0645 4704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:07:25.0645 4704 Npfs - ok
11:07:25.0660 4704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:07:25.0660 4704 nsi - ok
11:07:25.0676 4704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:07:25.0676 4704 nsiproxy - ok
11:07:25.0707 4704 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
11:07:25.0738 4704 Ntfs - ok
11:07:25.0754 4704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:07:25.0754 4704 Null - ok
11:07:25.0957 4704 NVIDIA Performance Driver Service (ec46af29adeddcc1f1a5df22fb2276fd) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
11:07:26.0050 4704 NVIDIA Performance Driver Service - ok
11:07:26.0237 4704 nvlddmkm (29c37a82d52c06e20afe6de0ee140f5b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:07:26.0284 4704 nvlddmkm - ok
11:07:26.0331 4704 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
11:07:26.0331 4704 nvraid - ok
11:07:26.0362 4704 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
11:07:26.0362 4704 nvstor - ok
11:07:26.0378 4704 nvsvc (44fa4a94ffea3f0dc97c8db97ee823a3) C:\Windows\system32\nvvsvc.exe
11:07:26.0378 4704 nvsvc - ok
11:07:26.0393 4704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:07:26.0393 4704 nv_agp - ok
11:07:26.0409 4704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:07:26.0409 4704 ohci1394 - ok
11:07:26.0440 4704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:07:26.0440 4704 p2pimsvc - ok
11:07:26.0471 4704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:07:26.0471 4704 p2psvc - ok
11:07:26.0487 4704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:07:26.0487 4704 Parport - ok
11:07:26.0518 4704 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:07:26.0518 4704 partmgr - ok
11:07:26.0549 4704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:07:26.0549 4704 PcaSvc - ok
11:07:26.0581 4704 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:07:26.0581 4704 pci - ok
11:07:26.0596 4704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:07:26.0596 4704 pciide - ok
11:07:26.0627 4704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:07:26.0643 4704 pcmcia - ok
11:07:26.0674 4704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:07:26.0674 4704 pcw - ok
11:07:26.0690 4704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:07:26.0690 4704 PEAUTH - ok
11:07:26.0737 4704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:07:26.0768 4704 PeerDistSvc - ok
11:07:26.0799 4704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:07:26.0799 4704 PerfHost - ok
11:07:26.0830 4704 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
11:07:26.0861 4704 pla - ok
11:07:26.0877 4704 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
11:07:26.0893 4704 PlugPlay - ok
11:07:26.0893 4704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:07:26.0893 4704 PNRPAutoReg - ok
11:07:26.0924 4704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:07:26.0924 4704 PNRPsvc - ok
11:07:26.0955 4704 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
11:07:26.0955 4704 PolicyAgent - ok
11:07:26.0971 4704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:07:26.0971 4704 Power - ok
11:07:27.0002 4704 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:07:27.0002 4704 PptpMiniport - ok
11:07:27.0017 4704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:07:27.0033 4704 Processor - ok
11:07:27.0049 4704 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
11:07:27.0049 4704 ProfSvc - ok
11:07:27.0064 4704 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
11:07:27.0064 4704 ProtectedStorage - ok
11:07:27.0080 4704 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:07:27.0095 4704 Psched - ok
11:07:27.0127 4704 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:07:27.0127 4704 PxHlpa64 - ok
11:07:27.0158 4704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:07:27.0189 4704 ql2300 - ok
11:07:27.0205 4704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:07:27.0205 4704 ql40xx - ok
11:07:27.0220 4704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:07:27.0220 4704 QWAVE - ok
11:07:27.0236 4704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:07:27.0236 4704 QWAVEdrv - ok
11:07:27.0251 4704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:07:27.0251 4704 RasAcd - ok
11:07:27.0283 4704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:07:27.0283 4704 RasAgileVpn - ok
11:07:27.0283 4704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:07:27.0298 4704 RasAuto - ok
11:07:27.0314 4704 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:07:27.0314 4704 Rasl2tp - ok
11:07:27.0329 4704 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
11:07:27.0329 4704 RasMan - ok
11:07:27.0345 4704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:07:27.0345 4704 RasPppoe - ok
11:07:27.0361 4704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:07:27.0376 4704 RasSstp - ok
11:07:27.0392 4704 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:07:27.0392 4704 rdbss - ok
11:07:27.0407 4704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:07:27.0407 4704 rdpbus - ok
11:07:27.0439 4704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:07:27.0439 4704 RDPCDD - ok
11:07:27.0470 4704 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
11:07:27.0470 4704 RDPDR - ok
11:07:27.0501 4704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:07:27.0501 4704 RDPENCDD - ok
11:07:27.0517 4704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:07:27.0517 4704 RDPREFMP - ok
11:07:27.0532 4704 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:07:27.0532 4704 RDPWD - ok
11:07:27.0563 4704 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:07:27.0563 4704 rdyboost - ok
11:07:27.0579 4704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:07:27.0579 4704 RemoteAccess - ok
11:07:27.0595 4704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:07:27.0595 4704 RemoteRegistry - ok
11:07:27.0610 4704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:07:27.0610 4704 RpcEptMapper - ok
11:07:27.0641 4704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:07:27.0641 4704 RpcLocator - ok
11:07:27.0657 4704 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:07:27.0657 4704 RpcSs - ok
11:07:27.0673 4704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:07:27.0673 4704 rspndr - ok
11:07:27.0688 4704 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:07:27.0688 4704 s3cap - ok
11:07:27.0704 4704 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
11:07:27.0719 4704 SamSs - ok
11:07:27.0719 4704 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:07:27.0735 4704 sbp2port - ok
11:07:27.0735 4704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:07:27.0751 4704 SCardSvr - ok
11:07:27.0766 4704 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:07:27.0766 4704 scfilter - ok
11:07:27.0797 4704 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
11:07:27.0813 4704 Schedule - ok
11:07:27.0829 4704 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:07:27.0829 4704 SCPolicySvc - ok
11:07:27.0844 4704 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
11:07:27.0844 4704 SDRSVC - ok
11:07:27.0875 4704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:07:27.0875 4704 secdrv - ok
11:07:27.0891 4704 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
11:07:27.0891 4704 seclogon - ok
11:07:27.0907 4704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:07:27.0907 4704 SENS - ok
11:07:27.0922 4704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:07:27.0922 4704 SensrSvc - ok
11:07:27.0985 4704 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
11:07:27.0985 4704 Sentinel64 - ok
11:07:28.0000 4704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:07:28.0000 4704 Serenum - ok
11:07:28.0016 4704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:07:28.0016 4704 Serial - ok
11:07:28.0031 4704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:07:28.0031 4704 sermouse - ok
11:07:28.0047 4704 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
11:07:28.0063 4704 SessionEnv - ok
11:07:28.0063 4704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:07:28.0063 4704 sffdisk - ok
11:07:28.0078 4704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:07:28.0094 4704 sffp_mmc - ok
11:07:28.0094 4704 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:07:28.0094 4704 sffp_sd - ok
11:07:28.0109 4704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:07:28.0109 4704 sfloppy - ok
11:07:28.0141 4704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:07:28.0141 4704 SharedAccess - ok
11:07:28.0203 4704 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
11:07:28.0219 4704 ShellHWDetection - ok
11:07:28.0250 4704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:07:28.0250 4704 SiSRaid2 - ok
11:07:28.0265 4704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:07:28.0281 4704 SiSRaid4 - ok
11:07:28.0297 4704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:07:28.0312 4704 Smb - ok
11:07:28.0328 4704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:07:28.0328 4704 SNMPTRAP - ok
11:07:28.0390 4704 SNTUSB64 (9d82300431abc9e993c36601034415c6) C:\Windows\system32\DRIVERS\SNTUSB64.SYS
11:07:28.0390 4704 SNTUSB64 - ok
11:07:28.0406 4704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:07:28.0406 4704 spldr - ok
11:07:28.0437 4704 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
11:07:28.0453 4704 Spooler - ok
11:07:28.0515 4704 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
11:07:28.0577 4704 sppsvc - ok
11:07:28.0593 4704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:07:28.0609 4704 sppuinotify - ok
11:07:28.0640 4704 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
11:07:28.0640 4704 srv - ok
11:07:28.0671 4704 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
11:07:28.0671 4704 srv2 - ok
11:07:28.0687 4704 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
11:07:28.0702 4704 srvnet - ok
11:07:28.0718 4704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:07:28.0718 4704 SSDPSRV - ok
11:07:28.0733 4704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:07:28.0733 4704 SstpSvc - ok
11:07:28.0765 4704 Stereo Service (2af469d023943863054b4916f2c2cf15) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:07:28.0765 4704 Stereo Service - ok
11:07:28.0796 4704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:07:28.0796 4704 stexstor - ok
11:07:28.0827 4704 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
11:07:28.0827 4704 stisvc - ok
11:07:28.0843 4704 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:07:28.0843 4704 storflt - ok
11:07:28.0874 4704 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:07:28.0874 4704 StorSvc - ok
11:07:28.0889 4704 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:07:28.0889 4704 storvsc - ok
11:07:28.0905 4704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:07:28.0905 4704 swenum - ok
11:07:28.0936 4704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:07:28.0936 4704 swprv - ok
11:07:28.0967 4704 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
11:07:28.0999 4704 SysMain - ok
11:07:28.0999 4704 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
11:07:29.0014 4704 TabletInputService - ok
11:07:29.0030 4704 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
11:07:29.0030 4704 TapiSrv - ok
11:07:29.0045 4704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:07:29.0045 4704 TBS - ok
11:07:29.0077 4704 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
11:07:29.0108 4704 Tcpip - ok
11:07:29.0155 4704 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
11:07:29.0155 4704 TCPIP6 - ok
11:07:29.0170 4704 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:07:29.0170 4704 tcpipreg - ok
11:07:29.0217 4704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:07:29.0217 4704 TDPIPE - ok
11:07:29.0217 4704 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:07:29.0217 4704 TDTCP - ok
11:07:29.0233 4704 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:07:29.0233 4704 tdx - ok
11:07:29.0248 4704 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:07:29.0248 4704 TermDD - ok
11:07:29.0279 4704 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
11:07:29.0279 4704 TermService - ok
11:07:29.0295 4704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:07:29.0295 4704 Themes - ok
11:07:29.0326 4704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:07:29.0326 4704 THREADORDER - ok
11:07:29.0373 4704 Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
11:07:29.0373 4704 Tpkd - ok
11:07:29.0389 4704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:07:29.0389 4704 TrkWks - ok
11:07:29.0467 4704 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
11:07:29.0482 4704 TrustedInstaller - ok
11:07:29.0513 4704 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:07:29.0513 4704 tssecsrv - ok
11:07:29.0545 4704 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:07:29.0545 4704 tunnel - ok
11:07:29.0560 4704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:07:29.0560 4704 uagp35 - ok
11:07:29.0591 4704 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:07:29.0591 4704 udfs - ok
11:07:29.0607 4704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:07:29.0607 4704 UI0Detect - ok
11:07:29.0623 4704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:07:29.0623 4704 uliagpkx - ok
11:07:29.0623 4704 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:07:29.0638 4704 umbus - ok
11:07:29.0638 4704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:07:29.0638 4704 UmPass - ok
11:07:29.0669 4704 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
11:07:29.0669 4704 UmRdpService - ok
11:07:29.0685 4704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:07:29.0685 4704 upnphost - ok
11:07:29.0732 4704 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
11:07:29.0732 4704 usbaudio - ok
11:07:29.0747 4704 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:07:29.0747 4704 usbccgp - ok
11:07:29.0779 4704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:07:29.0779 4704 usbcir - ok
11:07:29.0794 4704 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
11:07:29.0794 4704 usbehci - ok
11:07:29.0810 4704 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
11:07:29.0810 4704 usbhub - ok
11:07:29.0825 4704 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:07:29.0825 4704 usbohci - ok
11:07:29.0841 4704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:07:29.0841 4704 usbprint - ok
11:07:29.0857 4704 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:07:29.0857 4704 USBSTOR - ok
11:07:29.0935 4704 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:07:29.0935 4704 usbuhci - ok
11:07:29.0950 4704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:07:29.0950 4704 UxSms - ok
11:07:29.0966 4704 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
11:07:29.0966 4704 VaultSvc - ok
11:07:29.0997 4704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:07:29.0997 4704 vdrvroot - ok
11:07:30.0013 4704 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
11:07:30.0013 4704 vds - ok
11:07:30.0028 4704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:07:30.0028 4704 vga - ok
11:07:30.0044 4704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:07:30.0044 4704 VgaSave - ok
11:07:30.0059 4704 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:07:30.0075 4704 vhdmp - ok
11:07:30.0091 4704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:07:30.0091 4704 viaide - ok
11:07:30.0122 4704 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:07:30.0122 4704 vmbus - ok
11:07:30.0137 4704 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:07:30.0137 4704 VMBusHID - ok
11:07:30.0153 4704 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:07:30.0153 4704 volmgr - ok
11:07:30.0200 4704 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:07:30.0200 4704 volmgrx - ok
11:07:30.0215 4704 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:07:30.0215 4704 volsnap - ok
11:07:30.0231 4704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:07:30.0231 4704 vsmraid - ok
11:07:30.0262 4704 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
11:07:30.0278 4704 VSS - ok
11:07:30.0309 4704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:07:30.0309 4704 vwifibus - ok
11:07:30.0325 4704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:07:30.0325 4704 W32Time - ok
11:07:30.0356 4704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:07:30.0356 4704 WacomPen - ok
11:07:30.0371 4704 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:07:30.0387 4704 WANARP - ok
11:07:30.0387 4704 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:07:30.0387 4704 Wanarpv6 - ok
11:07:30.0434 4704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:07:30.0465 4704 WatAdminSvc - ok
11:07:30.0496 4704 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
11:07:30.0512 4704 wbengine - ok
11:07:30.0543 4704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:07:30.0543 4704 WbioSrvc - ok
11:07:30.0559 4704 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
11:07:30.0574 4704 wcncsvc - ok
11:07:30.0574 4704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:07:30.0590 4704 WcsPlugInService - ok
11:07:30.0605 4704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:07:30.0621 4704 Wd - ok
11:07:30.0652 4704 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
11:07:30.0652 4704 WDC_SAM - ok
11:07:30.0668 4704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:07:30.0683 4704 Wdf01000 - ok
11:07:30.0683 4704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:07:30.0683 4704 WdiServiceHost - ok
11:07:30.0699 4704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:07:30.0699 4704 WdiSystemHost - ok
11:07:30.0715 4704 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
11:07:30.0715 4704 WebClient - ok
11:07:30.0730 4704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:07:30.0730 4704 Wecsvc - ok
11:07:30.0746 4704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:07:30.0761 4704 wercplsupport - ok
11:07:30.0824 4704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:07:30.0824 4704 WerSvc - ok
11:07:30.0855 4704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:07:30.0855 4704 WfpLwf - ok
11:07:30.0871 4704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:07:30.0871 4704 WIMMount - ok
11:07:30.0871 4704 WinHttpAutoProxySvc - ok
11:07:30.0917 4704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:07:30.0917 4704 Winmgmt - ok
11:07:30.0964 4704 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
11:07:30.0995 4704 WinRM - ok
11:07:31.0042 4704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:07:31.0058 4704 Wlansvc - ok
11:07:31.0089 4704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:07:31.0089 4704 WmiAcpi - ok
11:07:31.0120 4704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:07:31.0120 4704 wmiApSrv - ok
11:07:31.0151 4704 WMPNetworkSvc - ok
11:07:31.0167 4704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:07:31.0167 4704 WPCSvc - ok
11:07:31.0183 4704 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
11:07:31.0183 4704 WPDBusEnum - ok
11:07:31.0198 4704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:07:31.0198 4704 ws2ifsl - ok
11:07:31.0198 4704 WSearch - ok
11:07:31.0276 4704 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
11:07:31.0323 4704 wuauserv - ok
11:07:31.0339 4704 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:07:31.0339 4704 WudfPf - ok
11:07:31.0370 4704 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:07:31.0370 4704 WUDFRd - ok
11:07:31.0385 4704 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
11:07:31.0385 4704 wudfsvc - ok
11:07:31.0401 4704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:07:31.0417 4704 WwanSvc - ok
11:07:31.0448 4704 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
11:07:31.0448 4704 yukonw7 - ok
11:07:31.0463 4704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:07:32.0228 4704 \Device\Harddisk0\DR0 - ok
11:07:32.0228 4704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:07:32.0290 4704 \Device\Harddisk1\DR1 - ok
11:07:32.0290 4704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
11:07:32.0337 4704 \Device\Harddisk2\DR2 - ok
11:07:32.0353 4704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
11:07:32.0399 4704 \Device\Harddisk3\DR3 - ok
11:07:32.0399 4704 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk4\DR4
11:07:32.0431 4704 \Device\Harddisk4\DR4 ( Rootkit.Boot.Pihar.b ) - infected
11:07:32.0431 4704 \Device\Harddisk4\DR4 - detected Rootkit.Boot.Pihar.b (0)
11:07:32.0462 4704 \Device\Harddisk4\DR4 ( TDSS File System ) - warning
11:07:32.0462 4704 \Device\Harddisk4\DR4 - detected TDSS File System (1)
11:07:32.0477 4704 Boot (0x1200) (9599ee7daca6bdec622998d3993e256b) \Device\Harddisk4\DR4\Partition0
11:07:32.0477 4704 \Device\Harddisk4\DR4\Partition0 - ok
11:07:32.0477 4704 Boot (0x1200) (137ab51c7a64a2e9a15cf0624e453836) \Device\Harddisk4\DR4\Partition1
11:07:32.0477 4704 \Device\Harddisk4\DR4\Partition1 - ok
11:07:32.0477 4704 ============================================================
11:07:32.0477 4704 Scan finished
11:07:32.0477 4704 ============================================================
11:07:32.0493 5032 Detected object count: 2
11:07:32.0493 5032 Actual detected object count: 2
11:07:57.0188 5032 \Device\Harddisk4\DR4\# - copied to quarantine
11:07:57.0188 5032 \Device\Harddisk4\DR4 - copied to quarantine
11:07:57.0219 5032 \Device\Harddisk4\DR4\TDLFS\ph.dll - copied to quarantine
11:07:57.0219 5032 \Device\Harddisk4\DR4\TDLFS\phx.dll - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\phd - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\phdx - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\phs - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\phdata - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\phld - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\phln - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\phlx - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\s - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\phm - copied to quarantine
11:07:57.0235 5032 \Device\Harddisk4\DR4\TDLFS\u - copied to quarantine
11:07:57.0281 5032 \Device\Harddisk4\DR4 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:07:57.0281 5032 \Device\Harddisk4\DR4 - ok
11:08:02.0866 5032 \Device\Harddisk4\DR4 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:08:02.0866 5032 \Device\Harddisk4\DR4 ( TDSS File System ) - skipped by user
11:08:02.0866 5032 \Device\Harddisk4\DR4 ( TDSS File System ) - User select action: Skip

#5 Theebs

Theebs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 15 April 2012 - 11:19 AM

am i supposed to be running the fix and cure? I ran the cure on the first one what should I do with the second one...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 11:12:46
-----------------------------
11:12:46.144 OS Version: Windows x64 6.1.7600
11:12:46.144 Number of processors: 8 586 0x1A05
11:12:46.144 ComputerName: MEDIACOMPOSER UserName: Administrator
11:12:48.391 Initialize success
11:13:59.105 AVAST engine defs: 12041501
11:14:03.926 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:14:03.926 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
11:14:03.926 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
11:14:03.926 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA3MA Size: 953869MB BusType: 3
11:14:03.926 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-2
11:14:03.926 Disk 2 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
11:14:03.926 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T1L0-3
11:14:03.926 Disk 3 Vendor: Hitachi_HDS721010CLA332 JP4OA3MA Size: 953869MB BusType: 3
11:14:03.941 Disk 4 (boot) \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP2T0L0-4
11:14:03.941 Disk 4 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 3
11:14:03.988 Disk 4 MBR read successfully
11:14:03.988 Disk 4 MBR scan
11:14:03.988 Disk 4 Windows 7 default MBR code
11:14:04.051 Disk 4 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:14:04.066 Disk 4 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
11:14:04.082 Disk 4 scanning C:\Windows\system32\drivers
11:14:10.509 Service scanning
11:14:21.632 Service xfilt C:\Windows\system32\eSettingsService.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:14:22.193 Modules scanning
11:14:22.193 Disk 4 trace - called modules:
11:14:22.209 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:14:22.209 1 nt!IofCallDriver -> \Device\Harddisk4\DR4[0xfffffa800af62060]
11:14:22.209 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa800aada190]
11:14:22.209 5 ACPI.sys[fffff88000f43781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800ab4a060]
11:14:32.021 AVAST engine scan C:\Windows
11:14:44.018 AVAST engine scan C:\Windows\system32
11:14:51.069 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
11:14:58.729 File: C:\Windows\system32\eSettingsService.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:15:50.474 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:15:51.722 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:16:17.602 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
11:16:17.634 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
11:16:18.382 AVAST engine scan C:\Windows\system32\drivers
11:16:26.354 AVAST engine scan C:\Users\Administrator
11:17:40.813 AVAST engine scan C:\ProgramData
11:18:02.747 Scan finished successfully
11:18:32.792 Disk 4 MBR has been saved successfully to "C:\Users\Administrator\Documents\MBR.dat"
11:18:32.792 The log file has been saved successfully to "C:\Users\Administrator\Documents\aswMBR.txt"

#6 Theebs

Theebs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 15 April 2012 - 11:28 AM

just ran malwarebytes again and it is finding just the 1 trojan agent now

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: MEDIACOMPOSER [administrator]

4/15/2012 11:26:00 AM
mbam-log-2012-04-15 (11-26-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211623
Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:37 AM

Posted 15 April 2012 - 12:31 PM

You're infected by zero access rootkit.We need advanced tools


Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 15 April 2012 - 12:32 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users