Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove S.M.A.R.T. hdd virus!


  • This topic is locked This topic is locked
20 replies to this topic

#1 ddarkstar1

ddarkstar1

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 12:52 PM

I am infected with the s.m.a.r.t. scan hdd virus and have been trying to read the topics on it and find a way to remove it and restore all of my files. I cannot do a system restore because it deleted all of my restore points (or maybe hid them?). Only have a recycle bin and virus folder on desktop. No start menu items at all or even anything under all programs tab. I have managed to unhide only some of the desktop items and they are partially visible. The ones that seem to be missing from there still are hp assistant type shortcuts. Again that is all I have been able to do so far aside from find the smtmp files (only 1 and 4) that I do not know how to restore. Is it possible to get a pro to help me step by step? Thank you.

Edited by ddarkstar1, 20 June 2012 - 01:24 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 20 June 2012 - 12:59 PM

Lets make sure your system is clean?

what is your OS?

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 20 June 2012 - 12:59 PM.


#3 ddarkstar1

ddarkstar1
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 01:02 PM

will try now

tdsskiller will not run

#4 ddarkstar1

ddarkstar1
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 01:03 PM

win 7 by the way

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 20 June 2012 - 01:04 PM

We dont need SMTMP to restore the folder.Make sure not to delete the restore points

#6 ddarkstar1

ddarkstar1
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 01:08 PM

according to my computer this virus left me with no system restore points. I just dont know if it truly deleted them or hid them somehow. when i go to choose a point there is a red box with an x in it saying i have no previous restore points. this is how i usually fix my computer

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 20 June 2012 - 01:09 PM

Ok,let me get the logs first.If you have SMTMP/1 folder then we can restore them

good luck

Edited by narenxp, 20 June 2012 - 01:09 PM.


#8 ddarkstar1

ddarkstar1
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 01:43 PM

tdsskiller would not run.
aswMBR would not run.

Tried clicking on these numerous times was like clicking on a brick wall. Even tried as administrator.

ESET results:

How to export list to desktop?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 20 June 2012 - 01:46 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot,click on REPAIR


Now run both TDSSkiller and aswmbr

#10 ddarkstar1

ddarkstar1
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 03:30 PM

waiting for logs now. thanks for your help so far.

#11 ddarkstar1

ddarkstar1
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 03:34 PM

how do i know when scan is complete on aswMBR?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 20 June 2012 - 03:50 PM

Save log option should be visible

#13 ddarkstar1

ddarkstar1
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 08:56 PM

tdsskiller:

15:56:38.0151 4060 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:56:40.0155 4060 ============================================================
15:56:40.0156 4060 Current date / time: 2012/06/20 15:56:40.0155
15:56:40.0156 4060 SystemInfo:
15:56:40.0156 4060
15:56:40.0156 4060 OS Version: 6.1.7600 ServicePack: 0.0
15:56:40.0156 4060 Product type: Workstation
15:56:40.0156 4060 ComputerName: HOLLY-PC
15:56:40.0156 4060 UserName: Holly
15:56:40.0156 4060 Windows directory: C:\Windows
15:56:40.0156 4060 System windows directory: C:\Windows
15:56:40.0156 4060 Running under WOW64
15:56:40.0156 4060 Processor architecture: Intel x64
15:56:40.0156 4060 Number of processors: 1
15:56:40.0156 4060 Page size: 0x1000
15:56:40.0156 4060 Boot type: Normal boot
15:56:40.0156 4060 ============================================================
15:56:42.0161 4060 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:56:42.0165 4060 ============================================================
15:56:42.0165 4060 \Device\Harddisk0\DR0:
15:56:42.0165 4060 MBR partitions:
15:56:42.0165 4060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:56:42.0165 4060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B8BF800
15:56:42.0165 4060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B923800, BlocksNum 0x18A1800
15:56:42.0165 4060 ============================================================
15:56:42.0215 4060 C: <-> \Device\Harddisk0\DR0\Partition1
15:56:42.0253 4060 D: <-> \Device\Harddisk0\DR0\Partition2
15:56:42.0254 4060 ============================================================
15:56:42.0254 4060 Initialize success
15:56:42.0254 4060 ============================================================
15:58:29.0056 3508 ============================================================
15:58:29.0056 3508 Scan started
15:58:29.0056 3508 Mode: Manual; TDLFS;
15:58:29.0056 3508 ============================================================
15:58:30.0076 3508 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Vdos\Paint\Anti-Spyware\SASCORE64.EXE
15:58:30.0085 3508 !SASCORE - ok
15:58:30.0227 3508 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:58:30.0240 3508 1394ohci - ok
15:58:30.0297 3508 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:58:30.0301 3508 ACPI - ok
15:58:30.0333 3508 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:58:30.0337 3508 AcpiPmi - ok
15:58:30.0394 3508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:58:30.0407 3508 adp94xx - ok
15:58:30.0448 3508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:58:30.0459 3508 adpahci - ok
15:58:30.0486 3508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:58:30.0493 3508 adpu320 - ok
15:58:30.0523 3508 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:58:30.0529 3508 AeLookupSvc - ok
15:58:30.0599 3508 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:58:30.0617 3508 AFD - ok
15:58:30.0652 3508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:58:30.0658 3508 agp440 - ok
15:58:30.0679 3508 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:58:30.0686 3508 ALG - ok
15:58:30.0698 3508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:58:30.0704 3508 aliide - ok
15:58:30.0721 3508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:58:30.0725 3508 amdide - ok
15:58:30.0763 3508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:58:30.0771 3508 AmdK8 - ok
15:58:30.0794 3508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:58:30.0801 3508 AmdPPM - ok
15:58:30.0880 3508 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:58:30.0887 3508 amdsata - ok
15:58:30.0930 3508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:58:30.0938 3508 amdsbs - ok
15:58:30.0965 3508 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:58:30.0980 3508 amdxata - ok
15:58:31.0156 3508 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Vdos\Paint\Anti-Malware\Avira\Avira\AntiVir Desktop\sched.exe
15:58:31.0163 3508 AntiVirSchedulerService - ok
15:58:31.0218 3508 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Vdos\Paint\Anti-Malware\Avira\Avira\AntiVir Desktop\avguard.exe
15:58:31.0228 3508 AntiVirService - ok
15:58:31.0272 3508 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:58:31.0278 3508 AppID - ok
15:58:31.0309 3508 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:58:31.0314 3508 AppIDSvc - ok
15:58:31.0345 3508 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:58:31.0352 3508 Appinfo - ok
15:58:31.0404 3508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:58:31.0413 3508 arc - ok
15:58:31.0443 3508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:58:31.0450 3508 arcsas - ok
15:58:31.0479 3508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:58:31.0483 3508 AsyncMac - ok
15:58:31.0511 3508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:58:31.0512 3508 atapi - ok
15:58:31.0631 3508 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
15:58:31.0659 3508 athr - ok
15:58:31.0784 3508 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:58:31.0803 3508 AudioEndpointBuilder - ok
15:58:31.0816 3508 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:58:31.0821 3508 AudioSrv - ok
15:58:31.0875 3508 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
15:58:31.0883 3508 avgntflt - ok
15:58:31.0910 3508 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
15:58:31.0918 3508 avipbb - ok
15:58:31.0943 3508 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:58:31.0948 3508 avkmgr - ok
15:58:31.0985 3508 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:58:31.0994 3508 AxInstSV - ok
15:58:32.0053 3508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:58:32.0066 3508 b06bdrv - ok
15:58:32.0123 3508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:58:32.0135 3508 b57nd60a - ok
15:58:32.0188 3508 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:58:32.0195 3508 BDESVC - ok
15:58:32.0225 3508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:58:32.0237 3508 Beep - ok
15:58:32.0524 3508 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:58:32.0544 3508 BITS - ok
15:58:32.0601 3508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:58:32.0716 3508 blbdrive - ok
15:58:32.0770 3508 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:58:32.0790 3508 bowser - ok
15:58:32.0897 3508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:58:32.0920 3508 BrFiltLo - ok
15:58:32.0953 3508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:58:32.0962 3508 BrFiltUp - ok
15:58:33.0026 3508 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:58:33.0052 3508 Browser - ok
15:58:33.0137 3508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:58:33.0152 3508 Brserid - ok
15:58:33.0192 3508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:58:33.0205 3508 BrSerWdm - ok
15:58:33.0253 3508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:58:33.0271 3508 BrUsbMdm - ok
15:58:33.0292 3508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:58:33.0296 3508 BrUsbSer - ok
15:58:33.0331 3508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:58:33.0338 3508 BTHMODEM - ok
15:58:33.0383 3508 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:58:33.0391 3508 bthserv - ok
15:58:33.0448 3508 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:58:33.0459 3508 CAXHWAZL - ok
15:58:33.0482 3508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:58:33.0490 3508 cdfs - ok
15:58:33.0547 3508 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:58:33.0557 3508 cdrom - ok
15:58:33.0581 3508 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:58:33.0589 3508 CertPropSvc - ok
15:58:33.0622 3508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:58:33.0628 3508 circlass - ok
15:58:33.0667 3508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:58:33.0679 3508 CLFS - ok
15:58:33.0738 3508 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:58:33.0747 3508 clr_optimization_v2.0.50727_32 - ok
15:58:33.0792 3508 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:58:33.0799 3508 clr_optimization_v2.0.50727_64 - ok
15:58:33.0927 3508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:58:33.0952 3508 clr_optimization_v4.0.30319_32 - ok
15:58:33.0997 3508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:58:33.0998 3508 clr_optimization_v4.0.30319_64 - ok
15:58:34.0023 3508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:58:34.0027 3508 CmBatt - ok
15:58:34.0047 3508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:58:34.0051 3508 cmdide - ok
15:58:34.0096 3508 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:58:34.0110 3508 CNG - ok
15:58:34.0188 3508 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys
15:58:34.0207 3508 CnxtHdAudService - ok
15:58:34.0317 3508 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:58:34.0318 3508 Com4QLBEx - ok
15:58:34.0336 3508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:58:34.0341 3508 Compbatt - ok
15:58:34.0380 3508 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:58:34.0386 3508 CompositeBus - ok
15:58:34.0406 3508 COMSysApp - ok
15:58:34.0426 3508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:58:34.0432 3508 crcdisk - ok
15:58:34.0477 3508 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:58:34.0486 3508 CryptSvc - ok
15:58:34.0545 3508 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:58:34.0552 3508 DcomLaunch - ok
15:58:34.0584 3508 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:58:34.0596 3508 defragsvc - ok
15:58:34.0639 3508 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:58:34.0647 3508 DfsC - ok
15:58:34.0697 3508 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:58:34.0710 3508 Dhcp - ok
15:58:34.0739 3508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:58:34.0746 3508 discache - ok
15:58:34.0773 3508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:58:34.0779 3508 Disk - ok
15:58:34.0833 3508 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:58:34.0845 3508 Dnscache - ok
15:58:34.0875 3508 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:58:34.0891 3508 dot3svc - ok
15:58:34.0919 3508 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:58:34.0929 3508 DPS - ok
15:58:34.0963 3508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:58:34.0965 3508 drmkaud - ok
15:58:35.0029 3508 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:58:35.0031 3508 dtsoftbus01 - ok
15:58:35.0115 3508 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:58:35.0128 3508 DXGKrnl - ok
15:58:35.0153 3508 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:58:35.0160 3508 EapHost - ok
15:58:35.0341 3508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:58:35.0392 3508 ebdrv - ok
15:58:35.0499 3508 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:58:35.0504 3508 EFS - ok
15:58:35.0616 3508 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
15:58:35.0635 3508 ehRecvr - ok
15:58:35.0675 3508 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:58:35.0684 3508 ehSched - ok
15:58:35.0717 3508 ELkbd (5f22132c9153639762708909f156b33d) C:\Windows\system32\mssql$microsoftsmlbiz.dll
15:58:35.0722 3508 Suspicious file (NoAccess): C:\Windows\system32\mssql$microsoftsmlbiz.dll. md5: 5f22132c9153639762708909f156b33d
15:58:35.0722 3508 ELkbd ( Backdoor.Multi.ZAccess.gen ) - infected
15:58:35.0723 3508 ELkbd - detected Backdoor.Multi.ZAccess.gen (0)
15:58:35.0790 3508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:58:35.0802 3508 elxstor - ok
15:58:35.0871 3508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:58:35.0875 3508 ErrDev - ok
15:58:35.0957 3508 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:58:35.0968 3508 EventSystem - ok
15:58:36.0011 3508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:58:36.0024 3508 exfat - ok
15:58:36.0044 3508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:58:36.0064 3508 fastfat - ok
15:58:36.0133 3508 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:58:36.0148 3508 Fax - ok
15:58:36.0182 3508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:58:36.0187 3508 fdc - ok
15:58:36.0215 3508 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:58:36.0221 3508 fdPHost - ok
15:58:36.0242 3508 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:58:36.0248 3508 FDResPub - ok
15:58:36.0266 3508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:58:36.0274 3508 FileInfo - ok
15:58:36.0289 3508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:58:36.0293 3508 Filetrace - ok
15:58:36.0321 3508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:58:36.0326 3508 flpydisk - ok
15:58:36.0358 3508 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:58:36.0370 3508 FltMgr - ok
15:58:36.0462 3508 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
15:58:36.0481 3508 FontCache - ok
15:58:36.0545 3508 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:58:36.0546 3508 FontCache3.0.0.0 - ok
15:58:36.0596 3508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:58:36.0602 3508 FsDepends - ok
15:58:36.0631 3508 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
15:58:36.0635 3508 Fs_Rec - ok
15:58:36.0683 3508 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:58:36.0698 3508 fvevol - ok
15:58:36.0720 3508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:58:36.0728 3508 gagp30kx - ok
15:58:36.0816 3508 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:58:36.0832 3508 GameConsoleService - ok
15:58:36.0900 3508 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:58:36.0919 3508 gpsvc - ok
15:58:37.0018 3508 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:58:37.0019 3508 gupdate - ok
15:58:37.0048 3508 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:58:37.0049 3508 gupdatem - ok
15:58:37.0089 3508 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:58:37.0102 3508 gusvc - ok
15:58:37.0159 3508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:58:37.0164 3508 hcw85cir - ok
15:58:37.0226 3508 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:58:37.0239 3508 HdAudAddService - ok
15:58:37.0263 3508 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:58:37.0264 3508 HDAudBus - ok
15:58:37.0287 3508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:58:37.0291 3508 HidBatt - ok
15:58:37.0324 3508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:58:37.0331 3508 HidBth - ok
15:58:37.0349 3508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:58:37.0354 3508 HidIr - ok
15:58:37.0387 3508 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:58:37.0392 3508 hidserv - ok
15:58:37.0436 3508 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:58:37.0441 3508 HidUsb - ok
15:58:37.0493 3508 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:58:37.0501 3508 hkmsvc - ok
15:58:37.0524 3508 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:58:37.0538 3508 HomeGroupListener - ok
15:58:37.0592 3508 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:58:37.0602 3508 HomeGroupProvider - ok
15:58:37.0670 3508 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:58:37.0671 3508 HP Health Check Service - ok
15:58:37.0742 3508 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:58:37.0747 3508 HpqKbFiltr - ok
15:58:37.0864 3508 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:58:37.0866 3508 hpqwmiex - ok
15:58:37.0910 3508 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:58:37.0916 3508 HpSAMD - ok
15:58:38.0027 3508 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
15:58:38.0050 3508 HsfXAudioService - ok
15:58:38.0142 3508 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:58:38.0175 3508 HSF_DPV - ok
15:58:38.0325 3508 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:58:38.0345 3508 HTTP - ok
15:58:38.0367 3508 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:58:38.0372 3508 hwpolicy - ok
15:58:38.0409 3508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:58:38.0418 3508 i8042prt - ok
15:58:38.0490 3508 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:58:38.0501 3508 iaStorV - ok
15:58:38.0604 3508 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:58:38.0634 3508 idsvc - ok
15:58:39.0222 3508 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:58:39.0375 3508 igfx - ok
15:58:39.0505 3508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:58:39.0511 3508 iirsp - ok
15:58:39.0599 3508 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:58:39.0621 3508 IKEEXT - ok
15:58:39.0647 3508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:58:39.0651 3508 intelide - ok
15:58:39.0689 3508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:58:39.0690 3508 intelppm - ok
15:58:39.0714 3508 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:58:39.0721 3508 IPBusEnum - ok
15:58:39.0755 3508 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:58:39.0764 3508 IpFilterDriver - ok
15:58:39.0785 3508 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:58:39.0801 3508 IPMIDRV - ok
15:58:39.0821 3508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:58:39.0830 3508 IPNAT - ok
15:58:39.0861 3508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:58:39.0864 3508 IRENUM - ok
15:58:39.0878 3508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:58:39.0883 3508 isapnp - ok
15:58:39.0924 3508 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:58:39.0941 3508 iScsiPrt - ok
15:58:39.0985 3508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:58:39.0997 3508 kbdclass - ok
15:58:40.0046 3508 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:58:40.0051 3508 kbdhid - ok
15:58:40.0081 3508 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:58:40.0083 3508 KeyIso - ok
15:58:40.0113 3508 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:58:40.0120 3508 KSecDD - ok
15:58:40.0144 3508 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:58:40.0153 3508 KSecPkg - ok
15:58:40.0179 3508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:58:40.0183 3508 ksthunk - ok
15:58:40.0238 3508 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:58:40.0256 3508 KtmRm - ok
15:58:40.0308 3508 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
15:58:40.0320 3508 LanmanServer - ok
15:58:40.0360 3508 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:58:40.0370 3508 LanmanWorkstation - ok
15:58:40.0829 3508 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
15:58:40.0910 3508 LeapFrog Connect Device Service - ok
15:58:41.0038 3508 LeapFrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys
15:58:41.0043 3508 LeapFrog-USBLAN - ok
15:58:41.0123 3508 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:58:41.0129 3508 LightScribeService - ok
15:58:41.0171 3508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:58:41.0176 3508 lltdio - ok
15:58:41.0240 3508 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:58:41.0278 3508 lltdsvc - ok
15:58:41.0304 3508 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:58:41.0313 3508 lmhosts - ok
15:58:41.0364 3508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:58:41.0375 3508 LSI_FC - ok
15:58:41.0405 3508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:58:41.0413 3508 LSI_SAS - ok
15:58:41.0439 3508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:58:41.0446 3508 LSI_SAS2 - ok
15:58:41.0487 3508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:58:41.0496 3508 LSI_SCSI - ok
15:58:41.0521 3508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:58:41.0530 3508 luafv - ok
15:58:41.0591 3508 LWWLicenseService (f6216c0549996d6cf3006f743c8a0618) C:\Program Files (x86)\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
15:58:41.0612 3508 LWWLicenseService - ok
15:58:41.0657 3508 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:58:41.0668 3508 Mcx2Svc - ok
15:58:41.0716 3508 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:58:41.0722 3508 mdmxsdk - ok
15:58:41.0759 3508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:58:41.0763 3508 megasas - ok
15:58:41.0803 3508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:58:41.0823 3508 MegaSR - ok
15:58:41.0868 3508 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:58:41.0877 3508 MMCSS - ok
15:58:41.0907 3508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:58:41.0912 3508 Modem - ok
15:58:41.0940 3508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:58:41.0941 3508 monitor - ok
15:58:41.0980 3508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:58:41.0985 3508 mouclass - ok
15:58:42.0011 3508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:58:42.0015 3508 mouhid - ok
15:58:42.0044 3508 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:58:42.0051 3508 mountmgr - ok
15:58:42.0069 3508 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:58:42.0080 3508 mpio - ok
15:58:42.0103 3508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:58:42.0111 3508 mpsdrv - ok
15:58:42.0138 3508 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:58:42.0148 3508 MRxDAV - ok
15:58:42.0200 3508 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:58:42.0210 3508 mrxsmb - ok
15:58:42.0266 3508 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:58:42.0281 3508 mrxsmb10 - ok
15:58:42.0371 3508 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:58:42.0386 3508 mrxsmb20 - ok
15:58:42.0406 3508 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:58:42.0413 3508 msahci - ok
15:58:42.0450 3508 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:58:42.0460 3508 msdsm - ok
15:58:42.0494 3508 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:58:42.0504 3508 MSDTC - ok
15:58:42.0546 3508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:58:42.0550 3508 Msfs - ok
15:58:42.0621 3508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:58:42.0723 3508 mshidkmdf - ok
15:58:42.0742 3508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:58:42.0749 3508 msisadrv - ok
15:58:42.0813 3508 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:58:42.0822 3508 MSiSCSI - ok
15:58:42.0833 3508 msiserver - ok
15:58:42.0868 3508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:58:42.0871 3508 MSKSSRV - ok
15:58:42.0884 3508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:58:42.0888 3508 MSPCLOCK - ok
15:58:42.0901 3508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:58:42.0904 3508 MSPQM - ok
15:58:42.0944 3508 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:58:42.0957 3508 MsRPC - ok
15:58:42.0989 3508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:58:42.0989 3508 mssmbios - ok
15:58:43.0013 3508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:58:43.0018 3508 MSTEE - ok
15:58:43.0033 3508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:58:43.0037 3508 MTConfig - ok
15:58:43.0065 3508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:58:43.0072 3508 Mup - ok
15:58:43.0111 3508 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:58:43.0129 3508 napagent - ok
15:58:43.0187 3508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:58:43.0199 3508 NativeWifiP - ok
15:58:43.0277 3508 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:58:43.0287 3508 NDIS - ok
15:58:43.0325 3508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:58:43.0330 3508 NdisCap - ok
15:58:43.0366 3508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:43.0371 3508 NdisTapi - ok
15:58:43.0402 3508 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:43.0407 3508 Ndisuio - ok
15:58:43.0436 3508 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:43.0444 3508 NdisWan - ok
15:58:43.0468 3508 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:58:43.0474 3508 NDProxy - ok
15:58:43.0497 3508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:58:43.0504 3508 NetBIOS - ok
15:58:43.0529 3508 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:58:43.0542 3508 NetBT - ok
15:58:43.0574 3508 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:58:43.0576 3508 Netlogon - ok
15:58:43.0629 3508 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:58:43.0636 3508 Netman - ok
15:58:43.0707 3508 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:58:43.0725 3508 netprofm - ok
15:58:43.0820 3508 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:58:43.0832 3508 NetTcpPortSharing - ok
15:58:44.0150 3508 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:58:44.0234 3508 netw5v64 - ok
15:58:44.0325 3508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:58:44.0330 3508 nfrd960 - ok
15:58:44.0392 3508 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:58:44.0405 3508 NlaSvc - ok
15:58:44.0437 3508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:58:44.0444 3508 Npfs - ok
15:58:44.0458 3508 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:58:44.0464 3508 nsi - ok
15:58:44.0481 3508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:58:44.0485 3508 nsiproxy - ok
15:58:44.0620 3508 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:58:44.0653 3508 Ntfs - ok
15:58:44.0738 3508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:58:44.0741 3508 Null - ok
15:58:44.0787 3508 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:58:44.0796 3508 nvraid - ok
15:58:44.0880 3508 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:58:44.0888 3508 nvstor - ok
15:58:44.0935 3508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:58:44.0945 3508 nv_agp - ok
15:58:45.0063 3508 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:58:45.0085 3508 odserv - ok
15:58:45.0121 3508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:58:45.0131 3508 ohci1394 - ok
15:58:45.0165 3508 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:45.0175 3508 ose - ok
15:58:45.0230 3508 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:58:45.0242 3508 p2pimsvc - ok
15:58:45.0284 3508 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:58:45.0300 3508 p2psvc - ok
15:58:45.0330 3508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:58:45.0340 3508 Parport - ok
15:58:45.0371 3508 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:58:45.0380 3508 partmgr - ok
15:58:45.0404 3508 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:58:45.0419 3508 PcaSvc - ok
15:58:45.0458 3508 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:58:45.0472 3508 pci - ok
15:58:45.0489 3508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:58:45.0493 3508 pciide - ok
15:58:45.0554 3508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:58:45.0579 3508 pcmcia - ok
15:58:45.0677 3508 PCTSFileEnum - ok
15:58:45.0702 3508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:58:45.0716 3508 pcw - ok
15:58:45.0789 3508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:58:45.0812 3508 PEAUTH - ok
15:58:45.0904 3508 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:58:45.0910 3508 PerfHost - ok
15:58:46.0163 3508 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:58:46.0194 3508 pla - ok
15:58:46.0259 3508 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:58:46.0289 3508 PlugPlay - ok
15:58:46.0315 3508 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:58:46.0329 3508 PNRPAutoReg - ok
15:58:46.0375 3508 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:58:46.0378 3508 PNRPsvc - ok
15:58:46.0474 3508 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:58:46.0491 3508 PolicyAgent - ok
15:58:46.0538 3508 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:58:46.0549 3508 Power - ok
15:58:46.0616 3508 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:58:46.0626 3508 PptpMiniport - ok
15:58:46.0691 3508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:58:46.0698 3508 Processor - ok
15:58:46.0741 3508 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:58:46.0753 3508 ProfSvc - ok
15:58:46.0783 3508 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:58:46.0784 3508 ProtectedStorage - ok
15:58:46.0863 3508 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:58:46.0872 3508 Psched - ok
15:58:46.0980 3508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:58:47.0009 3508 ql2300 - ok
15:58:47.0131 3508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:58:47.0141 3508 ql40xx - ok
15:58:47.0173 3508 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:58:47.0185 3508 QWAVE - ok
15:58:47.0217 3508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:58:47.0226 3508 QWAVEdrv - ok
15:58:47.0250 3508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:58:47.0254 3508 RasAcd - ok
15:58:47.0294 3508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:58:47.0300 3508 RasAgileVpn - ok
15:58:47.0335 3508 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:58:47.0345 3508 RasAuto - ok
15:58:47.0377 3508 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:47.0385 3508 Rasl2tp - ok
15:58:47.0428 3508 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:58:47.0441 3508 RasMan - ok
15:58:47.0478 3508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:47.0485 3508 RasPppoe - ok
15:58:47.0504 3508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:58:47.0512 3508 RasSstp - ok
15:58:47.0548 3508 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:58:47.0561 3508 rdbss - ok
15:58:47.0588 3508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:58:47.0595 3508 rdpbus - ok
15:58:47.0617 3508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:47.0626 3508 RDPCDD - ok
15:58:47.0659 3508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:58:47.0662 3508 RDPENCDD - ok
15:58:47.0686 3508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:58:47.0689 3508 RDPREFMP - ok
15:58:47.0736 3508 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
15:58:47.0747 3508 RDPWD - ok
15:58:47.0787 3508 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:58:47.0797 3508 rdyboost - ok
15:58:47.0883 3508 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:58:47.0890 3508 RemoteAccess - ok
15:58:47.0915 3508 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:58:47.0925 3508 RemoteRegistry - ok
15:58:48.0030 3508 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:58:48.0039 3508 RichVideo - ok
15:58:48.0079 3508 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:58:48.0087 3508 RpcEptMapper - ok
15:58:48.0115 3508 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:58:48.0119 3508 RpcLocator - ok
15:58:48.0171 3508 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:58:48.0177 3508 RpcSs - ok
15:58:48.0236 3508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:58:48.0242 3508 rspndr - ok
15:58:48.0289 3508 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
15:58:48.0299 3508 RSUSBSTOR - ok
15:58:48.0344 3508 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:58:48.0354 3508 RTL8167 - ok
15:58:48.0371 3508 RtsUIR - ok
15:58:48.0400 3508 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:58:48.0401 3508 SamSs - ok
15:58:48.0588 3508 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Vdos\Paint\Anti-Spyware\SASDIFSV64.SYS
15:58:48.0884 3508 SASDIFSV - ok
15:58:48.0907 3508 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Vdos\Paint\Anti-Spyware\SASKUTIL64.SYS
15:58:49.0021 3508 SASKUTIL - ok
15:58:49.0179 3508 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:58:49.0244 3508 sbp2port - ok
15:58:49.0518 3508 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:58:49.0542 3508 SCardSvr - ok
15:58:49.0574 3508 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:58:49.0580 3508 scfilter - ok
15:58:49.0751 3508 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:58:49.0781 3508 Schedule - ok
15:58:49.0860 3508 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:58:49.0861 3508 SCPolicySvc - ok
15:58:49.0901 3508 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
15:58:49.0915 3508 sdbus - ok
15:58:49.0968 3508 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:58:49.0983 3508 SDRSVC - ok
15:58:50.0009 3508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:58:50.0013 3508 secdrv - ok
15:58:50.0042 3508 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:58:50.0049 3508 seclogon - ok
15:58:50.0086 3508 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:58:50.0088 3508 SENS - ok
15:58:50.0121 3508 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:58:50.0129 3508 SensrSvc - ok
15:58:50.0155 3508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:58:50.0165 3508 Serenum - ok
15:58:50.0192 3508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:58:50.0200 3508 Serial - ok
15:58:50.0219 3508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:58:50.0229 3508 sermouse - ok
15:58:50.0273 3508 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:58:50.0282 3508 SessionEnv - ok
15:58:50.0313 3508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:58:50.0317 3508 sffdisk - ok
15:58:50.0343 3508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:58:50.0347 3508 sffp_mmc - ok
15:58:50.0371 3508 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:58:50.0377 3508 sffp_sd - ok
15:58:50.0399 3508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:58:50.0402 3508 sfloppy - ok
15:58:50.0471 3508 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:58:50.0484 3508 SharedAccess - ok
15:58:50.0532 3508 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:58:50.0547 3508 ShellHWDetection - ok
15:58:50.0570 3508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:58:50.0575 3508 SiSRaid2 - ok
15:58:50.0609 3508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:58:50.0617 3508 SiSRaid4 - ok
15:58:50.0657 3508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:58:50.0669 3508 Smb - ok
15:58:50.0726 3508 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:58:50.0734 3508 SNMPTRAP - ok
15:58:50.0756 3508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:58:50.0763 3508 spldr - ok
15:58:50.0862 3508 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:58:50.0876 3508 Spooler - ok
15:58:51.0740 3508 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:58:51.0844 3508 sppsvc - ok
15:58:51.0960 3508 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:58:51.0971 3508 sppuinotify - ok
15:58:52.0044 3508 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:58:52.0060 3508 srv - ok
15:58:52.0100 3508 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:58:52.0117 3508 srv2 - ok
15:58:52.0192 3508 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:58:52.0202 3508 SrvHsfHDA - ok
15:58:52.0291 3508 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:58:52.0319 3508 SrvHsfV92 - ok
15:58:52.0415 3508 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:58:52.0436 3508 SrvHsfWinac - ok
15:58:52.0497 3508 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:58:52.0506 3508 srvnet - ok
15:58:52.0574 3508 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
15:58:52.0581 3508 sscdbus - ok
15:58:52.0638 3508 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:58:52.0645 3508 sscdmdfl - ok
15:58:52.0679 3508 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:58:52.0686 3508 sscdmdm - ok
15:58:52.0758 3508 sscdserd (05ffa552f578e27ab2d41b6828db477f) C:\Windows\system32\DRIVERS\sscdserd.sys
15:58:52.0766 3508 sscdserd - ok
15:58:52.0828 3508 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:58:52.0837 3508 SSDPSRV - ok
15:58:52.0864 3508 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:58:52.0872 3508 SstpSvc - ok
15:58:52.0904 3508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:58:52.0910 3508 stexstor - ok
15:58:52.0971 3508 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:58:52.0988 3508 stisvc - ok
15:58:53.0016 3508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:58:53.0020 3508 swenum - ok
15:58:53.0067 3508 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:58:53.0081 3508 swprv - ok
15:58:53.0136 3508 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
15:58:53.0147 3508 SynTP - ok
15:58:53.0259 3508 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:58:53.0279 3508 SysMain - ok
15:58:53.0368 3508 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:58:53.0376 3508 TabletInputService - ok
15:58:53.0413 3508 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:58:53.0426 3508 TapiSrv - ok
15:58:53.0448 3508 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:58:53.0460 3508 TBS - ok
15:58:53.0622 3508 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:58:53.0664 3508 Tcpip - ok
15:58:53.0795 3508 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:58:53.0807 3508 TCPIP6 - ok
15:58:53.0887 3508 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:58:53.0892 3508 tcpipreg - ok
15:58:53.0926 3508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:58:53.0930 3508 TDPIPE - ok
15:58:53.0972 3508 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:58:53.0976 3508 TDTCP - ok
15:58:54.0003 3508 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:58:54.0009 3508 tdx - ok
15:58:54.0040 3508 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:58:54.0045 3508 TermDD - ok
15:58:54.0111 3508 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:58:54.0132 3508 TermService - ok
15:58:54.0168 3508 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:58:54.0176 3508 Themes - ok
15:58:54.0204 3508 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:58:54.0206 3508 THREADORDER - ok
15:58:54.0231 3508 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:58:54.0244 3508 TrkWks - ok
15:58:54.0305 3508 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:58:54.0312 3508 TrustedInstaller - ok
15:58:54.0340 3508 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:54.0345 3508 tssecsrv - ok
15:58:54.0387 3508 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:58:54.0395 3508 tunnel - ok
15:58:54.0423 3508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:58:54.0429 3508 uagp35 - ok
15:58:54.0472 3508 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:58:54.0488 3508 udfs - ok
15:58:54.0515 3508 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:58:54.0526 3508 UI0Detect - ok
15:58:54.0558 3508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:58:54.0564 3508 uliagpkx - ok
15:58:54.0592 3508 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:58:54.0598 3508 umbus - ok
15:58:54.0631 3508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:58:54.0637 3508 UmPass - ok
15:58:54.0675 3508 Updater Service for StartNow Toolbar - ok
15:58:54.0723 3508 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:58:54.0737 3508 upnphost - ok
15:58:54.0785 3508 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
15:58:54.0793 3508 usbccgp - ok
15:58:54.0804 3508 USBCCID - ok
15:58:54.0849 3508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:58:54.0858 3508 usbcir - ok
15:58:54.0881 3508 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:58:54.0889 3508 usbehci - ok
15:58:54.0941 3508 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:58:54.0954 3508 usbhub - ok
15:58:54.0986 3508 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
15:58:54.0992 3508 usbohci - ok
15:58:55.0014 3508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:58:55.0018 3508 usbprint - ok
15:58:55.0058 3508 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:58:55.0063 3508 usbscan - ok
15:58:55.0103 3508 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:55.0112 3508 USBSTOR - ok
15:58:55.0131 3508 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:58:55.0135 3508 usbuhci - ok
15:58:55.0153 3508 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:58:55.0163 3508 UxSms - ok
15:58:55.0192 3508 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:58:55.0194 3508 VaultSvc - ok
15:58:55.0241 3508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:58:55.0246 3508 vdrvroot - ok
15:58:55.0300 3508 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:58:55.0315 3508 vds - ok
15:58:55.0348 3508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:55.0352 3508 vga - ok
15:58:55.0381 3508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:58:55.0385 3508 VgaSave - ok
15:58:55.0454 3508 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:58:55.0466 3508 vhdmp - ok
15:58:55.0494 3508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:58:55.0498 3508 viaide - ok
15:58:55.0526 3508 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:58:55.0533 3508 volmgr - ok
15:58:55.0576 3508 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:58:55.0591 3508 volmgrx - ok
15:58:55.0622 3508 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:58:55.0637 3508 volsnap - ok
15:58:55.0661 3508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:58:55.0669 3508 vsmraid - ok
15:58:55.0773 3508 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:58:55.0805 3508 VSS - ok
15:58:55.0952 3508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:58:55.0957 3508 vwifibus - ok
15:58:56.0003 3508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:58:56.0009 3508 vwififlt - ok
15:58:56.0049 3508 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:58:56.0053 3508 vwifimp - ok
15:58:56.0104 3508 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:58:56.0119 3508 W32Time - ok
15:58:56.0155 3508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:58:56.0160 3508 WacomPen - ok
15:58:56.0204 3508 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:56.0214 3508 WANARP - ok
15:58:56.0224 3508 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:56.0225 3508 Wanarpv6 - ok
15:58:56.0331 3508 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:58:56.0369 3508 WatAdminSvc - ok
15:58:56.0469 3508 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:58:56.0498 3508 wbengine - ok
15:58:56.0601 3508 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:58:56.0612 3508 WbioSrvc - ok
15:58:56.0663 3508 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
15:58:56.0678 3508 wcncsvc - ok
15:58:56.0702 3508 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:58:56.0709 3508 WcsPlugInService - ok
15:58:56.0747 3508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:58:56.0753 3508 Wd - ok
15:58:56.0820 3508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:58:56.0836 3508 Wdf01000 - ok
15:58:56.0868 3508 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:58:56.0877 3508 WdiServiceHost - ok
15:58:56.0886 3508 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:58:56.0889 3508 WdiSystemHost - ok
15:58:56.0938 3508 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
15:58:56.0951 3508 WebClient - ok
15:58:56.0979 3508 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:58:56.0992 3508 Wecsvc - ok
15:58:57.0019 3508 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:58:57.0027 3508 wercplsupport - ok
15:58:57.0056 3508 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:58:57.0064 3508 WerSvc - ok
15:58:57.0090 3508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:58:57.0093 3508 WfpLwf - ok
15:58:57.0121 3508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:58:57.0126 3508 WIMMount - ok
15:58:57.0203 3508 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:58:57.0221 3508 winachsf - ok
15:58:57.0237 3508 WinHttpAutoProxySvc - ok
15:58:57.0313 3508 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:58:57.0327 3508 Winmgmt - ok
15:58:57.0692 3508 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:58:57.0727 3508 WinRM - ok
15:58:57.0970 3508 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:58:57.0989 3508 Wlansvc - ok
15:58:58.0045 3508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:58:58.0050 3508 WmiAcpi - ok
15:58:58.0228 3508 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:58:58.0237 3508 wmiApSrv - ok
15:58:58.0276 3508 WMPNetworkSvc - ok
15:58:58.0310 3508 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:58:58.0316 3508 WPCSvc - ok
15:58:58.0344 3508 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:58:58.0353 3508 WPDBusEnum - ok
15:58:58.0400 3508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:58:58.0404 3508 ws2ifsl - ok
15:58:58.0417 3508 WSearch - ok
15:58:58.0726 3508 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:58:58.0759 3508 wuauserv - ok
15:58:59.0109 3508 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:58:59.0140 3508 WudfPf - ok
15:58:59.0224 3508 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:59.0233 3508 WUDFRd - ok
15:58:59.0286 3508 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:58:59.0298 3508 wudfsvc - ok
15:58:59.0329 3508 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:58:59.0348 3508 WwanSvc - ok
15:58:59.0371 3508 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
15:58:59.0375 3508 XAudio - ok
15:58:59.0441 3508 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:58:59.0456 3508 yukonw7 - ok
15:58:59.0503 3508 MBR (0x1B8) (8e916f0ad6909adaca6017cef1d814ee) \Device\Harddisk0\DR0
15:58:59.0896 3508 \Device\Harddisk0\DR0 - ok
15:58:59.0904 3508 Boot (0x1200) (63eb876d41d3dea233da2cf062a078ce) \Device\Harddisk0\DR0\Partition0
15:58:59.0905 3508 \Device\Harddisk0\DR0\Partition0 - ok
15:58:59.0926 3508 Boot (0x1200) (3dad6f712ab71ecb33ee1a5db9334f6f) \Device\Harddisk0\DR0\Partition1
15:58:59.0934 3508 \Device\Harddisk0\DR0\Partition1 - ok
15:58:59.0966 3508 Boot (0x1200) (987f0c907764cb9beca855518ff38b1e) \Device\Harddisk0\DR0\Partition2
15:59:00.0001 3508 \Device\Harddisk0\DR0\Partition2 - ok
15:59:00.0004 3508 ============================================================
15:59:00.0004 3508 Scan finished
15:59:00.0004 3508 ============================================================
15:59:00.0023 3524 Detected object count: 1
15:59:00.0023 3524 Actual detected object count: 1
15:59:48.0487 3524 C:\Windows\system32\mssql$microsoftsmlbiz.dll - copied to quarantine
15:59:48.0489 3524 HKLM\SYSTEM\ControlSet001\services\ELkbd - will be deleted on reboot
15:59:48.0525 3524 HKLM\SYSTEM\ControlSet002\services\ELkbd - will be deleted on reboot
15:59:48.0630 3524 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
15:59:48.0684 3524 C:\Windows\system32\mssql$microsoftsmlbiz.dll - will be deleted on reboot
15:59:48.0684 3524 ELkbd ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:00:08.0623 3316 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 18:05:43
-----------------------------
18:05:43.421 OS Version: Windows x64 6.1.7600
18:05:43.421 Number of processors: 1 586 0x170A
18:05:43.437 ComputerName: HOLLY-PC UserName: Holly
18:05:52.625 Initialize success
18:06:04.528 AVAST engine defs: 12062001
18:06:16.181 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:06:16.181 Disk 0 Vendor: Hitachi_HTS723225L9A360 FCDOC60D Size: 238475MB BusType: 11
18:06:16.181 Disk 0 MBR read successfully
18:06:16.197 Disk 0 MBR scan
18:06:16.306 Disk 0 unknown MBR code
18:06:16.322 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:06:16.353 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225663 MB offset 409600
18:06:16.415 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12611 MB offset 462567424
18:06:16.680 Disk 0 scanning C:\Windows\system32\drivers
18:07:26.849 Service scanning
18:09:04.381 Modules scanning
18:09:04.381 Disk 0 trace - called modules:
18:09:04.396 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:09:04.396 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002730060]
18:09:04.396 3 CLASSPNP.SYS[fffff8800112e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002284060]
18:09:13.538 AVAST engine scan C:\Windows
18:09:18.967 AVAST engine scan C:\Windows\system32
18:09:27.516 File: C:\Windows\system32\avcgbfl.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:10:00.728 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
18:16:12.617 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:16:18.373 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
18:19:29.443 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
18:19:29.567 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
18:19:34.949 AVAST engine scan C:\Windows\system32\drivers
18:19:55.183 AVAST engine scan C:\Users\Holly
18:44:03.442 File: C:\Users\Holly\AppData\Local\{19373efe-0217-4ef7-eb0b-a0a55ad8667d}\n **INFECTED** Win64:Sirefef-F [Rtk]
18:44:03.630 File: C:\Users\Holly\AppData\Local\{19373efe-0217-4ef7-eb0b-a0a55ad8667d}\U\00000001.@ **INFECTED** Win32:Malware-gen
18:44:03.708 File: C:\Users\Holly\AppData\Local\{19373efe-0217-4ef7-eb0b-a0a55ad8667d}\U\80000000.@ **INFECTED** Win32:Malware-gen
18:44:03.942 File: C:\Users\Holly\AppData\Local\{19373efe-0217-4ef7-eb0b-a0a55ad8667d}\U\800000cb.@ **INFECTED** Win32:Trojan-gen
18:54:19.799 File: C:\Users\Holly\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.dll **INFECTED** Win32:Malware-gen
19:11:49.712 AVAST engine scan C:\ProgramData
19:18:57.465 Scan finished successfully
19:22:41.903 Disk 0 MBR has been saved successfully to "C:\Users\Holly\Desktop\result\MBR.dat"
19:22:41.918 The log file has been saved successfully to "C:\Users\Holly\Desktop\result\aswMBR.txt"


eset:

C:\Users\Holly\AppData\Local\{19373efe-0217-4ef7-eb0b-a0a55ad8667d}\U\00000001.@ Win64/Sirefef.AI trojan cleaned by deleting - quarantined
C:\Users\Holly\AppData\Local\{19373efe-0217-4ef7-eb0b-a0a55ad8667d}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Users\Holly\AppData\Local\{19373efe-0217-4ef7-eb0b-a0a55ad8667d}\U\800000cb.@ Win64/Sirefef.AH trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000064.@ Win64/Sirefef.AC trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 AM

Posted 20 June 2012 - 08:58 PM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#15 ddarkstar1

ddarkstar1
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 June 2012 - 09:04 PM

will you be helping me there?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users