Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Smart HDD. Got rid of it but still acting up


  • Please log in to reply
5 replies to this topic

#1 kittykamikaze

kittykamikaze

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 21 April 2012 - 02:42 PM



Hello,

A couple of days ago I realized that my laptop got infected with a redirect virus. I would go to Google and search for movies and it would take to me to random blogs or whatnot. So, then I went on about an hour later and saw the Smart HDD pop up to lure me in (didn't fall for it) but it did the typical things that were listed (hid everything).

Well, I followed the steps in removing Smart HDD as they were listed. However, now I'm still have the after effects of everything.

Now it will give me the following pop up immediately after booting up the laptop: There is a problem starting C:/Windows/TEMP/coifvd.dll

Another issue I'm having is that when I open up an internet page, a second tab will open up a page randomly.

Please help and thank you very very much in advance. B)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:58 AM

Posted 21 April 2012 - 04:25 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 kittykamikaze

kittykamikaze
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 21 April 2012 - 05:34 PM

Thank you for responding ...

Here is the log for the TDSSkiller:

17:31:57.0901 2708 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
17:31:58.0322 2708 ============================================================
17:31:58.0322 2708 Current date / time: 2012/04/21 17:31:58.0322
17:31:58.0322 2708 SystemInfo:
17:31:58.0322 2708
17:31:58.0322 2708 OS Version: 6.1.7600 ServicePack: 0.0
17:31:58.0322 2708 Product type: Workstation
17:31:58.0322 2708 ComputerName: CHRIS-VAIO
17:31:58.0322 2708 UserName: Chris
17:31:58.0322 2708 Windows directory: C:\Windows
17:31:58.0322 2708 System windows directory: C:\Windows
17:31:58.0322 2708 Running under WOW64
17:31:58.0322 2708 Processor architecture: Intel x64
17:31:58.0322 2708 Number of processors: 4
17:31:58.0322 2708 Page size: 0x1000
17:31:58.0322 2708 Boot type: Normal boot
17:31:58.0322 2708 ============================================================
17:31:58.0774 2708 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:31:58.0790 2708 \Device\Harddisk0\DR0:
17:31:58.0790 2708 MBR partitions:
17:31:58.0790 2708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14F7800, BlocksNum 0x32000
17:31:58.0790 2708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1529800, BlocksNum 0x38E5C030
17:31:58.0821 2708 C: <-> \Device\Harddisk0\DR0\Partition1
17:31:58.0821 2708 Initialize success
17:31:58.0821 2708 ============================================================
17:32:14.0344 6228 ============================================================
17:32:14.0344 6228 Scan started
17:32:14.0344 6228 Mode: Manual; TDLFS;
17:32:14.0344 6228 ============================================================
17:32:17.0059 6228 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
17:32:17.0059 6228 1394ohci - ok
17:32:17.0137 6228 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:32:17.0137 6228 ACDaemon - ok
17:32:17.0433 6228 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
17:32:17.0449 6228 ACPI - ok
17:32:17.0527 6228 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
17:32:17.0527 6228 AcpiPmi - ok
17:32:17.0636 6228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:32:17.0636 6228 adp94xx - ok
17:32:17.0745 6228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:32:17.0761 6228 adpahci - ok
17:32:17.0854 6228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:32:17.0854 6228 adpu320 - ok
17:32:17.0948 6228 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:32:17.0948 6228 AeLookupSvc - ok
17:32:18.0057 6228 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:32:18.0057 6228 AFD - ok
17:32:18.0182 6228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:32:18.0182 6228 agp440 - ok
17:32:18.0260 6228 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:32:18.0260 6228 ALG - ok
17:32:18.0369 6228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:32:18.0369 6228 aliide - ok
17:32:18.0447 6228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:32:18.0447 6228 amdide - ok
17:32:18.0541 6228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:32:18.0541 6228 AmdK8 - ok
17:32:18.0634 6228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:32:18.0634 6228 AmdPPM - ok
17:32:18.0728 6228 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:32:18.0728 6228 amdsata - ok
17:32:18.0821 6228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:32:18.0837 6228 amdsbs - ok
17:32:19.0133 6228 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:32:19.0133 6228 amdxata - ok
17:32:19.0227 6228 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:32:19.0227 6228 AppID - ok
17:32:19.0305 6228 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:32:19.0305 6228 AppIDSvc - ok
17:32:19.0399 6228 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:32:19.0399 6228 Appinfo - ok
17:32:19.0523 6228 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:32:19.0523 6228 Apple Mobile Device - ok
17:32:19.0617 6228 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:32:19.0617 6228 arc - ok
17:32:19.0711 6228 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:32:19.0711 6228 arcsas - ok
17:32:19.0789 6228 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:32:19.0789 6228 ArcSoftKsUFilter - ok
17:32:19.0882 6228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:32:19.0882 6228 AsyncMac - ok
17:32:19.0976 6228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:32:19.0976 6228 atapi - ok
17:32:20.0085 6228 athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
17:32:20.0132 6228 athr - ok
17:32:20.0381 6228 atikmdag (eaea2ce49de0cca80beb9134107e5dd7) C:\Windows\system32\DRIVERS\atikmdag.sys
17:32:20.0537 6228 atikmdag - ok
17:32:20.0662 6228 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:32:20.0678 6228 AudioEndpointBuilder - ok
17:32:20.0693 6228 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:32:20.0693 6228 AudioSrv - ok
17:32:20.0756 6228 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:32:20.0756 6228 AxInstSV - ok
17:32:20.0865 6228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:32:20.0865 6228 b06bdrv - ok
17:32:20.0959 6228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:32:20.0959 6228 b57nd60a - ok
17:32:21.0068 6228 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:32:21.0068 6228 BDESVC - ok
17:32:21.0161 6228 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:32:21.0161 6228 Beep - ok
17:32:21.0239 6228 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
17:32:21.0255 6228 BITS - ok
17:32:21.0349 6228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
17:32:21.0349 6228 blbdrive - ok
17:32:21.0442 6228 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:32:21.0458 6228 Bonjour Service - ok
17:32:21.0536 6228 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:32:21.0536 6228 bowser - ok
17:32:21.0629 6228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:32:21.0629 6228 BrFiltLo - ok
17:32:21.0707 6228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:32:21.0707 6228 BrFiltUp - ok
17:32:21.0785 6228 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:32:21.0785 6228 Browser - ok
17:32:21.0895 6228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:32:21.0895 6228 Brserid - ok
17:32:21.0973 6228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:32:21.0973 6228 BrSerWdm - ok
17:32:22.0066 6228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:32:22.0066 6228 BrUsbMdm - ok
17:32:22.0144 6228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:32:22.0144 6228 BrUsbSer - ok
17:32:22.0253 6228 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:32:22.0253 6228 BthEnum - ok
17:32:22.0347 6228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:32:22.0347 6228 BTHMODEM - ok
17:32:22.0456 6228 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:32:22.0456 6228 BthPan - ok
17:32:22.0612 6228 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
17:32:22.0612 6228 BTHPORT - ok
17:32:22.0721 6228 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:32:22.0721 6228 bthserv - ok
17:32:22.0831 6228 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
17:32:22.0831 6228 BTHUSB - ok
17:32:23.0002 6228 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
17:32:23.0002 6228 btwampfl - ok
17:32:23.0111 6228 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
17:32:23.0111 6228 btwaudio - ok
17:32:23.0221 6228 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
17:32:23.0221 6228 btwavdt - ok
17:32:23.0345 6228 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:32:23.0377 6228 btwdins - ok
17:32:23.0501 6228 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:32:23.0501 6228 btwl2cap - ok
17:32:23.0611 6228 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
17:32:23.0611 6228 btwrchid - ok
17:32:23.0720 6228 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:32:23.0720 6228 cdfs - ok
17:32:23.0860 6228 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:32:23.0860 6228 cdrom - ok
17:32:23.0985 6228 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:32:23.0985 6228 CertPropSvc - ok
17:32:24.0125 6228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:32:24.0125 6228 circlass - ok
17:32:24.0250 6228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:32:24.0266 6228 CLFS - ok
17:32:24.0422 6228 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:32:24.0422 6228 clr_optimization_v2.0.50727_32 - ok
17:32:24.0578 6228 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:32:24.0578 6228 clr_optimization_v2.0.50727_64 - ok
17:32:24.0781 6228 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:32:24.0781 6228 clr_optimization_v4.0.30319_32 - ok
17:32:25.0233 6228 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:32:25.0233 6228 clr_optimization_v4.0.30319_64 - ok
17:32:25.0358 6228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:32:25.0358 6228 CmBatt - ok
17:32:25.0483 6228 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:32:25.0483 6228 cmdide - ok
17:32:25.0623 6228 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
17:32:25.0623 6228 CNG - ok
17:32:25.0763 6228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:32:25.0763 6228 Compbatt - ok
17:32:25.0888 6228 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
17:32:25.0888 6228 CompositeBus - ok
17:32:25.0951 6228 COMSysApp - ok
17:32:26.0013 6228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:32:26.0013 6228 crcdisk - ok
17:32:26.0138 6228 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
17:32:26.0138 6228 CryptSvc - ok
17:32:26.0278 6228 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:32:26.0309 6228 cvhsvc - ok
17:32:26.0450 6228 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:32:26.0450 6228 DcomLaunch - ok
17:32:26.0606 6228 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:32:26.0606 6228 defragsvc - ok
17:32:26.0731 6228 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:32:26.0731 6228 DfsC - ok
17:32:26.0887 6228 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:32:26.0887 6228 Dhcp - ok
17:32:27.0043 6228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:32:27.0043 6228 discache - ok
17:32:27.0183 6228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:32:27.0199 6228 Disk - ok
17:32:27.0323 6228 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:32:27.0339 6228 Dnscache - ok
17:32:27.0448 6228 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:32:27.0448 6228 dot3svc - ok
17:32:27.0573 6228 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:32:27.0573 6228 DPS - ok
17:32:27.0729 6228 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:32:27.0729 6228 drmkaud - ok
17:32:27.0901 6228 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
17:32:27.0901 6228 DXGKrnl - ok
17:32:28.0057 6228 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:32:28.0057 6228 EapHost - ok
17:32:28.0259 6228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:32:28.0353 6228 ebdrv - ok
17:32:28.0509 6228 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:32:28.0509 6228 EFS - ok
17:32:28.0649 6228 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:32:28.0665 6228 ehRecvr - ok
17:32:28.0727 6228 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:32:28.0727 6228 ehSched - ok
17:32:28.0868 6228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:32:28.0883 6228 elxstor - ok
17:32:29.0211 6228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:32:29.0211 6228 ErrDev - ok
17:32:29.0351 6228 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:32:29.0367 6228 EventSystem - ok
17:32:29.0523 6228 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:32:29.0554 6228 EvtEng - ok
17:32:29.0741 6228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:32:29.0757 6228 exfat - ok
17:32:29.0851 6228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:32:29.0851 6228 fastfat - ok
17:32:29.0991 6228 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:32:30.0007 6228 Fax - ok
17:32:30.0194 6228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:32:30.0194 6228 fdc - ok
17:32:30.0319 6228 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:32:30.0319 6228 fdPHost - ok
17:32:30.0428 6228 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:32:30.0428 6228 FDResPub - ok
17:32:30.0568 6228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:32:30.0568 6228 FileInfo - ok
17:32:30.0662 6228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:32:30.0662 6228 Filetrace - ok
17:32:30.0787 6228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:32:30.0787 6228 flpydisk - ok
17:32:31.0286 6228 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:32:31.0286 6228 FltMgr - ok
17:32:31.0395 6228 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
17:32:31.0426 6228 FontCache - ok
17:32:31.0551 6228 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:32:31.0551 6228 FontCache3.0.0.0 - ok
17:32:31.0691 6228 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:32:31.0691 6228 FsDepends - ok
17:32:31.0832 6228 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
17:32:31.0832 6228 fssfltr - ok
17:32:31.0972 6228 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:32:32.0019 6228 fsssvc - ok
17:32:32.0128 6228 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:32:32.0128 6228 Fs_Rec - ok
17:32:32.0284 6228 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:32:32.0284 6228 fvevol - ok
17:32:32.0425 6228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:32:32.0425 6228 gagp30kx - ok
17:32:32.0565 6228 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:32:32.0565 6228 GEARAspiWDM - ok
17:32:32.0674 6228 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:32:32.0690 6228 gpsvc - ok
17:32:32.0861 6228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:32:32.0861 6228 hcw85cir - ok
17:32:33.0173 6228 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:32:33.0173 6228 HdAudAddService - ok
17:32:33.0314 6228 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
17:32:33.0314 6228 HDAudBus - ok
17:32:33.0454 6228 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
17:32:33.0454 6228 HECIx64 - ok
17:32:33.0595 6228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:32:33.0595 6228 HidBatt - ok
17:32:33.0751 6228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:32:33.0751 6228 HidBth - ok
17:32:33.0907 6228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:32:33.0907 6228 HidIr - ok
17:32:34.0031 6228 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:32:34.0031 6228 hidserv - ok
17:32:34.0187 6228 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:32:34.0187 6228 HidUsb - ok
17:32:34.0297 6228 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:32:34.0297 6228 hkmsvc - ok
17:32:34.0406 6228 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:32:34.0406 6228 HomeGroupListener - ok
17:32:34.0531 6228 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:32:34.0546 6228 HomeGroupProvider - ok
17:32:34.0702 6228 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
17:32:34.0702 6228 HpSAMD - ok
17:32:34.0936 6228 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:32:34.0952 6228 HTTP - ok
17:32:35.0092 6228 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:32:35.0092 6228 hwpolicy - ok
17:32:35.0248 6228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:32:35.0248 6228 i8042prt - ok
17:32:35.0404 6228 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
17:32:35.0420 6228 iaStor - ok
17:32:35.0591 6228 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:32:35.0591 6228 IAStorDataMgrSvc - ok
17:32:35.0732 6228 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:32:35.0747 6228 iaStorV - ok
17:32:35.0935 6228 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:32:35.0950 6228 idsvc - ok
17:32:36.0309 6228 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:32:36.0527 6228 igfx - ok
17:32:36.0668 6228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:32:36.0668 6228 iirsp - ok
17:32:36.0824 6228 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:32:36.0855 6228 IKEEXT - ok
17:32:37.0339 6228 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
17:32:37.0339 6228 Impcd - ok
17:32:37.0526 6228 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
17:32:37.0541 6228 IntcAzAudAddService - ok
17:32:37.0697 6228 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:32:37.0697 6228 IntcDAud - ok
17:32:37.0838 6228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:32:37.0838 6228 intelide - ok
17:32:37.0994 6228 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
17:32:37.0994 6228 intelppm - ok
17:32:38.0119 6228 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:32:38.0119 6228 IPBusEnum - ok
17:32:38.0243 6228 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:32:38.0243 6228 IpFilterDriver - ok
17:32:38.0321 6228 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
17:32:38.0321 6228 IPMIDRV - ok
17:32:38.0446 6228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:32:38.0446 6228 IPNAT - ok
17:32:38.0602 6228 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
17:32:38.0633 6228 iPod Service - ok
17:32:38.0805 6228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:32:38.0805 6228 IRENUM - ok
17:32:39.0148 6228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:32:39.0148 6228 isapnp - ok
17:32:39.0304 6228 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
17:32:39.0304 6228 iScsiPrt - ok
17:32:39.0460 6228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:32:39.0460 6228 kbdclass - ok
17:32:39.0632 6228 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
17:32:39.0632 6228 kbdhid - ok
17:32:39.0757 6228 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:32:39.0757 6228 KeyIso - ok
17:32:39.0928 6228 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
17:32:39.0928 6228 KSecDD - ok
17:32:40.0084 6228 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
17:32:40.0084 6228 KSecPkg - ok
17:32:40.0256 6228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:32:40.0256 6228 ksthunk - ok
17:32:40.0396 6228 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:32:40.0412 6228 KtmRm - ok
17:32:40.0552 6228 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
17:32:40.0568 6228 LanmanServer - ok
17:32:40.0693 6228 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:32:40.0693 6228 LanmanWorkstation - ok
17:32:40.0895 6228 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:32:40.0895 6228 lltdio - ok
17:32:41.0426 6228 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:32:41.0441 6228 lltdsvc - ok
17:32:41.0613 6228 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:32:41.0613 6228 lmhosts - ok
17:32:41.0738 6228 LMS (3d23191672d83e90d1cf63927ee98136) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:32:41.0738 6228 LMS - ok
17:32:41.0894 6228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:32:41.0909 6228 LSI_FC - ok
17:32:42.0065 6228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:32:42.0065 6228 LSI_SAS - ok
17:32:42.0237 6228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:32:42.0237 6228 LSI_SAS2 - ok
17:32:42.0424 6228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:32:42.0440 6228 LSI_SCSI - ok
17:32:42.0597 6228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:32:42.0597 6228 luafv - ok
17:32:42.0784 6228 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:32:42.0784 6228 Mcx2Svc - ok
17:32:43.0268 6228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:32:43.0268 6228 megasas - ok
17:32:43.0704 6228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:32:43.0720 6228 MegaSR - ok
17:32:43.0876 6228 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:32:43.0892 6228 MMCSS - ok
17:32:44.0048 6228 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:32:44.0048 6228 Modem - ok
17:32:44.0219 6228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:32:44.0219 6228 monitor - ok
17:32:44.0375 6228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:32:44.0375 6228 mouclass - ok
17:32:44.0562 6228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
17:32:44.0562 6228 mouhid - ok
17:32:44.0718 6228 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:32:44.0718 6228 mountmgr - ok
17:32:44.0921 6228 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
17:32:44.0921 6228 mpio - ok
17:32:45.0296 6228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:32:45.0311 6228 mpsdrv - ok
17:32:45.0467 6228 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:32:45.0467 6228 MRxDAV - ok
17:32:45.0623 6228 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:32:45.0623 6228 mrxsmb - ok
17:32:45.0779 6228 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:32:45.0795 6228 mrxsmb10 - ok
17:32:45.0966 6228 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:32:45.0966 6228 mrxsmb20 - ok
17:32:46.0138 6228 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
17:32:46.0138 6228 msahci - ok
17:32:46.0310 6228 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
17:32:46.0310 6228 msdsm - ok
17:32:46.0466 6228 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:32:46.0466 6228 MSDTC - ok
17:32:46.0637 6228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:32:46.0637 6228 Msfs - ok
17:32:46.0809 6228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:32:46.0809 6228 mshidkmdf - ok
17:32:47.0168 6228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:32:47.0168 6228 msisadrv - ok
17:32:47.0308 6228 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:32:47.0308 6228 MSiSCSI - ok
17:32:47.0417 6228 msiserver - ok
17:32:47.0559 6228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:32:47.0559 6228 MSKSSRV - ok
17:32:47.0699 6228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:32:47.0699 6228 MSPCLOCK - ok
17:32:47.0824 6228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:32:47.0824 6228 MSPQM - ok
17:32:48.0229 6228 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:32:48.0245 6228 MsRPC - ok
17:32:48.0401 6228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:32:48.0401 6228 mssmbios - ok
17:32:48.0541 6228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:32:48.0541 6228 MSTEE - ok
17:32:48.0682 6228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:32:48.0682 6228 MTConfig - ok
17:32:48.0838 6228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:32:48.0838 6228 Mup - ok
17:32:49.0353 6228 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:32:49.0353 6228 MyWiFiDHCPDNS - ok
17:32:49.0477 6228 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:32:49.0477 6228 napagent - ok
17:32:49.0649 6228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:32:49.0649 6228 NativeWifiP - ok
17:32:49.0805 6228 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:32:49.0821 6228 NDIS - ok
17:32:49.0977 6228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:32:49.0977 6228 NdisCap - ok
17:32:50.0117 6228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:32:50.0117 6228 NdisTapi - ok
17:32:50.0257 6228 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:32:50.0257 6228 Ndisuio - ok
17:32:50.0398 6228 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:32:50.0398 6228 NdisWan - ok
17:32:50.0538 6228 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:32:50.0538 6228 NDProxy - ok
17:32:50.0679 6228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:32:50.0679 6228 NetBIOS - ok
17:32:50.0803 6228 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:32:50.0803 6228 NetBT - ok
17:32:51.0256 6228 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:32:51.0256 6228 Netlogon - ok
17:32:51.0615 6228 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:32:51.0615 6228 Netman - ok
17:32:51.0771 6228 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:32:51.0786 6228 netprofm - ok
17:32:51.0942 6228 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:32:51.0942 6228 NetTcpPortSharing - ok
17:32:52.0254 6228 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
17:32:52.0426 6228 NETw5s64 - ok
17:32:52.0613 6228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:32:52.0613 6228 nfrd960 - ok
17:32:52.0785 6228 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:32:52.0785 6228 NlaSvc - ok
17:32:53.0019 6228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:32:53.0019 6228 Npfs - ok
17:32:53.0128 6228 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:32:53.0128 6228 nsi - ok
17:32:53.0299 6228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:32:53.0315 6228 nsiproxy - ok
17:32:53.0487 6228 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:32:53.0518 6228 Ntfs - ok
17:32:53.0674 6228 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:32:53.0674 6228 Null - ok
17:32:53.0877 6228 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:32:53.0877 6228 nvraid - ok
17:32:54.0048 6228 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:32:54.0048 6228 nvstor - ok
17:32:54.0204 6228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:32:54.0204 6228 nv_agp - ok
17:32:54.0329 6228 Oasis2Service (07571684567859da796a566cc78ffa74) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
17:32:54.0329 6228 Oasis2Service - ok
17:32:54.0469 6228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:32:54.0469 6228 ohci1394 - ok
17:32:54.0688 6228 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:32:54.0688 6228 ose - ok
17:32:55.0218 6228 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:32:55.0312 6228 osppsvc - ok
17:32:55.0764 6228 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:32:55.0764 6228 p2pimsvc - ok
17:32:55.0905 6228 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:32:55.0905 6228 p2psvc - ok
17:32:56.0076 6228 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:32:56.0076 6228 Parport - ok
17:32:56.0232 6228 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:32:56.0232 6228 partmgr - ok
17:32:56.0373 6228 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:32:56.0373 6228 PcaSvc - ok
17:32:56.0529 6228 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
17:32:56.0529 6228 pci - ok
17:32:56.0700 6228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:32:56.0716 6228 pciide - ok
17:32:56.0856 6228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:32:56.0856 6228 pcmcia - ok
17:32:57.0153 6228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:32:57.0153 6228 pcw - ok
17:32:57.0309 6228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:32:57.0324 6228 PEAUTH - ok
17:32:57.0496 6228 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:32:57.0496 6228 PerfHost - ok
17:32:57.0667 6228 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:32:57.0714 6228 pla - ok
17:32:57.0870 6228 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:32:57.0886 6228 PlugPlay - ok
17:32:58.0026 6228 PMBDeviceInfoProvider (80e85394d8cd7f84340b1c6f4b9d698f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
17:32:58.0042 6228 PMBDeviceInfoProvider - ok
17:32:58.0151 6228 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:32:58.0151 6228 PNRPAutoReg - ok
17:32:58.0276 6228 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:32:58.0276 6228 PNRPsvc - ok
17:32:58.0401 6228 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:32:58.0416 6228 PolicyAgent - ok
17:32:58.0557 6228 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:32:58.0557 6228 Power - ok
17:32:58.0697 6228 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:32:58.0697 6228 PptpMiniport - ok
17:32:58.0822 6228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:32:58.0822 6228 Processor - ok
17:32:59.0321 6228 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
17:32:59.0321 6228 ProfSvc - ok
17:32:59.0446 6228 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:32:59.0446 6228 ProtectedStorage - ok
17:32:59.0571 6228 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:32:59.0571 6228 Psched - ok
17:32:59.0711 6228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:32:59.0742 6228 ql2300 - ok
17:32:59.0883 6228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:32:59.0883 6228 ql40xx - ok
17:33:00.0007 6228 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:33:00.0023 6228 QWAVE - ok
17:33:00.0117 6228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:33:00.0132 6228 QWAVEdrv - ok
17:33:00.0241 6228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:33:00.0241 6228 RasAcd - ok
17:33:00.0366 6228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:33:00.0366 6228 RasAgileVpn - ok
17:33:00.0491 6228 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:33:00.0491 6228 RasAuto - ok
17:33:00.0616 6228 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:33:00.0616 6228 Rasl2tp - ok
17:33:00.0741 6228 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:33:00.0741 6228 RasMan - ok
17:33:01.0131 6228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:33:01.0131 6228 RasPppoe - ok
17:33:01.0271 6228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:33:01.0271 6228 RasSstp - ok
17:33:01.0380 6228 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:33:01.0396 6228 rdbss - ok
17:33:01.0505 6228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:33:01.0505 6228 rdpbus - ok
17:33:01.0645 6228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:33:01.0645 6228 RDPCDD - ok
17:33:01.0770 6228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:33:01.0770 6228 RDPENCDD - ok
17:33:01.0911 6228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:33:01.0911 6228 RDPREFMP - ok
17:33:02.0020 6228 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
17:33:02.0035 6228 RDPWD - ok
17:33:02.0160 6228 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
17:33:02.0160 6228 rdyboost - ok
17:33:02.0285 6228 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:33:02.0301 6228 RegSrvc - ok
17:33:02.0425 6228 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:33:02.0425 6228 RemoteAccess - ok
17:33:02.0535 6228 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:33:02.0550 6228 RemoteRegistry - ok
17:33:02.0691 6228 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:33:02.0691 6228 RFCOMM - ok
17:33:03.0081 6228 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
17:33:03.0081 6228 rimspci - ok
17:33:03.0736 6228 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
17:33:03.0736 6228 risdsnpe - ok
17:33:03.0861 6228 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:33:03.0861 6228 RpcEptMapper - ok
17:33:03.0970 6228 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:33:03.0970 6228 RpcLocator - ok
17:33:04.0095 6228 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:33:04.0095 6228 RpcSs - ok
17:33:04.0219 6228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:33:04.0219 6228 rspndr - ok
17:33:04.0360 6228 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:33:04.0360 6228 SamSs - ok
17:33:04.0485 6228 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
17:33:04.0485 6228 sbp2port - ok
17:33:04.0609 6228 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:33:04.0625 6228 SCardSvr - ok
17:33:04.0750 6228 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:33:04.0750 6228 scfilter - ok
17:33:04.0937 6228 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:33:05.0171 6228 Schedule - ok
17:33:05.0296 6228 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:33:05.0296 6228 SCPolicySvc - ok
17:33:05.0421 6228 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
17:33:05.0421 6228 sdbus - ok
17:33:05.0546 6228 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:33:05.0546 6228 SDRSVC - ok
17:33:05.0670 6228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:33:05.0670 6228 secdrv - ok
17:33:05.0795 6228 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:33:05.0795 6228 seclogon - ok
17:33:05.0920 6228 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:33:05.0920 6228 SENS - ok
17:33:06.0029 6228 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:33:06.0029 6228 SensrSvc - ok
17:33:06.0138 6228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:33:06.0138 6228 Serenum - ok
17:33:06.0248 6228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:33:06.0248 6228 Serial - ok
17:33:06.0372 6228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:33:06.0372 6228 sermouse - ok
17:33:06.0482 6228 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:33:06.0482 6228 SessionEnv - ok
17:33:06.0606 6228 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
17:33:06.0606 6228 SFEP - ok
17:33:06.0700 6228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:33:06.0700 6228 sffdisk - ok
17:33:06.0809 6228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:33:06.0809 6228 sffp_mmc - ok
17:33:07.0152 6228 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
17:33:07.0168 6228 sffp_sd - ok
17:33:07.0277 6228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:33:07.0277 6228 sfloppy - ok
17:33:07.0418 6228 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:33:07.0433 6228 Sftfs - ok
17:33:07.0542 6228 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:33:07.0542 6228 sftlist - ok
17:33:07.0683 6228 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:33:07.0683 6228 Sftplay - ok
17:33:07.0792 6228 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:33:07.0792 6228 Sftredir - ok
17:33:07.0917 6228 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:33:07.0917 6228 Sftvol - ok
17:33:08.0010 6228 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:33:08.0010 6228 sftvsa - ok
17:33:08.0151 6228 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:33:08.0151 6228 SharedAccess - ok
17:33:08.0276 6228 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:33:08.0291 6228 ShellHWDetection - ok
17:33:08.0416 6228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:33:08.0416 6228 SiSRaid2 - ok
17:33:08.0541 6228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:33:08.0541 6228 SiSRaid4 - ok
17:33:08.0697 6228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:33:08.0697 6228 Smb - ok
17:33:08.0837 6228 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:33:09.0212 6228 SNMPTRAP - ok
17:33:09.0914 6228 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
17:33:09.0929 6228 SOHCImp - ok
17:33:10.0054 6228 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
17:33:10.0054 6228 SOHDms - ok
17:33:10.0179 6228 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
17:33:10.0179 6228 SOHDs - ok
17:33:10.0288 6228 SpfService (5449fc97476f52e027409e703791e6a9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
17:33:10.0288 6228 SpfService - ok
17:33:10.0428 6228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:33:10.0428 6228 spldr - ok
17:33:10.0538 6228 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:33:10.0553 6228 Spooler - ok
17:33:10.0740 6228 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:33:10.0850 6228 sppsvc - ok
17:33:11.0708 6228 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:33:11.0708 6228 sppuinotify - ok
17:33:11.0832 6228 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:33:11.0832 6228 srv - ok
17:33:11.0973 6228 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:33:11.0988 6228 srv2 - ok
17:33:12.0098 6228 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:33:12.0098 6228 srvnet - ok
17:33:12.0207 6228 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:33:12.0207 6228 SSDPSRV - ok
17:33:12.0316 6228 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:33:12.0316 6228 SstpSvc - ok
17:33:12.0410 6228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:33:12.0410 6228 stexstor - ok
17:33:12.0534 6228 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:33:12.0534 6228 stisvc - ok
17:33:12.0659 6228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:33:12.0659 6228 swenum - ok
17:33:12.0784 6228 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:33:12.0784 6228 swprv - ok
17:33:13.0767 6228 SynTP (20f8f4c2ed3f492da318d98e72f77209) C:\Windows\system32\drivers\SynTP.sys
17:33:13.0767 6228 SynTP - ok
17:33:13.0892 6228 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:33:13.0938 6228 SysMain - ok
17:33:14.0048 6228 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:33:14.0048 6228 TabletInputService - ok
17:33:14.0141 6228 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:33:14.0141 6228 TapiSrv - ok
17:33:14.0235 6228 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:33:14.0250 6228 TBS - ok
17:33:14.0391 6228 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:33:14.0422 6228 Tcpip - ok
17:33:14.0594 6228 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:33:14.0594 6228 TCPIP6 - ok
17:33:14.0672 6228 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:33:14.0687 6228 tcpipreg - ok
17:33:14.0718 6228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:33:14.0718 6228 TDPIPE - ok
17:33:14.0765 6228 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:33:14.0765 6228 TDTCP - ok
17:33:14.0796 6228 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:33:14.0796 6228 tdx - ok
17:33:15.0623 6228 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
17:33:15.0623 6228 TermDD - ok
17:33:15.0779 6228 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:33:15.0779 6228 TermService - ok
17:33:15.0904 6228 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:33:15.0904 6228 Themes - ok
17:33:16.0029 6228 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:33:16.0029 6228 THREADORDER - ok
17:33:16.0138 6228 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:33:16.0138 6228 TrkWks - ok
17:33:16.0232 6228 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:33:16.0232 6228 TrustedInstaller - ok
17:33:16.0341 6228 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:33:16.0341 6228 tssecsrv - ok
17:33:16.0481 6228 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:33:16.0481 6228 tunnel - ok
17:33:16.0575 6228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:33:16.0575 6228 uagp35 - ok
17:33:16.0653 6228 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
17:33:16.0653 6228 uCamMonitor - ok
17:33:16.0778 6228 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
17:33:16.0778 6228 udfs - ok
17:33:17.0402 6228 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:33:17.0417 6228 UI0Detect - ok
17:33:17.0682 6228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:33:17.0698 6228 uliagpkx - ok
17:33:17.0807 6228 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:33:17.0807 6228 umbus - ok
17:33:17.0916 6228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:33:17.0916 6228 UmPass - ok
17:33:18.0057 6228 UNS (11a559e0f10cc5e788984023df400a6f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:33:18.0166 6228 UNS - ok
17:33:18.0291 6228 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:33:18.0306 6228 upnphost - ok
17:33:18.0447 6228 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:33:18.0462 6228 USBAAPL64 - ok
17:33:18.0540 6228 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
17:33:18.0540 6228 usbaudio - ok
17:33:18.0572 6228 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
17:33:18.0587 6228 usbccgp - ok
17:33:18.0696 6228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:33:18.0696 6228 usbcir - ok
17:33:18.0806 6228 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
17:33:18.0806 6228 usbehci - ok
17:33:19.0476 6228 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
17:33:19.0492 6228 usbhub - ok
17:33:19.0586 6228 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
17:33:19.0601 6228 usbohci - ok
17:33:19.0710 6228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:33:19.0710 6228 usbprint - ok
17:33:19.0820 6228 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:33:19.0820 6228 usbscan - ok
17:33:19.0898 6228 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:33:19.0898 6228 USBSTOR - ok
17:33:19.0976 6228 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
17:33:19.0976 6228 usbuhci - ok
17:33:20.0085 6228 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
17:33:20.0085 6228 usbvideo - ok
17:33:20.0225 6228 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:33:20.0225 6228 UxSms - ok
17:33:20.0334 6228 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
17:33:20.0334 6228 VAIO Event Service - ok
17:33:20.0444 6228 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
17:33:20.0459 6228 VAIO Power Management - ok
17:33:20.0568 6228 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:33:20.0568 6228 VaultSvc - ok
17:33:20.0709 6228 VBTUSB (70a90412f0ae18021794a0754c2d6299) C:\Windows\system32\Drivers\VBTUSB.sys
17:33:20.0709 6228 VBTUSB - ok
17:33:20.0927 6228 VCFw (96efa2698d6b9e2931609a3ea73fc5dc) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
17:33:20.0943 6228 VCFw - ok
17:33:21.0068 6228 VcmIAlzMgr (7bebf6a5285ffc03c34a7297a4e177cb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
17:33:21.0083 6228 VcmIAlzMgr - ok
17:33:21.0208 6228 VcmINSMgr (e005b04dfca99f5880c5111933194ca9) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
17:33:21.0208 6228 VcmINSMgr - ok
17:33:21.0348 6228 VcmXmlIfHelper (829a32fd1334f72429ca0515760eb7a7) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
17:33:21.0348 6228 VcmXmlIfHelper - ok
17:33:21.0458 6228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:33:21.0458 6228 vdrvroot - ok
17:33:21.0582 6228 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:33:21.0582 6228 vds - ok
17:33:21.0723 6228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:33:21.0723 6228 vga - ok
17:33:21.0816 6228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:33:21.0832 6228 VgaSave - ok
17:33:21.0926 6228 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
17:33:21.0941 6228 vhdmp - ok
17:33:22.0050 6228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:33:22.0050 6228 viaide - ok
17:33:22.0160 6228 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
17:33:22.0160 6228 volmgr - ok
17:33:22.0269 6228 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:33:22.0284 6228 volmgrx - ok
17:33:22.0425 6228 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
17:33:22.0425 6228 volsnap - ok
17:33:22.0534 6228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:33:22.0534 6228 vsmraid - ok
17:33:22.0690 6228 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:33:22.0737 6228 VSS - ok
17:33:23.0033 6228 VUAgent (e55a44d8f9f713d5f5d5bbaef2ba0a34) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
17:33:23.0064 6228 VUAgent - ok
17:33:23.0220 6228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:33:23.0220 6228 vwifibus - ok
17:33:23.0283 6228 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:33:23.0283 6228 vwififlt - ok
17:33:23.0376 6228 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:33:23.0392 6228 vwifimp - ok
17:33:23.0470 6228 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:33:23.0470 6228 W32Time - ok
17:33:23.0564 6228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:33:23.0579 6228 WacomPen - ok
17:33:23.0704 6228 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:33:23.0704 6228 WANARP - ok
17:33:23.0735 6228 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:33:23.0735 6228 Wanarpv6 - ok
17:33:23.0891 6228 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:33:23.0922 6228 WatAdminSvc - ok
17:33:24.0094 6228 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:33:24.0141 6228 wbengine - ok
17:33:24.0266 6228 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:33:24.0266 6228 WbioSrvc - ok
17:33:24.0328 6228 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:33:24.0344 6228 wcncsvc - ok
17:33:24.0390 6228 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:33:24.0390 6228 WcsPlugInService - ok
17:33:24.0453 6228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:33:24.0453 6228 Wd - ok
17:33:24.0578 6228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:33:24.0578 6228 Wdf01000 - ok
17:33:24.0640 6228 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:33:24.0640 6228 WdiServiceHost - ok
17:33:24.0656 6228 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:33:24.0656 6228 WdiSystemHost - ok
17:33:24.0780 6228 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
17:33:24.0780 6228 wdkmd - ok
17:33:25.0014 6228 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:33:25.0030 6228 WebClient - ok
17:33:25.0155 6228 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:33:25.0155 6228 Wecsvc - ok
17:33:25.0233 6228 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:33:25.0233 6228 wercplsupport - ok
17:33:25.0342 6228 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:33:25.0358 6228 WerSvc - ok
17:33:25.0482 6228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:33:25.0482 6228 WfpLwf - ok
17:33:25.0545 6228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:33:25.0545 6228 WIMMount - ok
17:33:25.0560 6228 WinHttpAutoProxySvc - ok
17:33:25.0638 6228 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:33:25.0654 6228 Winmgmt - ok
17:33:25.0763 6228 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:33:25.0810 6228 WinRM - ok
17:33:25.0966 6228 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:33:25.0966 6228 WinUsb - ok
17:33:26.0044 6228 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:33:26.0060 6228 Wlansvc - ok
17:33:26.0138 6228 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:33:26.0138 6228 wlcrasvc - ok
17:33:26.0247 6228 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:33:26.0294 6228 wlidsvc - ok
17:33:26.0387 6228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:33:26.0387 6228 WmiAcpi - ok
17:33:26.0450 6228 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:33:26.0465 6228 wmiApSrv - ok
17:33:26.0528 6228 WMPNetworkSvc - ok
17:33:26.0606 6228 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:33:26.0606 6228 WPCSvc - ok
17:33:26.0684 6228 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:33:26.0684 6228 WPDBusEnum - ok
17:33:26.0746 6228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:33:26.0746 6228 ws2ifsl - ok
17:33:26.0808 6228 WSearch - ok
17:33:27.0027 6228 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
17:33:27.0089 6228 wuauserv - ok
17:33:27.0214 6228 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:33:27.0230 6228 WudfPf - ok
17:33:27.0370 6228 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:33:27.0370 6228 WUDFRd - ok
17:33:27.0479 6228 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:33:27.0479 6228 wudfsvc - ok
17:33:27.0557 6228 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:33:27.0557 6228 WwanSvc - ok
17:33:27.0713 6228 XUIF (5f22132c9153639762708909f156b33d) C:\Windows\system32\nvcap.dll
17:33:27.0729 6228 XUIF ( Backdoor.Multi.ZAccess.gen ) - infected
17:33:27.0729 6228 XUIF - detected Backdoor.Multi.ZAccess.gen (0)
17:33:27.0854 6228 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
17:33:27.0854 6228 yukonw7 - ok
17:33:27.0900 6228 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:33:28.0041 6228 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:33:28.0041 6228 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:33:28.0056 6228 Boot (0x1200) (21b0a6a84f52c6dd14a04dc4e4a53908) \Device\Harddisk0\DR0\Partition0
17:33:28.0056 6228 \Device\Harddisk0\DR0\Partition0 - ok
17:33:28.0103 6228 Boot (0x1200) (85710565d85185a367718fdac76348b9) \Device\Harddisk0\DR0\Partition1
17:33:28.0103 6228 \Device\Harddisk0\DR0\Partition1 - ok
17:33:28.0103 6228 ============================================================
17:33:28.0103 6228 Scan finished
17:33:28.0103 6228 ============================================================
17:33:28.0119 4168 Detected object count: 2
17:33:28.0119 4168 Actual detected object count: 2
17:33:38.0555 4168 C:\Windows\system32\nvcap.dll - copied to quarantine
17:33:38.0555 4168 HKLM\SYSTEM\ControlSet001\services\XUIF - will be deleted on reboot
17:33:38.0586 4168 HKLM\SYSTEM\ControlSet002\services\XUIF - will be deleted on reboot
17:33:38.0774 4168 C:\Windows\system32\nvcap.dll - will be deleted on reboot
17:33:38.0774 4168 XUIF ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:33:38.0774 4168 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:33:38.0774 4168 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#4 kittykamikaze

kittykamikaze
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 21 April 2012 - 06:29 PM

Gmer results:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-21 18:28:31
Windows 6.1.7600
Running: vlzhkgwf.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46adc0ad3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe790bf
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46adc0ad3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe790bf (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes

---- EOF - GMER 1.0.15 ----

#5 kittykamikaze

kittykamikaze
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 21 April 2012 - 06:44 PM

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 18:30:07
-----------------------------
18:30:07.897 OS Version: Windows x64 6.1.7600
18:30:07.897 Number of processors: 4 586 0x2505
18:30:07.897 ComputerName: CHRIS-VAIO UserName: Chris
18:30:10.269 Initialize success
18:32:00.516 AVAST engine defs: 12042101
18:32:03.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:32:03.885 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:32:03.901 Disk 0 MBR read successfully
18:32:03.901 Disk 0 MBR scan
18:32:03.916 Disk 0 Windows 7 default MBR code
18:32:03.916 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10734 MB offset 2048
18:32:03.932 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21985280
18:32:03.948 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466104 MB offset 22190080
18:32:03.979 Disk 0 scanning C:\Windows\system32\drivers
18:32:15.495 Service scanning
18:32:58.333 Service sandboxu C:\Windows\system32\cbidf2k.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:33:11.548 Modules scanning
18:33:11.563 Disk 0 trace - called modules:
18:33:12.094 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:33:12.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006356060]
18:33:12.109 3 CLASSPNP.SYS[fffff88001acb43f] -> nt!IofCallDriver -> [0xfffffa800431a5d0]
18:33:12.125 5 ACPI.sys[fffff88000f3a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800431f050]
18:33:15.042 AVAST engine scan C:\Windows
18:33:18.162 AVAST engine scan C:\Windows\system32
18:33:19.519 File: C:\Windows\system32\afd.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:33:21.890 File: C:\Windows\system32\ATIVXSTW.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:33:24.137 File: C:\Windows\system32\cbidf2k.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:33:24.184 File: C:\Windows\system32\cdaudio.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:33:26.430 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
18:33:46.072 File: C:\Windows\system32\JRAID.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:34:08.587 File: C:\Windows\system32\p17.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:34:13.158 File: C:\Windows\system32\rasacd.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:34:35.622 File: C:\Windows\system32\wmdmpmsp.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:34:38.196 File: C:\Windows\system32\wps.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:34:43.297 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:34:45.419 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
18:36:12.890 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
18:36:12.984 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
18:36:14.216 AVAST engine scan C:\Windows\system32\drivers
18:36:30.239 AVAST engine scan C:\Users\Chris
18:41:21.322 AVAST engine scan C:\ProgramData
18:43:03.535 Scan finished successfully
18:43:39.416 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
18:43:39.416 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:58 AM

Posted 21 April 2012 - 06:58 PM

We need advanced tools to remove the rootkit.

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users