Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads playing in background, hide virus, Google redirect virus


  • Please log in to reply
6 replies to this topic

#1 mirz5

mirz5

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 13 July 2012 - 03:14 PM

Hi, first time poster, always have been a lurker and a fan of the site.. Anyway, I've seen other threads of this but apparently the help that was given to the user was unique to their computer. I'm on Windows 7 64 bit. Recently (maybe 2-3 days ago) I've been having the Google Redirect problem.. I've had this problem on this computer before, but fixed it with system restore. This time around, I guess I waited too long and a day later I got hit with the hide all programs virus, but I fixed that with the unhide.exe from this site. Just yesterday, I started getting ads playing with just audio, and no programs open. These ads play maybe every 30 mins to an hour. Again I've seen threads with the same problem, but I don't want to run programs that aren't meant for my computer or something along the lines. AVG has been giving me error messages of a trojan, from Explorer.exe, but only gives me an option to ignore and not remove the virus. I don't know if these problems go hand in hand, so sorry if it's off topic a little. Thanks for any help/comments in advance!

BC AdBot (Login to Remove)

 


#2 mirz5

mirz5
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 13 July 2012 - 07:35 PM

Bump, I really just wanna get these audio ads out of here, the other problems aren't so bad

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:10 PM

Posted 13 July 2012 - 07:42 PM

Just yesterday, I started getting ads playing with just audio, and no programs open.


Do you have issues launching programs? Does this happen in safemode with networking?

#4 mirz5

mirz5
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 13 July 2012 - 08:30 PM

I can run programs fine, but Firefox has been going really slow since the ads started coming.. Haven't tried it in Safe mode w/ networking yet, I'm gonna have to try it first thing when I get home

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:10 PM

Posted 13 July 2012 - 09:52 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 13 July 2012 - 09:52 PM.


#6 mirz5

mirz5
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 14 July 2012 - 02:45 AM

TDSSkiller Log:

23:52:28.0697 78536 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:52:30.0713 78536 ============================================================
23:52:30.0714 78536 Current date / time: 2012/07/13 23:52:30.0713
23:52:30.0714 78536 SystemInfo:
23:52:30.0714 78536
23:52:30.0714 78536 OS Version: 6.1.7600 ServicePack: 0.0
23:52:30.0714 78536 Product type: Workstation
23:52:30.0714 78536 ComputerName: MIRZA-HP
23:52:30.0715 78536 UserName: Mirza
23:52:30.0715 78536 Windows directory: C:\Windows
23:52:30.0715 78536 System windows directory: C:\Windows
23:52:30.0715 78536 Running under WOW64
23:52:30.0715 78536 Processor architecture: Intel x64
23:52:30.0715 78536 Number of processors: 4
23:52:30.0715 78536 Page size: 0x1000
23:52:30.0715 78536 Boot type: Normal boot
23:52:30.0715 78536 ============================================================
23:52:32.0247 78536 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:52:32.0269 78536 ============================================================
23:52:32.0269 78536 \Device\Harddisk0\DR0:
23:52:32.0269 78536 MBR partitions:
23:52:32.0269 78536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:52:32.0269 78536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55AAF000
23:52:32.0269 78536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55AE1800, BlocksNum 0x1A64000
23:52:32.0269 78536 ============================================================
23:52:32.0336 78536 C: <-> \Device\Harddisk0\DR0\Partition1
23:52:32.0379 78536 D: <-> \Device\Harddisk0\DR0\Partition2
23:52:32.0379 78536 ============================================================
23:52:32.0379 78536 Initialize success
23:52:32.0379 78536 ============================================================
23:52:57.0058 81068 ============================================================
23:52:57.0058 81068 Scan started
23:52:57.0058 81068 Mode: Manual; TDLFS;
23:52:57.0058 81068 ============================================================
23:52:58.0875 81068 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:52:58.0885 81068 1394ohci - ok
23:52:58.0960 81068 ACDaemon - ok
23:52:58.0992 81068 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:52:58.0997 81068 ACPI - ok
23:52:59.0008 81068 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:52:59.0011 81068 AcpiPmi - ok
23:52:59.0167 81068 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:52:59.0173 81068 AdobeFlashPlayerUpdateSvc - ok
23:52:59.0232 81068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:52:59.0245 81068 adp94xx - ok
23:52:59.0289 81068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:52:59.0294 81068 adpahci - ok
23:52:59.0308 81068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:52:59.0312 81068 adpu320 - ok
23:52:59.0334 81068 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:52:59.0336 81068 AeLookupSvc - ok
23:52:59.0428 81068 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
23:52:59.0433 81068 Afc - ok
23:52:59.0520 81068 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:52:59.0533 81068 AFD - ok
23:52:59.0555 81068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:52:59.0558 81068 agp440 - ok
23:52:59.0577 81068 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:52:59.0579 81068 ALG - ok
23:52:59.0596 81068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:52:59.0597 81068 aliide - ok
23:52:59.0642 81068 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
23:52:59.0645 81068 AMD External Events Utility - ok
23:52:59.0656 81068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:52:59.0657 81068 amdide - ok
23:52:59.0671 81068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:52:59.0674 81068 AmdK8 - ok
23:52:59.0903 81068 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
23:53:00.0046 81068 amdkmdag - ok
23:53:00.0173 81068 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
23:53:00.0181 81068 amdkmdap - ok
23:53:00.0223 81068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:53:00.0228 81068 AmdPPM - ok
23:53:00.0256 81068 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:53:00.0275 81068 amdsata - ok
23:53:00.0307 81068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:53:00.0314 81068 amdsbs - ok
23:53:00.0348 81068 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:53:00.0350 81068 amdxata - ok
23:53:00.0369 81068 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
23:53:00.0372 81068 amd_sata - ok
23:53:00.0383 81068 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
23:53:00.0385 81068 amd_xata - ok
23:53:00.0408 81068 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:53:00.0410 81068 AppID - ok
23:53:00.0436 81068 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:53:00.0439 81068 AppIDSvc - ok
23:53:00.0467 81068 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:53:00.0470 81068 Appinfo - ok
23:53:00.0585 81068 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:53:00.0587 81068 Apple Mobile Device - ok
23:53:00.0626 81068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:53:00.0629 81068 arc - ok
23:53:00.0730 81068 archlp - ok
23:53:00.0761 81068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:53:00.0764 81068 arcsas - ok
23:53:00.0784 81068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:53:00.0786 81068 AsyncMac - ok
23:53:00.0815 81068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:53:00.0817 81068 atapi - ok
23:53:00.0934 81068 athur (c24a645aedbdf5fa0a23f7581c6f9c63) C:\Windows\system32\DRIVERS\athurx.sys
23:53:00.0968 81068 athur - ok
23:53:01.0061 81068 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
23:53:01.0063 81068 AtiPcie - ok
23:53:01.0132 81068 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:53:01.0144 81068 AudioEndpointBuilder - ok
23:53:01.0153 81068 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:53:01.0158 81068 AudioSrv - ok
23:53:01.0209 81068 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
23:53:01.0211 81068 Avgfwfd - ok
23:53:01.0427 81068 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
23:53:01.0509 81068 avgfws - ok
23:53:01.0931 81068 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
23:53:02.0073 81068 AVGIDSAgent - ok
23:53:02.0152 81068 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:53:02.0159 81068 AVGIDSDriver - ok
23:53:02.0194 81068 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:53:02.0196 81068 AVGIDSEH - ok
23:53:02.0211 81068 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:53:02.0216 81068 AVGIDSFilter - ok
23:53:02.0250 81068 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
23:53:02.0259 81068 Avgldx64 - ok
23:53:02.0310 81068 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:53:02.0313 81068 Avgmfx64 - ok
23:53:02.0347 81068 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:53:02.0350 81068 Avgrkx64 - ok
23:53:02.0387 81068 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
23:53:02.0398 81068 Avgtdia - ok
23:53:02.0469 81068 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
23:53:02.0475 81068 avgwd - ok
23:53:02.0510 81068 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:53:02.0514 81068 AxInstSV - ok
23:53:02.0552 81068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:53:02.0558 81068 b06bdrv - ok
23:53:02.0591 81068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:53:02.0594 81068 b57nd60a - ok
23:53:02.0616 81068 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:53:02.0619 81068 BDESVC - ok
23:53:02.0640 81068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:53:02.0644 81068 Beep - ok
23:53:02.0704 81068 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
23:53:02.0715 81068 BITS - ok
23:53:02.0722 81068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:53:02.0725 81068 blbdrive - ok
23:53:02.0884 81068 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:53:02.0891 81068 Bonjour Service - ok
23:53:02.0934 81068 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:53:02.0936 81068 bowser - ok
23:53:02.0950 81068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:53:02.0952 81068 BrFiltLo - ok
23:53:02.0968 81068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:53:02.0971 81068 BrFiltUp - ok
23:53:02.0991 81068 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:53:02.0995 81068 Browser - ok
23:53:03.0017 81068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:53:03.0022 81068 Brserid - ok
23:53:03.0039 81068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:53:03.0041 81068 BrSerWdm - ok
23:53:03.0055 81068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:53:03.0057 81068 BrUsbMdm - ok
23:53:03.0062 81068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:53:03.0064 81068 BrUsbSer - ok
23:53:03.0083 81068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:53:03.0085 81068 BTHMODEM - ok
23:53:03.0102 81068 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:53:03.0105 81068 bthserv - ok
23:53:03.0119 81068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:53:03.0120 81068 cdfs - ok
23:53:03.0146 81068 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:53:03.0149 81068 cdrom - ok
23:53:03.0159 81068 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:53:03.0163 81068 CertPropSvc - ok
23:53:03.0177 81068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:53:03.0179 81068 circlass - ok
23:53:03.0206 81068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:53:03.0210 81068 CLFS - ok
23:53:03.0283 81068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:53:03.0289 81068 clr_optimization_v2.0.50727_32 - ok
23:53:03.0348 81068 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:53:03.0354 81068 clr_optimization_v2.0.50727_64 - ok
23:53:03.0449 81068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:53:03.0455 81068 clr_optimization_v4.0.30319_32 - ok
23:53:03.0485 81068 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:53:03.0491 81068 clr_optimization_v4.0.30319_64 - ok
23:53:03.0510 81068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:53:03.0515 81068 CmBatt - ok
23:53:03.0543 81068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:53:03.0547 81068 cmdide - ok
23:53:03.0621 81068 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
23:53:03.0629 81068 CNG - ok
23:53:03.0652 81068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:53:03.0661 81068 Compbatt - ok
23:53:03.0685 81068 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:53:03.0688 81068 CompositeBus - ok
23:53:03.0692 81068 COMSysApp - ok
23:53:03.0708 81068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:53:03.0711 81068 crcdisk - ok
23:53:03.0758 81068 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
23:53:03.0761 81068 CryptSvc - ok
23:53:03.0961 81068 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:53:03.0967 81068 cvhsvc - ok
23:53:04.0022 81068 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:53:04.0030 81068 DcomLaunch - ok
23:53:04.0066 81068 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:53:04.0070 81068 defragsvc - ok
23:53:04.0117 81068 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:53:04.0118 81068 DfsC - ok
23:53:04.0139 81068 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:53:04.0144 81068 Dhcp - ok
23:53:04.0152 81068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:53:04.0154 81068 discache - ok
23:53:04.0176 81068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:53:04.0177 81068 Disk - ok
23:53:04.0219 81068 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:53:04.0222 81068 Dnscache - ok
23:53:04.0243 81068 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:53:04.0247 81068 dot3svc - ok
23:53:04.0260 81068 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:53:04.0262 81068 DPS - ok
23:53:04.0274 81068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:53:04.0276 81068 drmkaud - ok
23:53:04.0332 81068 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:53:04.0353 81068 DXGKrnl - ok
23:53:04.0387 81068 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:53:04.0390 81068 EapHost - ok
23:53:04.0513 81068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:53:04.0589 81068 ebdrv - ok
23:53:04.0682 81068 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:53:04.0686 81068 EFS - ok
23:53:04.0759 81068 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:53:04.0769 81068 ehRecvr - ok
23:53:04.0800 81068 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:53:04.0803 81068 ehSched - ok
23:53:04.0870 81068 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
23:53:04.0874 81068 ElbyCDFL - ok
23:53:04.0902 81068 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:53:04.0906 81068 ElbyCDIO - ok
23:53:04.0961 81068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:53:04.0975 81068 elxstor - ok
23:53:04.0987 81068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:53:04.0989 81068 ErrDev - ok
23:53:05.0046 81068 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:53:05.0050 81068 EventSystem - ok
23:53:05.0075 81068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:53:05.0078 81068 exfat - ok
23:53:05.0094 81068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:53:05.0098 81068 fastfat - ok
23:53:05.0135 81068 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:53:05.0142 81068 Fax - ok
23:53:05.0192 81068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:53:05.0196 81068 fdc - ok
23:53:05.0223 81068 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:53:05.0226 81068 fdPHost - ok
23:53:05.0237 81068 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:53:05.0240 81068 FDResPub - ok
23:53:05.0252 81068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:53:05.0253 81068 FileInfo - ok
23:53:05.0261 81068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:53:05.0263 81068 Filetrace - ok
23:53:05.0276 81068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:53:05.0277 81068 flpydisk - ok
23:53:05.0298 81068 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:53:05.0300 81068 FltMgr - ok
23:53:05.0391 81068 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
23:53:05.0423 81068 FontCache - ok
23:53:05.0481 81068 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:53:05.0487 81068 FontCache3.0.0.0 - ok
23:53:05.0509 81068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:53:05.0514 81068 FsDepends - ok
23:53:05.0553 81068 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:53:05.0555 81068 Fs_Rec - ok
23:53:05.0605 81068 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:53:05.0608 81068 fvevol - ok
23:53:05.0620 81068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:53:05.0623 81068 gagp30kx - ok
23:53:05.0740 81068 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:53:05.0745 81068 GameConsoleService - ok
23:53:05.0778 81068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:53:05.0780 81068 GEARAspiWDM - ok
23:53:05.0830 81068 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:53:05.0841 81068 gpsvc - ok
23:53:05.0880 81068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:53:05.0885 81068 hcw85cir - ok
23:53:05.0930 81068 hcwhdpvr (66ff6e6540bc124b023bd4681cd85b8f) C:\Windows\system32\DRIVERS\hcwhdpvr.sys
23:53:05.0941 81068 hcwhdpvr - ok
23:53:05.0985 81068 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:53:05.0995 81068 HdAudAddService - ok
23:53:06.0021 81068 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:53:06.0025 81068 HDAudBus - ok
23:53:06.0037 81068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:53:06.0040 81068 HidBatt - ok
23:53:06.0055 81068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:53:06.0059 81068 HidBth - ok
23:53:06.0072 81068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:53:06.0075 81068 HidIr - ok
23:53:06.0087 81068 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:53:06.0090 81068 hidserv - ok
23:53:06.0110 81068 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:53:06.0113 81068 HidUsb - ok
23:53:06.0129 81068 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:53:06.0134 81068 hkmsvc - ok
23:53:06.0149 81068 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:53:06.0155 81068 HomeGroupListener - ok
23:53:06.0196 81068 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:53:06.0199 81068 HomeGroupProvider - ok
23:53:06.0308 81068 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:53:06.0311 81068 HP Support Assistant Service - ok
23:53:06.0452 81068 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
23:53:06.0461 81068 HPClientSvc - ok
23:53:06.0546 81068 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:53:06.0551 81068 HPDrvMntSvc.exe - ok
23:53:06.0625 81068 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:53:06.0635 81068 hpqwmiex - ok
23:53:06.0779 81068 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:53:06.0784 81068 HpSAMD - ok
23:53:06.0839 81068 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:53:06.0849 81068 HTTP - ok
23:53:06.0860 81068 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:53:06.0861 81068 hwpolicy - ok
23:53:06.0878 81068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:53:06.0881 81068 i8042prt - ok
23:53:06.0917 81068 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:53:06.0924 81068 iaStorV - ok
23:53:07.0030 81068 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:53:07.0050 81068 idsvc - ok
23:53:07.0065 81068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:53:07.0068 81068 iirsp - ok
23:53:07.0163 81068 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:53:07.0178 81068 IKEEXT - ok
23:53:07.0309 81068 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
23:53:07.0351 81068 IntcAzAudAddService - ok
23:53:07.0420 81068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:53:07.0422 81068 intelide - ok
23:53:07.0450 81068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:53:07.0453 81068 intelppm - ok
23:53:07.0478 81068 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:53:07.0481 81068 IPBusEnum - ok
23:53:07.0494 81068 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:53:07.0496 81068 IpFilterDriver - ok
23:53:07.0516 81068 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:53:07.0518 81068 IPMIDRV - ok
23:53:07.0530 81068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:53:07.0533 81068 IPNAT - ok
23:53:07.0678 81068 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
23:53:07.0689 81068 iPod Service - ok
23:53:07.0740 81068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:53:07.0743 81068 IRENUM - ok
23:53:07.0760 81068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:53:07.0763 81068 isapnp - ok
23:53:07.0788 81068 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:53:07.0793 81068 iScsiPrt - ok
23:53:07.0947 81068 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
23:53:08.0000 81068 jswpsapi - ok
23:53:08.0068 81068 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
23:53:08.0072 81068 JSWPSLWF - ok
23:53:08.0084 81068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:53:08.0089 81068 kbdclass - ok
23:53:08.0139 81068 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:53:08.0142 81068 kbdhid - ok
23:53:08.0177 81068 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:53:08.0179 81068 KeyIso - ok
23:53:08.0213 81068 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
23:53:08.0214 81068 KSecDD - ok
23:53:08.0233 81068 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
23:53:08.0236 81068 KSecPkg - ok
23:53:08.0268 81068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:53:08.0270 81068 ksthunk - ok
23:53:08.0309 81068 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:53:08.0314 81068 KtmRm - ok
23:53:08.0377 81068 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
23:53:08.0388 81068 LanmanServer - ok
23:53:08.0442 81068 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:53:08.0452 81068 LanmanWorkstation - ok
23:53:08.0579 81068 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:53:08.0581 81068 LightScribeService - ok
23:53:08.0598 81068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:53:08.0600 81068 lltdio - ok
23:53:08.0634 81068 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:53:08.0640 81068 lltdsvc - ok
23:53:08.0644 81068 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:53:08.0647 81068 lmhosts - ok
23:53:08.0665 81068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:53:08.0668 81068 LSI_FC - ok
23:53:08.0681 81068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:53:08.0684 81068 LSI_SAS - ok
23:53:08.0695 81068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:53:08.0697 81068 LSI_SAS2 - ok
23:53:08.0714 81068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:53:08.0718 81068 LSI_SCSI - ok
23:53:08.0731 81068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:53:08.0733 81068 luafv - ok
23:53:08.0788 81068 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
23:53:08.0800 81068 MarvinBus - ok
23:53:08.0827 81068 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:53:08.0830 81068 Mcx2Svc - ok
23:53:08.0842 81068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:53:08.0844 81068 megasas - ok
23:53:08.0867 81068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:53:08.0871 81068 MegaSR - ok
23:53:08.0886 81068 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:53:08.0888 81068 MMCSS - ok
23:53:08.0974 81068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:53:09.0016 81068 Modem - ok
23:53:09.0142 81068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:53:09.0145 81068 monitor - ok
23:53:09.0182 81068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:53:09.0188 81068 mouclass - ok
23:53:09.0206 81068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:53:09.0210 81068 mouhid - ok
23:53:09.0233 81068 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:53:09.0237 81068 mountmgr - ok
23:53:09.0310 81068 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:53:09.0312 81068 MozillaMaintenance - ok
23:53:09.0331 81068 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:53:09.0334 81068 mpio - ok
23:53:09.0345 81068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:53:09.0347 81068 mpsdrv - ok
23:53:09.0368 81068 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:53:09.0371 81068 MRxDAV - ok
23:53:09.0391 81068 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:53:09.0393 81068 mrxsmb - ok
23:53:09.0440 81068 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:53:09.0443 81068 mrxsmb10 - ok
23:53:09.0453 81068 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:53:09.0455 81068 mrxsmb20 - ok
23:53:09.0477 81068 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
23:53:09.0479 81068 msahci - ok
23:53:09.0498 81068 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:53:09.0500 81068 msdsm - ok
23:53:09.0515 81068 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:53:09.0517 81068 MSDTC - ok
23:53:09.0531 81068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:53:09.0532 81068 Msfs - ok
23:53:09.0544 81068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:53:09.0546 81068 mshidkmdf - ok
23:53:09.0557 81068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:53:09.0557 81068 msisadrv - ok
23:53:09.0589 81068 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:53:09.0592 81068 MSiSCSI - ok
23:53:09.0595 81068 msiserver - ok
23:53:09.0609 81068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:53:09.0611 81068 MSKSSRV - ok
23:53:09.0653 81068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:53:09.0656 81068 MSPCLOCK - ok
23:53:09.0661 81068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:53:09.0667 81068 MSPQM - ok
23:53:09.0697 81068 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:53:09.0701 81068 MsRPC - ok
23:53:09.0736 81068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:53:09.0739 81068 mssmbios - ok
23:53:09.0754 81068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:53:09.0756 81068 MSTEE - ok
23:53:09.0772 81068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:53:09.0775 81068 MTConfig - ok
23:53:09.0795 81068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:53:09.0796 81068 Mup - ok
23:53:09.0850 81068 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:53:09.0858 81068 napagent - ok
23:53:09.0893 81068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:53:09.0898 81068 NativeWifiP - ok
23:53:09.0952 81068 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:53:09.0963 81068 NDIS - ok
23:53:09.0970 81068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:53:09.0974 81068 NdisCap - ok
23:53:10.0006 81068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:53:10.0009 81068 NdisTapi - ok
23:53:10.0030 81068 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:53:10.0033 81068 Ndisuio - ok
23:53:10.0049 81068 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:53:10.0053 81068 NdisWan - ok
23:53:10.0064 81068 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:53:10.0067 81068 NDProxy - ok
23:53:10.0075 81068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:53:10.0076 81068 NetBIOS - ok
23:53:10.0095 81068 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:53:10.0099 81068 NetBT - ok
23:53:10.0133 81068 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:53:10.0134 81068 Netlogon - ok
23:53:10.0183 81068 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:53:10.0195 81068 Netman - ok
23:53:10.0252 81068 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:53:10.0259 81068 netprofm - ok
23:53:10.0337 81068 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:53:10.0343 81068 NetTcpPortSharing - ok
23:53:10.0378 81068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:53:10.0381 81068 nfrd960 - ok
23:53:10.0407 81068 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:53:10.0412 81068 NlaSvc - ok
23:53:10.0424 81068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:53:10.0424 81068 Npfs - ok
23:53:10.0437 81068 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:53:10.0440 81068 nsi - ok
23:53:10.0451 81068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:53:10.0454 81068 nsiproxy - ok
23:53:10.0554 81068 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:53:10.0611 81068 Ntfs - ok
23:53:10.0685 81068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:53:10.0687 81068 Null - ok
23:53:10.0716 81068 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:53:10.0720 81068 nvraid - ok
23:53:10.0767 81068 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:53:10.0773 81068 nvstor - ok
23:53:10.0807 81068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:53:10.0813 81068 nv_agp - ok
23:53:10.0832 81068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:53:10.0835 81068 ohci1394 - ok
23:53:10.0918 81068 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:53:10.0925 81068 ose - ok
23:53:11.0262 81068 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:53:11.0361 81068 osppsvc - ok
23:53:11.0441 81068 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:53:11.0447 81068 p2pimsvc - ok
23:53:11.0494 81068 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:53:11.0500 81068 p2psvc - ok
23:53:11.0524 81068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:53:11.0527 81068 Parport - ok
23:53:11.0558 81068 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
23:53:11.0561 81068 partmgr - ok
23:53:11.0584 81068 PCANDIS5 - ok
23:53:11.0622 81068 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:53:11.0628 81068 PcaSvc - ok
23:53:11.0666 81068 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:53:11.0669 81068 pci - ok
23:53:11.0693 81068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:53:11.0695 81068 pciide - ok
23:53:11.0714 81068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:53:11.0718 81068 pcmcia - ok
23:53:11.0732 81068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:53:11.0733 81068 pcw - ok
23:53:11.0792 81068 pdfcDispatcher - ok
23:53:11.0843 81068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:53:11.0852 81068 PEAUTH - ok
23:53:11.0952 81068 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:53:11.0955 81068 PerfHost - ok
23:53:12.0057 81068 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:53:12.0086 81068 pla - ok
23:53:12.0123 81068 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:53:12.0129 81068 PlugPlay - ok
23:53:12.0141 81068 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:53:12.0144 81068 PNRPAutoReg - ok
23:53:12.0167 81068 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:53:12.0170 81068 PNRPsvc - ok
23:53:12.0216 81068 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:53:12.0222 81068 PolicyAgent - ok
23:53:12.0284 81068 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:53:12.0287 81068 Power - ok
23:53:12.0316 81068 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:53:12.0319 81068 PptpMiniport - ok
23:53:12.0350 81068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:53:12.0352 81068 Processor - ok
23:53:12.0393 81068 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
23:53:12.0403 81068 ProfSvc - ok
23:53:12.0441 81068 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:53:12.0444 81068 ProtectedStorage - ok
23:53:12.0506 81068 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:53:12.0510 81068 Psched - ok
23:53:12.0580 81068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:53:12.0608 81068 ql2300 - ok
23:53:12.0730 81068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:53:12.0737 81068 ql40xx - ok
23:53:12.0761 81068 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:53:12.0767 81068 QWAVE - ok
23:53:12.0781 81068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:53:12.0784 81068 QWAVEdrv - ok
23:53:12.0813 81068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:53:12.0815 81068 RasAcd - ok
23:53:12.0837 81068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:53:12.0839 81068 RasAgileVpn - ok
23:53:12.0853 81068 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:53:12.0857 81068 RasAuto - ok
23:53:12.0871 81068 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:53:12.0875 81068 Rasl2tp - ok
23:53:12.0900 81068 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:53:12.0907 81068 RasMan - ok
23:53:12.0920 81068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:53:12.0923 81068 RasPppoe - ok
23:53:12.0942 81068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:53:12.0944 81068 RasSstp - ok
23:53:12.0964 81068 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:53:12.0967 81068 rdbss - ok
23:53:12.0981 81068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:53:12.0983 81068 rdpbus - ok
23:53:12.0995 81068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:53:12.0997 81068 RDPCDD - ok
23:53:13.0019 81068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:53:13.0021 81068 RDPENCDD - ok
23:53:13.0029 81068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:53:13.0031 81068 RDPREFMP - ok
23:53:13.0069 81068 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
23:53:13.0073 81068 RDPWD - ok
23:53:13.0089 81068 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:53:13.0092 81068 rdyboost - ok
23:53:13.0122 81068 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:53:13.0126 81068 RemoteAccess - ok
23:53:13.0137 81068 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:53:13.0142 81068 RemoteRegistry - ok
23:53:13.0220 81068 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
23:53:13.0227 81068 RoxioNow Service - ok
23:53:13.0250 81068 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:53:13.0254 81068 RpcEptMapper - ok
23:53:13.0283 81068 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:53:13.0285 81068 RpcLocator - ok
23:53:13.0311 81068 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:53:13.0315 81068 RpcSs - ok
23:53:13.0355 81068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:53:13.0361 81068 rspndr - ok
23:53:13.0413 81068 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:53:13.0424 81068 RTL8167 - ok
23:53:13.0488 81068 RTL8187B (4a06585c8673f4458e9fbbc9dddb4d28) C:\Windows\system32\DRIVERS\wg111v3.sys
23:53:13.0494 81068 RTL8187B - ok
23:53:13.0539 81068 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:53:13.0543 81068 SamSs - ok
23:53:13.0564 81068 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:53:13.0568 81068 sbp2port - ok
23:53:13.0590 81068 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:53:13.0594 81068 SCardSvr - ok
23:53:13.0607 81068 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:53:13.0609 81068 scfilter - ok
23:53:13.0704 81068 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:53:13.0731 81068 Schedule - ok
23:53:13.0767 81068 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
23:53:13.0767 81068 SCMNdisP - ok
23:53:13.0814 81068 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:53:13.0817 81068 SCPolicySvc - ok
23:53:13.0858 81068 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:53:13.0868 81068 SDRSVC - ok
23:53:13.0972 81068 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:53:13.0981 81068 SeaPort - ok
23:53:14.0011 81068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:53:14.0016 81068 secdrv - ok
23:53:14.0033 81068 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:53:14.0040 81068 seclogon - ok
23:53:14.0050 81068 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:53:14.0054 81068 SENS - ok
23:53:14.0067 81068 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:53:14.0071 81068 SensrSvc - ok
23:53:14.0098 81068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:53:14.0101 81068 Serenum - ok
23:53:14.0116 81068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:53:14.0119 81068 Serial - ok
23:53:14.0130 81068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:53:14.0133 81068 sermouse - ok
23:53:14.0329 81068 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:53:14.0337 81068 SessionEnv - ok
23:53:14.0362 81068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:53:14.0367 81068 sffdisk - ok
23:53:14.0381 81068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:53:14.0385 81068 sffp_mmc - ok
23:53:14.0402 81068 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:53:14.0404 81068 sffp_sd - ok
23:53:14.0417 81068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:53:14.0419 81068 sfloppy - ok
23:53:14.0472 81068 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:53:14.0482 81068 Sftfs - ok
23:53:14.0561 81068 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:53:14.0578 81068 sftlist - ok
23:53:14.0597 81068 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:53:14.0602 81068 Sftplay - ok
23:53:14.0613 81068 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:53:14.0614 81068 Sftredir - ok
23:53:14.0621 81068 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:53:14.0624 81068 Sftvol - ok
23:53:14.0640 81068 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:53:14.0644 81068 sftvsa - ok
23:53:14.0666 81068 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:53:14.0672 81068 ShellHWDetection - ok
23:53:14.0687 81068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:53:14.0689 81068 SiSRaid2 - ok
23:53:14.0698 81068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:53:14.0700 81068 SiSRaid4 - ok
23:53:14.0772 81068 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:53:14.0774 81068 SkypeUpdate - ok
23:53:14.0804 81068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:53:14.0807 81068 Smb - ok
23:53:14.0836 81068 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:53:14.0838 81068 SNMPTRAP - ok
23:53:14.0845 81068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:53:14.0846 81068 spldr - ok
23:53:14.0879 81068 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:53:14.0885 81068 Spooler - ok
23:53:15.0082 81068 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:53:15.0156 81068 sppsvc - ok
23:53:15.0229 81068 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:53:15.0233 81068 sppuinotify - ok
23:53:15.0266 81068 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:53:15.0270 81068 srv - ok
23:53:15.0289 81068 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:53:15.0293 81068 srv2 - ok
23:53:15.0323 81068 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:53:15.0325 81068 srvnet - ok
23:53:15.0365 81068 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:53:15.0376 81068 SSDPSRV - ok
23:53:15.0389 81068 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:53:15.0393 81068 SstpSvc - ok
23:53:15.0407 81068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:53:15.0410 81068 stexstor - ok
23:53:15.0447 81068 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:53:15.0457 81068 stisvc - ok
23:53:15.0491 81068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:53:15.0493 81068 swenum - ok
23:53:15.0524 81068 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:53:15.0532 81068 swprv - ok
23:53:15.0618 81068 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:53:15.0649 81068 SysMain - ok
23:53:15.0714 81068 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:53:15.0717 81068 TabletInputService - ok
23:53:15.0735 81068 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:53:15.0741 81068 TapiSrv - ok
23:53:15.0753 81068 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:53:15.0756 81068 TBS - ok
23:53:15.0976 81068 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
23:53:16.0016 81068 Tcpip - ok
23:53:16.0160 81068 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
23:53:16.0172 81068 TCPIP6 - ok
23:53:16.0219 81068 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:53:16.0221 81068 tcpipreg - ok
23:53:16.0240 81068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:53:16.0242 81068 TDPIPE - ok
23:53:16.0279 81068 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:53:16.0287 81068 TDTCP - ok
23:53:16.0306 81068 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:53:16.0312 81068 tdx - ok
23:53:16.0330 81068 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:53:16.0335 81068 TermDD - ok
23:53:16.0382 81068 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:53:16.0394 81068 TermService - ok
23:53:16.0408 81068 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:53:16.0412 81068 Themes - ok
23:53:16.0446 81068 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:53:16.0448 81068 THREADORDER - ok
23:53:16.0460 81068 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:53:16.0465 81068 TrkWks - ok
23:53:16.0522 81068 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:53:16.0527 81068 TrustedInstaller - ok
23:53:16.0548 81068 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:53:16.0553 81068 tssecsrv - ok
23:53:16.0597 81068 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:53:16.0601 81068 tunnel - ok
23:53:16.0614 81068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:53:16.0617 81068 uagp35 - ok
23:53:16.0642 81068 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:53:16.0648 81068 udfs - ok
23:53:16.0715 81068 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:53:16.0723 81068 UI0Detect - ok
23:53:16.0744 81068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:53:16.0747 81068 uliagpkx - ok
23:53:16.0770 81068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:53:16.0773 81068 umbus - ok
23:53:16.0794 81068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:53:16.0795 81068 UmPass - ok
23:53:16.0921 81068 Updater Service for StartNow Toolbar (70eb41a4417ba0aa36ae12bf2b4d98f6) C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
23:53:16.0929 81068 Updater Service for StartNow Toolbar - ok
23:53:16.0959 81068 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:53:16.0967 81068 upnphost - ok
23:53:17.0035 81068 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:53:17.0046 81068 USBAAPL64 - ok
23:53:17.0091 81068 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:53:17.0095 81068 usbccgp - ok
23:53:17.0112 81068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:53:17.0115 81068 usbcir - ok
23:53:17.0148 81068 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:53:17.0151 81068 usbehci - ok
23:53:17.0176 81068 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
23:53:17.0179 81068 usbfilter - ok
23:53:17.0211 81068 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:53:17.0216 81068 usbhub - ok
23:53:17.0226 81068 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
23:53:17.0229 81068 usbohci - ok
23:53:17.0241 81068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:53:17.0244 81068 usbprint - ok
23:53:17.0264 81068 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:53:17.0267 81068 USBSTOR - ok
23:53:17.0279 81068 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
23:53:17.0281 81068 usbuhci - ok
23:53:17.0299 81068 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:53:17.0302 81068 UxSms - ok
23:53:17.0353 81068 V0250Dev (d1022b4ce46d257aa2d3492d4ea1244b) C:\Windows\system32\DRIVERS\V0250Dev.sys
23:53:17.0356 81068 V0250Dev - ok
23:53:17.0370 81068 V0250Vfx (8b97dcd5d0c379696bc9dc74c7a23cc1) C:\Windows\system32\DRIVERS\V0250Vfx.sys
23:53:17.0372 81068 V0250Vfx - ok
23:53:17.0409 81068 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:53:17.0410 81068 VaultSvc - ok
23:53:17.0424 81068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:53:17.0425 81068 vdrvroot - ok
23:53:17.0454 81068 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:53:17.0462 81068 vds - ok
23:53:17.0487 81068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:53:17.0489 81068 vga - ok
23:53:17.0502 81068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:53:17.0504 81068 VgaSave - ok
23:53:17.0521 81068 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:53:17.0525 81068 vhdmp - ok
23:53:17.0550 81068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:53:17.0552 81068 viaide - ok
23:53:17.0573 81068 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:53:17.0574 81068 volmgr - ok
23:53:17.0594 81068 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:53:17.0597 81068 volmgrx - ok
23:53:17.0620 81068 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:53:17.0624 81068 volsnap - ok
23:53:17.0664 81068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:53:17.0667 81068 vsmraid - ok
23:53:17.0734 81068 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:53:17.0807 81068 VSS - ok
23:53:17.0914 81068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:53:17.0919 81068 vwifibus - ok
23:53:17.0942 81068 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:53:17.0945 81068 vwififlt - ok
23:53:17.0966 81068 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:53:17.0969 81068 vwifimp - ok
23:53:18.0008 81068 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:53:18.0016 81068 W32Time - ok
23:53:18.0033 81068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:53:18.0036 81068 WacomPen - ok
23:53:18.0068 81068 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:53:18.0071 81068 WANARP - ok
23:53:18.0075 81068 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:53:18.0077 81068 Wanarpv6 - ok
23:53:18.0202 81068 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:53:18.0236 81068 WatAdminSvc - ok
23:53:18.0312 81068 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:53:18.0343 81068 wbengine - ok
23:53:18.0400 81068 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:53:18.0406 81068 WbioSrvc - ok
23:53:18.0457 81068 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:53:18.0471 81068 wcncsvc - ok
23:53:18.0509 81068 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:53:18.0518 81068 WcsPlugInService - ok
23:53:18.0543 81068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:53:18.0548 81068 Wd - ok
23:53:18.0594 81068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:53:18.0601 81068 Wdf01000 - ok
23:53:18.0620 81068 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:53:18.0625 81068 WdiServiceHost - ok
23:53:18.0629 81068 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:53:18.0632 81068 WdiSystemHost - ok
23:53:18.0675 81068 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:53:18.0682 81068 WebClient - ok
23:53:18.0697 81068 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:53:18.0702 81068 Wecsvc - ok
23:53:18.0745 81068 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:53:18.0748 81068 wercplsupport - ok
23:53:18.0774 81068 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:53:18.0777 81068 WerSvc - ok
23:53:18.0804 81068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:53:18.0806 81068 WfpLwf - ok
23:53:18.0820 81068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:53:18.0822 81068 WIMMount - ok
23:53:18.0855 81068 WinHttpAutoProxySvc - ok
23:53:18.0950 81068 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:53:18.0958 81068 Winmgmt - ok
23:53:19.0099 81068 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:53:19.0159 81068 WinRM - ok
23:53:19.0270 81068 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:53:19.0275 81068 WinUsb - ok
23:53:19.0487 81068 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:53:19.0536 81068 Wlansvc - ok
23:53:19.0770 81068 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:53:19.0817 81068 wlidsvc - ok
23:53:19.0914 81068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:53:19.0916 81068 WmiAcpi - ok
23:53:19.0942 81068 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:53:19.0946 81068 wmiApSrv - ok
23:53:19.0974 81068 WMPNetworkSvc - ok
23:53:19.0991 81068 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:53:20.0000 81068 WPCSvc - ok
23:53:20.0018 81068 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:53:20.0028 81068 WPDBusEnum - ok
23:53:20.0047 81068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:53:20.0050 81068 ws2ifsl - ok
23:53:20.0053 81068 WSearch - ok
23:53:20.0143 81068 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
23:53:20.0152 81068 WSWNA1100 - ok
23:53:20.0288 81068 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:53:20.0332 81068 wuauserv - ok
23:53:20.0393 81068 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:53:20.0396 81068 WudfPf - ok
23:53:20.0427 81068 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:53:20.0435 81068 WUDFRd - ok
23:53:20.0451 81068 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:53:20.0459 81068 wudfsvc - ok
23:53:20.0481 81068 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:53:20.0488 81068 WwanSvc - ok
23:53:20.0543 81068 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
23:53:20.0568 81068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:53:20.0568 81068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:53:20.0617 81068 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:53:20.0617 81068 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:53:20.0641 81068 Boot (0x1200) (fa71b9045400538f711edfdb8b612ae5) \Device\Harddisk0\DR0\Partition0
23:53:20.0643 81068 \Device\Harddisk0\DR0\Partition0 - ok
23:53:20.0651 81068 Boot (0x1200) (804e20028b5cb1e2caf452fee4816788) \Device\Harddisk0\DR0\Partition1
23:53:20.0653 81068 \Device\Harddisk0\DR0\Partition1 - ok
23:53:20.0683 81068 Boot (0x1200) (5879efd110404aa15293a094fcb19b20) \Device\Harddisk0\DR0\Partition2
23:53:20.0685 81068 \Device\Harddisk0\DR0\Partition2 - ok
23:53:20.0686 81068 ============================================================
23:53:20.0686 81068 Scan finished
23:53:20.0686 81068 ============================================================
23:53:20.0698 81060 Detected object count: 2
23:53:20.0698 81060 Actual detected object count: 2
23:53:58.0090 81060 \Device\Harddisk0\DR0\# - copied to quarantine
23:53:58.0091 81060 \Device\Harddisk0\DR0 - copied to quarantine
23:53:58.0122 81060 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:53:58.0123 81060 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:53:58.0125 81060 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:53:58.0127 81060 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:53:58.0129 81060 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:53:58.0142 81060 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:53:58.0150 81060 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:53:58.0161 81060 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:53:58.0164 81060 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:53:58.0189 81060 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:53:58.0195 81060 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:53:58.0196 81060 \Device\Harddisk0\DR0 - ok
23:53:58.0690 81060 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:53:58.0696 81060 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:53:58.0699 81060 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:53:58.0703 81060 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:53:58.0708 81060 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:53:58.0710 81060 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:53:58.0723 81060 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:53:58.0732 81060 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:53:58.0743 81060 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:53:58.0746 81060 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:53:58.0747 81060 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:53:58.0747 81060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
00:00:09.0913 79344 Deinitialize success

aswMBR Log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 23:56:37
-----------------------------
23:56:37.788 OS Version: Windows x64 6.1.7600
23:56:37.788 Number of processors: 4 586 0x503
23:56:37.789 ComputerName: MIRZA-HP UserName: Mirza
23:56:41.874 Initialize success
23:57:32.193 AVAST engine defs: 12071301
23:57:44.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
23:57:44.002 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11
23:57:44.004 Device \Driver\amd_sata -> MajorFunction fffffa8005a4b5c4
23:57:44.006 Disk 0 MBR read successfully
23:57:44.008 Disk 0 MBR scan
23:57:44.012 Disk 0 unknown MBR code
23:57:44.025 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:57:44.035 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 701790 MB offset 206848
23:57:44.059 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13512 MB offset 1437472768
23:57:44.094 Disk 0 scanning C:\Windows\system32\drivers
23:57:55.321 Service scanning
23:58:14.042 Modules scanning
23:58:14.060 Disk 0 trace - called modules:
23:58:14.073 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0xfffffa8007bf90b0]<<35302522.sys >>UNKNOWN [0xfffffa8005a4b5c4]<<
23:58:14.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800530b790]
23:58:14.084 3 CLASSPNP.SYS[fffff8800188943f] -> nt!IofCallDriver -> [0xfffffa80051beac0]
23:58:14.090 5 amd_xata.sys[fffff88000e638b4] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80051b99c0]
23:58:14.096 \Driver\amd_sata[0xfffffa80059cad80] -> IRP_MJ_CREATE -> 0xfffffa8005a4b5c4
23:58:17.126 AVAST engine scan C:\Windows
23:58:20.853 AVAST engine scan C:\Windows\system32
00:00:03.703 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:00:05.819 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:01:46.450 AVAST engine scan C:\Windows\system32\drivers
00:02:25.806 AVAST engine scan C:\Users\Mirza
00:09:20.160 File: C:\Users\Mirza\AppData\Local\Temp\DEB8.tmp **INFECTED** Win32:Downloader-MNA [Trj]
00:09:31.880 File: C:\Users\Mirza\AppData\Local\Temp\nscF9F2.tmp\jpti52u.chv **INFECTED** Win32:MalOb-HO [Cryp]
00:09:31.918 File: C:\Users\Mirza\AppData\Local\Temp\nscF9F2.tmp\lt3p41o.jpm **INFECTED** Win32:MalOb-HO [Cryp]
00:09:31.947 File: C:\Users\Mirza\AppData\Local\Temp\nscF9F2.tmp\rxyuuen.uff **INFECTED** Win32:MalOb-HO [Cryp]
00:09:31.992 File: C:\Users\Mirza\AppData\Local\Temp\nscF9F2.tmp\vuimfqb.apx **INFECTED** Win32:MalOb-HO [Cryp]
00:09:32.729 File: C:\Users\Mirza\AppData\Local\Temp\p9pl5711040542328071615.tmp **INFECTED** Win32:MalOb-IK [Cryp]
00:15:07.105 AVAST engine scan C:\ProgramData
00:22:22.128 Scan finished successfully
01:16:17.305 Disk 0 MBR has been saved successfully to "C:\Users\Mirza\Documents\MBR.dat"
01:16:17.313 The log file has been saved successfully to "C:\Users\Mirza\Documents\aswMBR.txt"

ESET logs:

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.07.2012_23.52.30\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\ArcSoft\Apple Computer\weihnhbw.dll a variant of Win32/Kryptik.AIGL trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Mirza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HT4K63H5\JDownloaderSetup_CH5[1].exe a variant of Win32/InstallCore.AF application cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\0.08261320955725215 a variant of Win32/Kryptik.AIGL trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\0.47395476415386195 a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\DEB8.tmp Win32/Olmarik.AXW trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\jar_cache3517343792826382880.tmp multiple threats deleted - quarantined
C:\Users\Mirza\AppData\Local\Temp\JDownloaderSetup.exe a variant of Win32/InstallCore.AF application cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\NOD4A54.tmp Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Users\Mirza\AppData\Local\Temp\NODDDD7.tmp a variant of Win32/Kryptik.AIGL trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Mirza\AppData\Local\Temp\p9pl5711040542328071615.tmp Win32/Olmarik.AXW trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\slp4292166121815275670.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\ICReinstall\cnet2_m-ipod-to-pc-transfer-for-win-cnet_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\is1070216317\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\nscF9F2.tmp\jpti52u.chv Win32/Boaxxe.A trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\nscF9F2.tmp\lt3p41o.jpm Win32/BHO.NZK trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\nscF9F2.tmp\rxyuuen.uff Win32/TrojanDownloader.Tracur.I trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\Local\Temp\nscF9F2.tmp\vuimfqb.apx a variant of Win32/Kryptik.XJT trojan cleaned by deleting - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-34273e37 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\196b589f-2b748453 multiple threats deleted - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-6082301f a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-7c1cc2a8 multiple threats deleted - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-4cdef7d2 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2bc3f6b3-12b825cd a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\40476e39-4be60283 Java/Exploit.Agent.NBG trojan deleted - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-1404fa95 multiple threats deleted - quarantined
C:\Users\Mirza\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\139f3c7-5b434010 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Mirza\AppData\Roaming\Mozilla\Firefox\Profiles\2577qsv3.default\extensions\cvtpmpyoqh@cvtpmpyoqh.org.xpi JS/Redirector.NCA trojan deleted - quarantined
C:\Users\Mirza\Downloads\cnet2_m-ipod-to-pc-transfer-for-win-cnet_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Mirza\Downloads\SoftonicDownloader_for_anapod-explorer.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OKNKEQ2\fpi[3].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MROFV6O2\the-cat-in-the-box[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OTQMGBJ2\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USY1CCH8\fpi[4].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXNQJEL9\fpi[6].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\40b3013f-284325c1 Java/Exploit.Blacole.AN trojan deleted - quarantined
C:\Windows\Temp\avg-1ce4f60b-9681-4657-9886-6c116b7d6f00.tmp a variant of Win32/Kryptik.ACTC trojan cleaned by deleting - quarantined
C:\Windows\Temp\avg-22063d4f-c5c5-453e-a79d-082c74295232.tmp a variant of Win32/Kryptik.ACTC trojan cleaned by deleting - quarantined
C:\Windows\Temp\avg-4624bd6b-2eaf-4616-af79-603e0aebfe4c.tmp a variant of Win32/Kryptik.ACTQ trojan cleaned by deleting - quarantined
C:\Windows\Temp\avg-756e7254-d66a-4130-beb9-bd3573c18028.tmp a variant of Win32/Kryptik.ACTC trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache1304434059335006417.tmp probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan deleted - quarantined
C:\Windows\Temp\jar_cache1454975280740211027.tmp multiple threats deleted - quarantined
C:\Windows\Temp\jar_cache1907860760347008213.tmp multiple threats deleted - quarantined
C:\Windows\Temp\jar_cache2083778330013451617.tmp multiple threats deleted - quarantined
C:\Windows\Temp\jar_cache266843358393382567.tmp probably a variant of Java/TrojanDownloader.OpenStream.NCI trojan deleted - quarantined
C:\Windows\Temp\jar_cache3503844925288975841.tmp a variant of Java/Exploit.CVE-2012-0507.B trojan deleted - quarantined
C:\Windows\Temp\jar_cache4379925194694285788.tmp Java/Exploit.CVE-2012-0507.D trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache4830383532637887729.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Windows\Temp\jar_cache5966977632700809670.tmp probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan deleted - quarantined
C:\Windows\Temp\jar_cache5972486438269571095.tmp probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan deleted - quarantined
C:\Windows\Temp\jar_cache6007653773344093909.tmp probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan deleted - quarantined
C:\Windows\Temp\jar_cache6933634698364089776.tmp probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan deleted - quarantined
C:\Windows\Temp\jar_cache7423249312177691364.tmp Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined
C:\Windows\Temp\jar_cache7667855356392312422.tmp a variant of Java/TrojanDownloader.OpenStream.NCD trojan deleted - quarantined
C:\Windows\Temp\jar_cache7717136879725000126.tmp Java/Exploit.CVE-2012-0507.D trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache7889852886715647569.tmp Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined
C:\Windows\Temp\jar_cache8135935423761725424.tmp probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan deleted - quarantined
C:\Windows\Temp\jar_cache8304990782634750348.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Windows\Temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BK trojan cleaned by deleting - quarantined
C:\Windows\Temp\ToolbarUpdate.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
Operating memory multiple threats

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:10 PM

Posted 14 July 2012 - 04:44 AM

We need advanced tools here

Read the guide on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 14 July 2012 - 04:45 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users