Jump to content


Photo
- - - - -

c:\Windows\svchost.exe (Trojan.Agent)


  • This topic is locked This topic is locked
16 replies to this topic

#1 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 30 January 2012 - 10:35 PM

  • DDS.txt
  • Attach.txt
the files are below, thank you for helping out

#2 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 30 January 2012 - 11:27 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Kaleb at 19:24:23 on 2012-01-30
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.6125.4408 [GMT -8:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = 127.0.0.1:9421
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
uRun: [AdobeBridge]
uRun: [Akamai NetSession Interface] "C:\Users\Kaleb\AppData\Local\Akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1B5E2928-3CE9-4218-B31A-B947B4325E55} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\146716471627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\1496272344164716 : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\6596F6C65647374557265637D27657563747 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\95F67696E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\D494B45454C46413 : DhcpNameServer = 192.168.2.1
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kaleb\AppData\Roaming\Mozilla\Firefox\Profiles\vey3cn9p.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-21 1157240]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120128.002\IDSviA64.sys [2012-1-30 488568]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S2 DMAgent;IntelR PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-10 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-29 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-30 652872]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-11-9 130008]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
S2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
S2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-5-21 134928]
S2 UCManSvc;UCManSvc;C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [2010-3-12 241808]
S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-8-10 575856]
S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-8-10 836608]
S2 WiMAXAppSrv;IntelR PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
S3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
S3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-9 138360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-10 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-8-10 1250160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-8-10 252416]
.
=============== Created Last 30 ================
.
2012-01-31 02:48:46 20480 ----a-w- C:\Windows\svchost.exe
2012-01-30 08:05:24 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-30 08:04:20 -------- d-----w- C:\ProgramData\SUPERSetup
2012-01-29 19:05:12 -------- d-----w- C:\Users\Kaleb\AppData\Roaming\Malwarebytes
2012-01-29 19:05:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-29 19:05:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-29 18:57:17 -------- d-----w- C:\Users\Kaleb\AppData\Roaming\SUPERAntiSpyware.com
2012-01-29 18:57:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-29 18:57:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-29 18:44:49 -------- d--h--w- C:\ProgramData\Common Files
2012-01-29 18:44:26 -------- d-----w- C:\ProgramData\MFAData
2012-01-29 05:26:36 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\80DD.tmp
2012-01-29 05:26:36 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\80DC.tmp
2012-01-14 02:47:50 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-14 02:47:50 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-14 02:47:50 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-14 02:47:50 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-02 09:20:26 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-20 08:00:10 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-10 02:08:59 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-11-05 08:47:42 546256 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-11-05 08:47:42 480720 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-11-05 08:47:42 22992 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-11-05 08:47:42 132560 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-11-05 08:47:40 99792 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2011-11-05 08:47:40 738768 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-11-05 08:47:40 67024 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-11-05 08:47:40 456144 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-11-05 08:47:40 390608 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-11-05 08:47:40 28624 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-11-05 08:47:40 230864 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-11-05 08:47:40 103888 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2006-05-03 19:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 20:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 22:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 19:24:48.97 ===============

#3 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 01 February 2012 - 02:26 PM

When I try to delete svchost.exe (Trojan.Agent)with malwarebytes, whenever my computer restarts this trojan comes back causing my computer to have blue screen. Right now I can only be on safe mode with-out having having this trojan blue screen my computer. I was wondering when should I recieve a reply?

#4 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 02 February 2012 - 04:34 PM

Is anyone free to help me?

#5 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 04 February 2012 - 07:36 AM

:welcome:

Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs from these scans, use "copy/paste".

Sorry about the delay in responding :( We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.


Next:
Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 04 February 2012 - 09:24 AM

06:16:49.0115 1252 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
06:16:49.0583 1252 ============================================================
06:16:49.0583 1252 Current date / time: 2012/02/04 06:16:49.0583
06:16:49.0583 1252 SystemInfo:
06:16:49.0583 1252
06:16:49.0583 1252 OS Version: 6.1.7600 ServicePack: 0.0
06:16:49.0583 1252 Product type: Workstation
06:16:49.0583 1252 ComputerName: KALEB-VAIO
06:16:49.0583 1252 UserName: Kaleb
06:16:49.0583 1252 Windows directory: C:\Windows
06:16:49.0583 1252 System windows directory: C:\Windows
06:16:49.0583 1252 Running under WOW64
06:16:49.0583 1252 Processor architecture: Intel x64
06:16:49.0583 1252 Number of processors: 8
06:16:49.0583 1252 Page size: 0x1000
06:16:49.0583 1252 Boot type: Safe boot with network
06:16:49.0583 1252 ============================================================
06:16:50.0145 1252 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:16:50.0160 1252 \Device\Harddisk0\DR0:
06:16:50.0160 1252 MBR used
06:16:50.0160 1252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1416000, BlocksNum 0x32000
06:16:50.0160 1252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1448000, BlocksNum 0x4940FAB0
06:16:50.0192 1252 Initialize success
06:16:50.0192 1252 ============================================================
06:17:23.0888 1296 ============================================================
06:17:23.0888 1296 Scan started
06:17:23.0888 1296 Mode: Manual; SigCheck; TDLFS;
06:17:23.0888 1296 ============================================================
06:17:24.0933 1296 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
06:17:25.0042 1296 1394ohci - ok
06:17:25.0151 1296 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
06:17:25.0167 1296 ACPI - ok
06:17:25.0214 1296 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
06:17:25.0323 1296 AcpiPmi - ok
06:17:25.0463 1296 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
06:17:25.0479 1296 adp94xx - ok
06:17:25.0526 1296 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
06:17:25.0541 1296 adpahci - ok
06:17:25.0573 1296 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
06:17:25.0588 1296 adpu320 - ok
06:17:25.0635 1296 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
06:17:25.0697 1296 AFD - ok
06:17:25.0729 1296 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:17:25.0744 1296 agp440 - ok
06:17:25.0822 1296 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:17:25.0838 1296 aliide - ok
06:17:25.0900 1296 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:17:25.0900 1296 amdide - ok
06:17:25.0931 1296 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
06:17:25.0963 1296 AmdK8 - ok
06:17:26.0009 1296 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
06:17:26.0056 1296 AmdPPM - ok
06:17:26.0119 1296 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
06:17:26.0134 1296 amdsata - ok
06:17:26.0181 1296 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
06:17:26.0197 1296 amdsbs - ok
06:17:26.0212 1296 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
06:17:26.0228 1296 amdxata - ok
06:17:26.0275 1296 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
06:17:26.0306 1296 ApfiltrService - ok
06:17:26.0337 1296 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
06:17:26.0462 1296 AppID - ok
06:17:26.0555 1296 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
06:17:26.0555 1296 arc - ok
06:17:26.0587 1296 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
06:17:26.0602 1296 arcsas - ok
06:17:26.0649 1296 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:17:26.0758 1296 AsyncMac - ok
06:17:26.0852 1296 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:17:26.0867 1296 atapi - ok
06:17:26.0930 1296 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
06:17:27.0023 1296 athr - ok
06:17:27.0179 1296 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
06:17:27.0257 1296 b06bdrv - ok
06:17:27.0273 1296 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:17:27.0320 1296 b57nd60a - ok
06:17:27.0382 1296 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:17:27.0429 1296 Beep - ok
06:17:27.0647 1296 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
06:17:27.0679 1296 BHDrvx64 - ok
06:17:27.0772 1296 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
06:17:27.0803 1296 blbdrive - ok
06:17:27.0850 1296 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
06:17:27.0897 1296 bowser - ok
06:17:27.0928 1296 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
06:17:27.0975 1296 bpenum - ok
06:17:28.0006 1296 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
06:17:28.0037 1296 bpmp - ok
06:17:28.0053 1296 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
06:17:28.0084 1296 bpusb - ok
06:17:28.0115 1296 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
06:17:28.0147 1296 BrFiltLo - ok
06:17:28.0162 1296 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
06:17:28.0178 1296 BrFiltUp - ok
06:17:28.0209 1296 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:17:28.0256 1296 Brserid - ok
06:17:28.0287 1296 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:17:28.0318 1296 BrSerWdm - ok
06:17:28.0349 1296 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:17:28.0396 1296 BrUsbMdm - ok
06:17:28.0443 1296 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:17:28.0474 1296 BrUsbSer - ok
06:17:28.0552 1296 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
06:17:28.0583 1296 BthEnum - ok
06:17:28.0615 1296 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:17:28.0630 1296 BTHMODEM - ok
06:17:28.0677 1296 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
06:17:28.0708 1296 BthPan - ok
06:17:28.0755 1296 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
06:17:28.0786 1296 BTHPORT - ok
06:17:28.0817 1296 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
06:17:28.0849 1296 BTHUSB - ok
06:17:28.0880 1296 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
06:17:28.0895 1296 btwampfl - ok
06:17:28.0927 1296 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
06:17:28.0927 1296 btwaudio - ok
06:17:28.0973 1296 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
06:17:28.0973 1296 btwavdt - ok
06:17:28.0989 1296 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
06:17:29.0005 1296 btwl2cap - ok
06:17:29.0036 1296 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
06:17:29.0036 1296 btwrchid - ok
06:17:29.0051 1296 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:17:29.0114 1296 cdfs - ok
06:17:29.0145 1296 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
06:17:29.0161 1296 cdrom - ok
06:17:29.0207 1296 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
06:17:29.0239 1296 circlass - ok
06:17:29.0270 1296 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:17:29.0285 1296 CLFS - ok
06:17:29.0317 1296 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
06:17:29.0332 1296 CmBatt - ok
06:17:29.0379 1296 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:17:29.0379 1296 cmdide - ok
06:17:29.0441 1296 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
06:17:29.0488 1296 CNG - ok
06:17:29.0519 1296 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
06:17:29.0535 1296 Compbatt - ok
06:17:29.0551 1296 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
06:17:29.0582 1296 CompositeBus - ok
06:17:29.0613 1296 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
06:17:29.0629 1296 crcdisk - ok
06:17:29.0691 1296 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
06:17:29.0738 1296 DfsC - ok
06:17:29.0769 1296 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:17:29.0831 1296 discache - ok
06:17:29.0863 1296 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
06:17:29.0878 1296 Disk - ok
06:17:29.0894 1296 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:17:29.0925 1296 drmkaud - ok
06:17:29.0972 1296 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
06:17:29.0987 1296 DXGKrnl - ok
06:17:30.0097 1296 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
06:17:30.0159 1296 ebdrv - ok
06:17:30.0253 1296 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
06:17:30.0253 1296 eeCtrl - ok
06:17:30.0377 1296 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
06:17:30.0393 1296 elxstor - ok
06:17:30.0502 1296 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:17:30.0518 1296 EraserUtilRebootDrv - ok
06:17:30.0643 1296 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:17:30.0674 1296 ErrDev - ok
06:17:30.0736 1296 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:17:30.0783 1296 exfat - ok
06:17:30.0814 1296 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:17:30.0861 1296 fastfat - ok
06:17:30.0908 1296 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
06:17:30.0939 1296 fdc - ok
06:17:30.0970 1296 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:17:30.0970 1296 FileInfo - ok
06:17:31.0017 1296 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:17:31.0079 1296 Filetrace - ok
06:17:31.0126 1296 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
06:17:31.0157 1296 flpydisk - ok
06:17:31.0189 1296 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
06:17:31.0204 1296 FltMgr - ok
06:17:31.0220 1296 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:17:31.0220 1296 FsDepends - ok
06:17:31.0235 1296 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
06:17:31.0251 1296 Fs_Rec - ok
06:17:31.0251 1296 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
06:17:31.0267 1296 fvevol - ok
06:17:31.0298 1296 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
06:17:31.0313 1296 gagp30kx - ok
06:17:31.0345 1296 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:17:31.0345 1296 GEARAspiWDM - ok
06:17:31.0376 1296 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:17:31.0407 1296 hcw85cir - ok
06:17:31.0438 1296 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
06:17:31.0469 1296 HdAudAddService - ok
06:17:31.0501 1296 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
06:17:31.0532 1296 HDAudBus - ok
06:17:31.0579 1296 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
06:17:31.0594 1296 HidBatt - ok
06:17:31.0610 1296 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
06:17:31.0641 1296 HidBth - ok
06:17:31.0672 1296 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
06:17:31.0688 1296 HidIr - ok
06:17:31.0735 1296 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
06:17:31.0766 1296 HidUsb - ok
06:17:31.0813 1296 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
06:17:31.0828 1296 HpSAMD - ok
06:17:31.0859 1296 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
06:17:31.0906 1296 HTTP - ok
06:17:31.0922 1296 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
06:17:31.0922 1296 hwpolicy - ok
06:17:31.0953 1296 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
06:17:31.0969 1296 i8042prt - ok
06:17:31.0984 1296 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
06:17:32.0000 1296 iaStor - ok
06:17:32.0047 1296 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
06:17:32.0062 1296 iaStorV - ok
06:17:32.0296 1296 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120201.002\IDSvia64.sys
06:17:32.0312 1296 IDSVia64 - ok
06:17:32.0421 1296 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
06:17:32.0437 1296 iirsp - ok
06:17:32.0452 1296 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys
06:17:32.0499 1296 Impcd - ok
06:17:32.0593 1296 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
06:17:32.0639 1296 IntcAzAudAddService - ok
06:17:32.0749 1296 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:17:32.0749 1296 intelide - ok
06:17:32.0780 1296 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
06:17:32.0811 1296 intelppm - ok
06:17:32.0827 1296 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:17:32.0858 1296 IpFilterDriver - ok
06:17:32.0889 1296 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
06:17:32.0920 1296 IPMIDRV - ok
06:17:33.0014 1296 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:17:33.0076 1296 IPNAT - ok
06:17:33.0092 1296 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:17:33.0123 1296 IRENUM - ok
06:17:33.0170 1296 is3srv - ok
06:17:33.0201 1296 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:17:33.0201 1296 isapnp - ok
06:17:33.0263 1296 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
06:17:33.0279 1296 iScsiPrt - ok
06:17:33.0295 1296 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
06:17:33.0310 1296 kbdclass - ok
06:17:33.0341 1296 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
06:17:33.0373 1296 kbdhid - ok
06:17:33.0404 1296 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
06:17:33.0404 1296 KSecDD - ok
06:17:33.0451 1296 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
06:17:33.0466 1296 KSecPkg - ok
06:17:33.0482 1296 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:17:33.0529 1296 ksthunk - ok
06:17:33.0560 1296 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:17:33.0622 1296 lltdio - ok
06:17:33.0653 1296 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
06:17:33.0669 1296 LSI_FC - ok
06:17:33.0685 1296 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
06:17:33.0700 1296 LSI_SAS - ok
06:17:33.0731 1296 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
06:17:33.0731 1296 LSI_SAS2 - ok
06:17:33.0763 1296 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
06:17:33.0778 1296 LSI_SCSI - ok
06:17:33.0794 1296 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:17:33.0841 1296 luafv - ok
06:17:33.0919 1296 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
06:17:33.0919 1296 MBAMProtector - ok
06:17:33.0981 1296 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
06:17:33.0981 1296 megasas - ok
06:17:34.0012 1296 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
06:17:34.0028 1296 MegaSR - ok
06:17:34.0059 1296 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:17:34.0121 1296 Modem - ok
06:17:34.0137 1296 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:17:34.0168 1296 monitor - ok
06:17:34.0199 1296 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
06:17:34.0199 1296 mouclass - ok
06:17:34.0215 1296 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:17:34.0246 1296 mouhid - ok
06:17:34.0277 1296 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
06:17:34.0277 1296 mountmgr - ok
06:17:34.0293 1296 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
06:17:34.0309 1296 mpio - ok
06:17:34.0340 1296 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:17:34.0387 1296 mpsdrv - ok
06:17:34.0418 1296 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
06:17:34.0449 1296 MRxDAV - ok
06:17:34.0480 1296 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:17:34.0527 1296 mrxsmb - ok
06:17:34.0589 1296 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:17:34.0621 1296 mrxsmb10 - ok
06:17:34.0667 1296 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:17:34.0699 1296 mrxsmb20 - ok
06:17:34.0730 1296 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
06:17:34.0745 1296 msahci - ok
06:17:34.0777 1296 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
06:17:34.0777 1296 msdsm - ok
06:17:34.0808 1296 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:17:34.0839 1296 Msfs - ok
06:17:34.0870 1296 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:17:34.0917 1296 mshidkmdf - ok
06:17:34.0948 1296 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:17:34.0948 1296 msisadrv - ok
06:17:34.0964 1296 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:17:35.0026 1296 MSKSSRV - ok
06:17:35.0042 1296 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:17:35.0089 1296 MSPCLOCK - ok
06:17:35.0120 1296 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:17:35.0167 1296 MSPQM - ok
06:17:35.0198 1296 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
06:17:35.0213 1296 MsRPC - ok
06:17:35.0229 1296 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:17:35.0245 1296 mssmbios - ok
06:17:35.0260 1296 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:17:35.0307 1296 MSTEE - ok
06:17:35.0338 1296 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
06:17:35.0369 1296 MTConfig - ok
06:17:35.0369 1296 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:17:35.0385 1296 Mup - ok
06:17:35.0463 1296 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:17:35.0494 1296 NativeWifiP - ok
06:17:35.0666 1296 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120202.018\ENG64.SYS
06:17:35.0681 1296 NAVENG - ok
06:17:35.0728 1296 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120202.018\EX64.SYS
06:17:35.0775 1296 NAVEX15 - ok
06:17:35.0900 1296 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
06:17:35.0931 1296 NDIS - ok
06:17:35.0947 1296 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:17:36.0009 1296 NdisCap - ok
06:17:36.0040 1296 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:17:36.0087 1296 NdisTapi - ok
06:17:36.0118 1296 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
06:17:36.0165 1296 Ndisuio - ok
06:17:36.0196 1296 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
06:17:36.0243 1296 NdisWan - ok
06:17:36.0274 1296 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
06:17:36.0321 1296 NDProxy - ok
06:17:36.0352 1296 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:17:36.0399 1296 NetBIOS - ok
06:17:36.0415 1296 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
06:17:36.0461 1296 NetBT - ok
06:17:36.0633 1296 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
06:17:36.0836 1296 NETw5s64 - ok
06:17:36.0945 1296 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
06:17:36.0961 1296 nfrd960 - ok
06:17:36.0992 1296 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:17:37.0039 1296 Npfs - ok
06:17:37.0070 1296 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:17:37.0132 1296 nsiproxy - ok
06:17:37.0179 1296 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
06:17:37.0226 1296 Ntfs - ok
06:17:37.0241 1296 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:17:37.0304 1296 Null - ok
06:17:37.0351 1296 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\drivers\nusb3hub.sys
06:17:37.0366 1296 nusb3hub - ok
06:17:37.0397 1296 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\drivers\nusb3xhc.sys
06:17:37.0397 1296 nusb3xhc - ok
06:17:37.0429 1296 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\Windows\system32\drivers\nvhda64v.sys
06:17:37.0444 1296 NVHDA - ok
06:17:37.0663 1296 nvlddmkm (b4402e1d61a3015fc29bef94bb1c81fd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:17:37.0990 1296 nvlddmkm - ok
06:17:38.0099 1296 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
06:17:38.0099 1296 nvraid - ok
06:17:38.0115 1296 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
06:17:38.0131 1296 nvstor - ok
06:17:38.0177 1296 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:17:38.0177 1296 nv_agp - ok
06:17:38.0209 1296 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:17:38.0240 1296 ohci1394 - ok
06:17:38.0287 1296 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
06:17:38.0287 1296 Parport - ok
06:17:38.0333 1296 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
06:17:38.0349 1296 partmgr - ok
06:17:38.0365 1296 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
06:17:38.0380 1296 pci - ok
06:17:38.0396 1296 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:17:38.0411 1296 pciide - ok
06:17:38.0427 1296 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
06:17:38.0443 1296 pcmcia - ok
06:17:38.0474 1296 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:17:38.0474 1296 pcw - ok
06:17:38.0505 1296 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:17:38.0583 1296 PEAUTH - ok
06:17:38.0677 1296 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
06:17:38.0723 1296 PptpMiniport - ok
06:17:38.0770 1296 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
06:17:38.0786 1296 Processor - ok
06:17:38.0833 1296 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
06:17:38.0895 1296 Psched - ok
06:17:38.0926 1296 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
06:17:38.0973 1296 ql2300 - ok
06:17:39.0004 1296 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
06:17:39.0004 1296 ql40xx - ok
06:17:39.0035 1296 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:17:39.0067 1296 QWAVEdrv - ok
06:17:39.0098 1296 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:17:39.0145 1296 RasAcd - ok
06:17:39.0176 1296 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:17:39.0223 1296 RasAgileVpn - ok
06:17:39.0254 1296 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:17:39.0301 1296 Rasl2tp - ok
06:17:39.0332 1296 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:17:39.0379 1296 RasPppoe - ok
06:17:39.0410 1296 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:17:39.0472 1296 RasSstp - ok
06:17:39.0488 1296 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
06:17:39.0535 1296 rdbss - ok
06:17:39.0566 1296 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
06:17:39.0597 1296 rdpbus - ok
06:17:39.0613 1296 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:17:39.0644 1296 RDPCDD - ok
06:17:39.0659 1296 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:17:39.0706 1296 RDPENCDD - ok
06:17:39.0722 1296 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:17:39.0753 1296 RDPREFMP - ok
06:17:39.0784 1296 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
06:17:39.0831 1296 RDPWD - ok
06:17:39.0862 1296 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
06:17:39.0878 1296 rdyboost - ok
06:17:39.0925 1296 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
06:17:39.0940 1296 regi - ok
06:17:39.0956 1296 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
06:17:39.0987 1296 RFCOMM - ok
06:17:40.0018 1296 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
06:17:40.0049 1296 rimspci - ok
06:17:40.0096 1296 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
06:17:40.0127 1296 risdsnpe - ok
06:17:40.0143 1296 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:17:40.0190 1296 rspndr - ok
06:17:40.0299 1296 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
06:17:40.0299 1296 SASDIFSV - ok
06:17:40.0315 1296 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
06:17:40.0315 1296 SASKUTIL - ok
06:17:40.0346 1296 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
06:17:40.0361 1296 sbp2port - ok
06:17:40.0408 1296 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
06:17:40.0408 1296 SCDEmu - ok
06:17:40.0439 1296 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
06:17:40.0486 1296 scfilter - ok
06:17:40.0517 1296 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
06:17:40.0580 1296 sdbus - ok
06:17:40.0595 1296 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:17:40.0658 1296 secdrv - ok
06:17:40.0689 1296 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
06:17:40.0720 1296 Serenum - ok
06:17:40.0736 1296 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
06:17:40.0751 1296 Serial - ok
06:17:40.0767 1296 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
06:17:40.0798 1296 sermouse - ok
06:17:40.0845 1296 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
06:17:40.0876 1296 SFEP - ok
06:17:40.0907 1296 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:17:40.0939 1296 sffdisk - ok
06:17:40.0985 1296 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:17:41.0017 1296 sffp_mmc - ok
06:17:41.0048 1296 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
06:17:41.0048 1296 sffp_sd - ok
06:17:41.0079 1296 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
06:17:41.0095 1296 sfloppy - ok
06:17:41.0157 1296 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
06:17:41.0173 1296 SiSRaid2 - ok
06:17:41.0204 1296 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
06:17:41.0219 1296 SiSRaid4 - ok
06:17:41.0266 1296 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:17:41.0313 1296 Smb - ok
06:17:41.0438 1296 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:17:41.0453 1296 spldr - ok
06:17:41.0578 1296 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
06:17:41.0594 1296 SRTSP - ok
06:17:41.0625 1296 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
06:17:41.0641 1296 SRTSPX - ok
06:17:41.0703 1296 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
06:17:41.0765 1296 srv - ok
06:17:41.0812 1296 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
06:17:41.0828 1296 srv2 - ok
06:17:41.0875 1296 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
06:17:41.0890 1296 srvnet - ok
06:17:41.0968 1296 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
06:17:41.0984 1296 stexstor - ok
06:17:42.0062 1296 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
06:17:42.0093 1296 StillCam - ok
06:17:42.0171 1296 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:17:42.0187 1296 swenum - ok
06:17:42.0343 1296 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
06:17:42.0343 1296 SymDS - ok
06:17:42.0374 1296 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
06:17:42.0405 1296 SymEFA - ok
06:17:42.0452 1296 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
06:17:42.0467 1296 SymEvent - ok
06:17:42.0499 1296 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
06:17:42.0499 1296 SymIRON - ok
06:17:42.0561 1296 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
06:17:42.0577 1296 SymNetS - ok
06:17:42.0592 1296 szkg5 - ok
06:17:42.0686 1296 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
06:17:42.0733 1296 Tcpip - ok
06:17:42.0779 1296 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
06:17:42.0811 1296 TCPIP6 - ok
06:17:42.0842 1296 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
06:17:42.0873 1296 tcpipreg - ok
06:17:42.0904 1296 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:17:42.0951 1296 TDPIPE - ok
06:17:42.0982 1296 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
06:17:43.0029 1296 TDTCP - ok
06:17:43.0045 1296 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
06:17:43.0107 1296 tdx - ok
06:17:43.0107 1296 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
06:17:43.0123 1296 TermDD - ok
06:17:43.0169 1296 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:17:43.0201 1296 tssecsrv - ok
06:17:43.0216 1296 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
06:17:43.0263 1296 tunnel - ok
06:17:43.0294 1296 TurboB (f37d49111a12a97de4bb5d8ff444bd2c) C:\Windows\system32\DRIVERS\TurboB.sys
06:17:43.0310 1296 TurboB - ok
06:17:43.0341 1296 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
06:17:43.0357 1296 uagp35 - ok
06:17:43.0419 1296 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
06:17:43.0466 1296 udfs - ok
06:17:43.0513 1296 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:17:43.0528 1296 uliagpkx - ok
06:17:43.0559 1296 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
06:17:43.0575 1296 umbus - ok
06:17:43.0606 1296 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
06:17:43.0653 1296 UmPass - ok
06:17:43.0684 1296 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
06:17:43.0715 1296 usbccgp - ok
06:17:43.0747 1296 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:17:43.0778 1296 usbcir - ok
06:17:43.0809 1296 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
06:17:43.0825 1296 usbehci - ok
06:17:43.0856 1296 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
06:17:43.0887 1296 usbhub - ok
06:17:43.0918 1296 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
06:17:43.0918 1296 usbohci - ok
06:17:43.0949 1296 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
06:17:43.0996 1296 usbprint - ok
06:17:44.0027 1296 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:17:44.0059 1296 USBSTOR - ok
06:17:44.0090 1296 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
06:17:44.0121 1296 usbuhci - ok
06:17:44.0152 1296 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
06:17:44.0168 1296 usbvideo - ok
06:17:44.0230 1296 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:17:44.0230 1296 vdrvroot - ok
06:17:44.0261 1296 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:17:44.0261 1296 vga - ok
06:17:44.0277 1296 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:17:44.0324 1296 VgaSave - ok
06:17:44.0355 1296 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
06:17:44.0371 1296 vhdmp - ok
06:17:44.0386 1296 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:17:44.0402 1296 viaide - ok
06:17:44.0433 1296 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
06:17:44.0449 1296 volmgr - ok
06:17:44.0464 1296 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
06:17:44.0480 1296 volmgrx - ok
06:17:44.0495 1296 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
06:17:44.0511 1296 volsnap - ok
06:17:44.0542 1296 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
06:17:44.0542 1296 vsmraid - ok
06:17:44.0589 1296 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
06:17:44.0605 1296 vwifibus - ok
06:17:44.0620 1296 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
06:17:44.0651 1296 vwififlt - ok
06:17:44.0714 1296 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
06:17:44.0714 1296 WacomPen - ok
06:17:44.0745 1296 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
06:17:44.0792 1296 WANARP - ok
06:17:44.0807 1296 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
06:17:44.0839 1296 Wanarpv6 - ok
06:17:44.0885 1296 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
06:17:44.0901 1296 Wd - ok
06:17:44.0917 1296 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:17:44.0932 1296 Wdf01000 - ok
06:17:44.0995 1296 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:17:45.0026 1296 WfpLwf - ok
06:17:45.0057 1296 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:17:45.0057 1296 WIMMount - ok
06:17:45.0151 1296 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
06:17:45.0182 1296 WinUsb - ok
06:17:45.0229 1296 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
06:17:45.0229 1296 WmBEnum - ok
06:17:45.0275 1296 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
06:17:45.0275 1296 WmFilter - ok
06:17:45.0307 1296 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:17:45.0322 1296 WmiAcpi - ok
06:17:45.0369 1296 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
06:17:45.0369 1296 WmVirHid - ok
06:17:45.0385 1296 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
06:17:45.0385 1296 WmXlCore - ok
06:17:45.0463 1296 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:17:45.0494 1296 ws2ifsl - ok
06:17:45.0572 1296 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
06:17:45.0619 1296 WudfPf - ok
06:17:45.0650 1296 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:17:45.0697 1296 WUDFRd - ok
06:17:45.0806 1296 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
06:17:45.0853 1296 xnacc - ok
06:17:45.0899 1296 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
06:17:45.0899 1296 yukonw7 - ok
06:17:45.0931 1296 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
06:17:45.0962 1296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
06:17:45.0962 1296 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
06:17:45.0993 1296 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:17:45.0993 1296 \Device\Harddisk0\DR0 - detected TDSS File System (1)
06:17:46.0009 1296 Boot (0x1200) (3219a0267e3b4c84a32621fcee4af897) \Device\Harddisk0\DR0\Partition0
06:17:46.0009 1296 \Device\Harddisk0\DR0\Partition0 - ok
06:17:46.0024 1296 Boot (0x1200) (81d42fc928afd12c3d83e0d07d25cc82) \Device\Harddisk0\DR0\Partition1
06:17:46.0024 1296 \Device\Harddisk0\DR0\Partition1 - ok
06:17:46.0024 1296 ============================================================
06:17:46.0024 1296 Scan finished
06:17:46.0024 1296 ============================================================
06:17:46.0040 1336 Detected object count: 2
06:17:46.0040 1336 Actual detected object count: 2
06:19:26.0442 1336 \Device\Harddisk0\DR0\# - copied to quarantine
06:19:26.0442 1336 \Device\Harddisk0\DR0 - copied to quarantine
06:19:26.0473 1336 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
06:19:26.0473 1336 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
06:19:26.0473 1336 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
06:19:26.0488 1336 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
06:19:26.0488 1336 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
06:19:26.0488 1336 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
06:19:26.0488 1336 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
06:19:26.0488 1336 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
06:19:26.0488 1336 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
06:19:26.0488 1336 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
06:19:26.0488 1336 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
06:19:26.0520 1336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
06:19:26.0520 1336 \Device\Harddisk0\DR0 - ok
06:19:26.0520 1336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
06:19:26.0520 1336 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:19:26.0520 1336 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
06:19:44.0272 1224 Deinitialize success

#7 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 04 February 2012 - 03:02 PM

Please run a new MBAM scan being sure to update before scanning.
Post the scan results
Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 04 February 2012 - 03:53 PM

my computer is currently in safe mode with networking. In normal mode the computer have blue screen and restarts. In safe mode there is no issue with blue screen. On my windows task manager there are 8 processes of svchost.exe

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.04.03

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Kaleb :: KALEB-VAIO [administrator]

Protection: Disabled

2012/02/04 12:06:42
mbam-log-2012-02-04 (12-52-52).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371515
Time elapsed: 45 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

#9 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 04 February 2012 - 04:02 PM

Open Malwarebytes > click on More Tools > run File ASSASSIN by clicking Run Tool
Select the File you want to delete.
C:\Windows\svchost.exe <--NOTE: ONLY from this location
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 04 February 2012 - 04:11 PM

ok I ran File ASSASSIN and deleted C:\Windows\svchost.exe

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 04 February 2012 - 04:12 PM

Run a new MBAM scan and let me know how it's running
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 04 February 2012 - 05:19 PM

Everything seems to be ok so far. The MBAM scan show no malware found. I am now on normal mode. I heard that Java ™ 6 Update26 is a P2P should I delete it. It was after I updated java that the problem started.

#13 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 05 February 2012 - 08:09 AM

For JAVA,

Java updates:
http://www.java.com/...load/manual.jsp


Remove old

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.






Good job Posted Image

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:
  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7
  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.


Log looks good :D


  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.


  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.


    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn

  • JAVA Click this link and click on the Free JAVA Download

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.


I would suggest you read:
PC Safety and Security--What Do I Need?.
How to Prevent Malware:


The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.




Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 05 February 2012 - 01:02 PM

Thank you for taking your take to help me :)

#15 siu

siu

    New Member

  • Members
  • Pip
  • 11 posts

Posted 05 February 2012 - 01:02 PM

Thank you for taking your time to help me :)



#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 05 February 2012 - 06:35 PM

You're more than welcome.
Glad we were able to help

Peace be with you Posted Image
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 05 February 2012 - 06:36 PM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users