Jump to content

Malware constantly sending outbound requests to 178.238.233.156


ctang
 Share

Recommended Posts

Hello,

Malwarebyte has been popping up notifications that it has blocked outbound access to a potentially malicious website: 178.238.233.156. Sometimes it tries to go to: 141.136.16.78

Port is 40256, Process: svchost.exe

Can you help me remove this virus?

Please find attached the dds.txt and attach.txt files.

Much appreciated.

Connie

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hello Elise,

Ran TDSSKiller as instructed, here is the log file. Do I still have to download ComboFix?

10:47:16.0467 19724 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

10:47:18.0469 19724 ============================================================

10:47:18.0469 19724 Current date / time: 2012/02/11 10:47:18.0469

10:47:18.0469 19724 SystemInfo:

10:47:18.0469 19724

10:47:18.0469 19724 OS Version: 6.1.7600 ServicePack: 0.0

10:47:18.0469 19724 Product type: Workstation

10:47:18.0469 19724 ComputerName: MOM_DAD-PC

10:47:18.0469 19724 UserName: Connie

10:47:18.0469 19724 Windows directory: C:\Windows

10:47:18.0469 19724 System windows directory: C:\Windows

10:47:18.0469 19724 Running under WOW64

10:47:18.0469 19724 Processor architecture: Intel x64

10:47:18.0469 19724 Number of processors: 4

10:47:18.0469 19724 Page size: 0x1000

10:47:18.0469 19724 Boot type: Normal boot

10:47:18.0469 19724 ============================================================

10:47:19.0144 19724 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:47:19.0150 19724 \Device\Harddisk0\DR0:

10:47:19.0150 19724 MBR used

10:47:19.0151 19724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000

10:47:19.0151 19724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x48AD8AE3

10:47:19.0220 19724 Initialize success

10:47:19.0220 19724 ============================================================

10:47:56.0840 4332 ============================================================

10:47:56.0840 4332 Scan started

10:47:56.0840 4332 Mode: Manual;

10:47:56.0840 4332 ============================================================

10:47:58.0908 4332 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys

10:47:58.0970 4332 1394ohci - ok

10:47:59.0023 4332 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys

10:47:59.0030 4332 ACPI - ok

10:47:59.0120 4332 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

10:47:59.0126 4332 AcpiPmi - ok

10:47:59.0176 4332 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:47:59.0196 4332 adp94xx - ok

10:47:59.0296 4332 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:47:59.0315 4332 adpahci - ok

10:47:59.0331 4332 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:47:59.0338 4332 adpu320 - ok

10:47:59.0417 4332 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

10:47:59.0427 4332 AFD - ok

10:47:59.0469 4332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

10:47:59.0477 4332 agp440 - ok

10:47:59.0667 4332 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

10:47:59.0675 4332 aliide - ok

10:47:59.0747 4332 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

10:47:59.0758 4332 amdide - ok

10:47:59.0811 4332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:47:59.0818 4332 AmdK8 - ok

10:47:59.0832 4332 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:47:59.0839 4332 AmdPPM - ok

10:47:59.0898 4332 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

10:47:59.0953 4332 amdsata - ok

10:48:00.0025 4332 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:48:00.0038 4332 amdsbs - ok

10:48:00.0060 4332 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

10:48:00.0122 4332 amdxata - ok

10:48:00.0177 4332 androidusb (27466e519371c6fc3a39b1f7b8a297fc) C:\Windows\system32\Drivers\ssadadb.sys

10:48:00.0228 4332 androidusb - ok

10:48:00.0304 4332 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

10:48:00.0315 4332 AppID - ok

10:48:00.0402 4332 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:48:00.0408 4332 arc - ok

10:48:00.0441 4332 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:48:00.0453 4332 arcsas - ok

10:48:00.0493 4332 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:48:00.0502 4332 AsyncMac - ok

10:48:00.0606 4332 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

10:48:00.0612 4332 atapi - ok

10:48:00.0750 4332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:48:00.0768 4332 b06bdrv - ok

10:48:00.0855 4332 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:48:00.0869 4332 b57nd60a - ok

10:48:01.0089 4332 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

10:48:01.0272 4332 BCM43XX - ok

10:48:01.0355 4332 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

10:48:01.0415 4332 BcmVWL - ok

10:48:01.0466 4332 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:48:01.0474 4332 Beep - ok

10:48:01.0554 4332 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:48:01.0564 4332 blbdrive - ok

10:48:01.0680 4332 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

10:48:01.0726 4332 bowser - ok

10:48:01.0780 4332 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:48:01.0790 4332 BrFiltLo - ok

10:48:01.0820 4332 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:48:01.0825 4332 BrFiltUp - ok

10:48:01.0873 4332 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:48:01.0882 4332 Brserid - ok

10:48:01.0892 4332 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:48:01.0897 4332 BrSerWdm - ok

10:48:01.0908 4332 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:48:01.0912 4332 BrUsbMdm - ok

10:48:01.0921 4332 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:48:01.0924 4332 BrUsbSer - ok

10:48:01.0948 4332 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:48:01.0952 4332 BTHMODEM - ok

10:48:02.0005 4332 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:48:02.0014 4332 cdfs - ok

10:48:02.0053 4332 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

10:48:02.0060 4332 cdrom - ok

10:48:02.0125 4332 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

10:48:02.0173 4332 cfwids - ok

10:48:02.0213 4332 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:48:02.0218 4332 circlass - ok

10:48:02.0256 4332 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:48:02.0263 4332 CLFS - ok

10:48:02.0371 4332 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:48:02.0378 4332 CmBatt - ok

10:48:02.0403 4332 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

10:48:02.0410 4332 cmdide - ok

10:48:02.0481 4332 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

10:48:02.0529 4332 CNG - ok

10:48:02.0627 4332 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:48:02.0636 4332 Compbatt - ok

10:48:02.0659 4332 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

10:48:02.0665 4332 CompositeBus - ok

10:48:02.0701 4332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:48:02.0707 4332 crcdisk - ok

10:48:02.0808 4332 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys

10:48:02.0847 4332 CtClsFlt - ok

10:48:02.0954 4332 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

10:48:03.0011 4332 DfsC - ok

10:48:03.0104 4332 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:48:03.0105 4332 discache - ok

10:48:03.0174 4332 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:48:03.0183 4332 Disk - ok

10:48:03.0279 4332 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:48:03.0288 4332 drmkaud - ok

10:48:03.0342 4332 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

10:48:03.0418 4332 DXGKrnl - ok

10:48:03.0523 4332 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:48:03.0617 4332 ebdrv - ok

10:48:03.0699 4332 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:48:03.0716 4332 elxstor - ok

10:48:03.0749 4332 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

10:48:03.0756 4332 ErrDev - ok

10:48:03.0808 4332 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:48:03.0822 4332 exfat - ok

10:48:03.0856 4332 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:48:03.0867 4332 fastfat - ok

10:48:03.0936 4332 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:48:03.0942 4332 fdc - ok

10:48:03.0991 4332 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:48:03.0995 4332 FileInfo - ok

10:48:04.0021 4332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:48:04.0025 4332 Filetrace - ok

10:48:04.0171 4332 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:48:04.0178 4332 flpydisk - ok

10:48:04.0210 4332 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

10:48:04.0223 4332 FltMgr - ok

10:48:04.0248 4332 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:48:04.0255 4332 FsDepends - ok

10:48:04.0276 4332 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:48:04.0280 4332 Fs_Rec - ok

10:48:04.0336 4332 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:48:04.0393 4332 fvevol - ok

10:48:04.0493 4332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:48:04.0502 4332 gagp30kx - ok

10:48:04.0626 4332 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:48:04.0684 4332 GEARAspiWDM - ok

10:48:04.0839 4332 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:48:04.0845 4332 hcw85cir - ok

10:48:04.0883 4332 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:48:04.0886 4332 HDAudBus - ok

10:48:04.0925 4332 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

10:48:04.0985 4332 HECIx64 - ok

10:48:05.0029 4332 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:48:05.0032 4332 HidBatt - ok

10:48:05.0052 4332 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:48:05.0059 4332 HidBth - ok

10:48:05.0075 4332 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:48:05.0079 4332 HidIr - ok

10:48:05.0129 4332 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

10:48:05.0134 4332 HidUsb - ok

10:48:05.0232 4332 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

10:48:05.0240 4332 HpSAMD - ok

10:48:05.0291 4332 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

10:48:05.0312 4332 HTTP - ok

10:48:05.0352 4332 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

10:48:05.0359 4332 hwpolicy - ok

10:48:05.0427 4332 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

10:48:05.0438 4332 i8042prt - ok

10:48:05.0502 4332 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

10:48:05.0508 4332 iaStor - ok

10:48:05.0582 4332 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

10:48:05.0649 4332 iaStorV - ok

10:48:05.0893 4332 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:48:06.0163 4332 igfx - ok

10:48:06.0272 4332 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:48:06.0281 4332 iirsp - ok

10:48:06.0321 4332 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

10:48:06.0375 4332 Impcd - ok

10:48:06.0448 4332 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys

10:48:06.0597 4332 IntcAzAudAddService - ok

10:48:06.0689 4332 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys

10:48:06.0753 4332 IntcDAud - ok

10:48:06.0790 4332 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

10:48:06.0793 4332 intelide - ok

10:48:06.0829 4332 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:48:06.0830 4332 intelppm - ok

10:48:06.0940 4332 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:48:06.0948 4332 IpFilterDriver - ok

10:48:06.0977 4332 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

10:48:06.0988 4332 IPMIDRV - ok

10:48:07.0023 4332 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:48:07.0032 4332 IPNAT - ok

10:48:07.0111 4332 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:48:07.0120 4332 IRENUM - ok

10:48:07.0164 4332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

10:48:07.0168 4332 isapnp - ok

10:48:07.0224 4332 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

10:48:07.0233 4332 iScsiPrt - ok

10:48:07.0267 4332 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:48:07.0277 4332 kbdclass - ok

10:48:07.0310 4332 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

10:48:07.0314 4332 kbdhid - ok

10:48:07.0378 4332 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

10:48:07.0434 4332 KSecDD - ok

10:48:07.0483 4332 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

10:48:07.0542 4332 KSecPkg - ok

10:48:07.0590 4332 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:48:07.0597 4332 ksthunk - ok

10:48:07.0796 4332 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys

10:48:07.0847 4332 L1C - ok

10:48:07.0910 4332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:48:07.0918 4332 lltdio - ok

10:48:08.0025 4332 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:48:08.0033 4332 LSI_FC - ok

10:48:08.0059 4332 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:48:08.0066 4332 LSI_SAS - ok

10:48:08.0079 4332 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:48:08.0085 4332 LSI_SAS2 - ok

10:48:08.0104 4332 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:48:08.0112 4332 LSI_SCSI - ok

10:48:08.0134 4332 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:48:08.0139 4332 luafv - ok

10:48:08.0257 4332 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

10:48:08.0258 4332 MBAMProtector - ok

10:48:08.0436 4332 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:48:08.0446 4332 megasas - ok

10:48:08.0486 4332 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:48:08.0499 4332 MegaSR - ok

10:48:08.0587 4332 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

10:48:08.0646 4332 mfeapfk - ok

10:48:08.0695 4332 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

10:48:08.0696 4332 mfeavfk - ok

10:48:08.0774 4332 mfeavfk01 - ok

10:48:08.0844 4332 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

10:48:08.0850 4332 mfefirek - ok

10:48:08.0928 4332 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

10:48:08.0985 4332 mfehidk - ok

10:48:09.0071 4332 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

10:48:09.0072 4332 mfenlfk - ok

10:48:09.0126 4332 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

10:48:09.0185 4332 mferkdet - ok

10:48:09.0295 4332 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

10:48:09.0337 4332 mfewfpk - ok

10:48:09.0368 4332 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:48:09.0373 4332 Modem - ok

10:48:09.0400 4332 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:48:09.0402 4332 monitor - ok

10:48:09.0499 4332 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:48:09.0509 4332 mouclass - ok

10:48:09.0556 4332 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:48:09.0565 4332 mouhid - ok

10:48:09.0622 4332 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

10:48:09.0632 4332 mountmgr - ok

10:48:09.0656 4332 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

10:48:09.0665 4332 mpio - ok

10:48:09.0692 4332 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:48:09.0701 4332 mpsdrv - ok

10:48:09.0728 4332 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

10:48:09.0738 4332 MRxDAV - ok

10:48:09.0781 4332 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:48:09.0827 4332 mrxsmb - ok

10:48:09.0878 4332 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:48:09.0937 4332 mrxsmb10 - ok

10:48:09.0963 4332 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:48:10.0019 4332 mrxsmb20 - ok

10:48:10.0059 4332 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

10:48:10.0116 4332 msahci - ok

10:48:10.0144 4332 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

10:48:10.0152 4332 msdsm - ok

10:48:10.0181 4332 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:48:10.0185 4332 Msfs - ok

10:48:10.0219 4332 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:48:10.0231 4332 mshidkmdf - ok

10:48:10.0280 4332 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

10:48:10.0285 4332 msisadrv - ok

10:48:10.0356 4332 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:48:10.0361 4332 MSKSSRV - ok

10:48:10.0383 4332 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:48:10.0389 4332 MSPCLOCK - ok

10:48:10.0415 4332 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:48:10.0420 4332 MSPQM - ok

10:48:10.0455 4332 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

10:48:10.0471 4332 MsRPC - ok

10:48:10.0512 4332 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

10:48:10.0514 4332 mssmbios - ok

10:48:10.0541 4332 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:48:10.0548 4332 MSTEE - ok

10:48:10.0560 4332 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:48:10.0566 4332 MTConfig - ok

10:48:10.0590 4332 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:48:10.0596 4332 Mup - ok

10:48:10.0637 4332 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:48:10.0652 4332 NativeWifiP - ok

10:48:10.0700 4332 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

10:48:10.0727 4332 NDIS - ok

10:48:10.0761 4332 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:48:10.0770 4332 NdisCap - ok

10:48:10.0808 4332 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:48:10.0814 4332 NdisTapi - ok

10:48:10.0844 4332 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

10:48:10.0852 4332 Ndisuio - ok

10:48:10.0872 4332 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

10:48:10.0880 4332 NdisWan - ok

10:48:10.0901 4332 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

10:48:10.0905 4332 NDProxy - ok

10:48:11.0017 4332 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:48:11.0027 4332 NetBIOS - ok

10:48:11.0050 4332 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

10:48:11.0062 4332 NetBT - ok

10:48:11.0113 4332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:48:11.0119 4332 nfrd960 - ok

10:48:11.0157 4332 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:48:11.0161 4332 Npfs - ok

10:48:11.0177 4332 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:48:11.0179 4332 nsiproxy - ok

10:48:11.0257 4332 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

10:48:11.0394 4332 Ntfs - ok

10:48:11.0442 4332 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:48:11.0449 4332 Null - ok

10:48:11.0485 4332 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

10:48:11.0538 4332 nvraid - ok

10:48:11.0582 4332 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

10:48:11.0651 4332 nvstor - ok

10:48:11.0688 4332 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

10:48:11.0695 4332 nv_agp - ok

10:48:11.0730 4332 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

10:48:11.0742 4332 ohci1394 - ok

10:48:11.0781 4332 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:48:11.0787 4332 Parport - ok

10:48:11.0812 4332 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

10:48:11.0821 4332 partmgr - ok

10:48:11.0870 4332 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

10:48:11.0881 4332 pci - ok

10:48:11.0931 4332 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

10:48:11.0939 4332 pciide - ok

10:48:11.0990 4332 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:48:12.0001 4332 pcmcia - ok

10:48:12.0090 4332 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:48:12.0098 4332 pcw - ok

10:48:12.0143 4332 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:48:12.0177 4332 PEAUTH - ok

10:48:12.0330 4332 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

10:48:12.0338 4332 PptpMiniport - ok

10:48:12.0360 4332 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:48:12.0366 4332 Processor - ok

10:48:12.0404 4332 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

10:48:12.0408 4332 Psched - ok

10:48:12.0449 4332 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

10:48:12.0500 4332 PxHlpa64 - ok

10:48:12.0551 4332 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:48:12.0625 4332 ql2300 - ok

10:48:12.0659 4332 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:48:12.0666 4332 ql40xx - ok

10:48:12.0706 4332 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:48:12.0715 4332 QWAVEdrv - ok

10:48:12.0747 4332 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:48:12.0753 4332 RasAcd - ok

10:48:12.0796 4332 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:48:12.0801 4332 RasAgileVpn - ok

10:48:12.0828 4332 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:48:12.0834 4332 Rasl2tp - ok

10:48:12.0855 4332 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:48:12.0862 4332 RasPppoe - ok

10:48:12.0892 4332 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:48:12.0896 4332 RasSstp - ok

10:48:12.0932 4332 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

10:48:12.0954 4332 rdbss - ok

10:48:12.0979 4332 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:48:12.0985 4332 rdpbus - ok

10:48:12.0997 4332 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:48:12.0998 4332 RDPCDD - ok

10:48:13.0036 4332 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:48:13.0042 4332 RDPENCDD - ok

10:48:13.0068 4332 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:48:13.0072 4332 RDPREFMP - ok

10:48:13.0097 4332 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

10:48:13.0110 4332 RDPWD - ok

10:48:13.0155 4332 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

10:48:13.0168 4332 rdyboost - ok

10:48:13.0238 4332 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:48:13.0243 4332 rspndr - ok

10:48:13.0291 4332 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

10:48:13.0339 4332 RSUSBSTOR - ok

10:48:13.0362 4332 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

10:48:13.0367 4332 sbp2port - ok

10:48:13.0391 4332 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

10:48:13.0398 4332 scfilter - ok

10:48:13.0428 4332 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:48:13.0432 4332 secdrv - ok

10:48:13.0471 4332 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:48:13.0475 4332 Serenum - ok

10:48:13.0524 4332 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:48:13.0528 4332 Serial - ok

10:48:13.0558 4332 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:48:13.0561 4332 sermouse - ok

10:48:13.0594 4332 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

10:48:13.0599 4332 sffdisk - ok

10:48:13.0626 4332 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

10:48:13.0631 4332 sffp_mmc - ok

10:48:13.0649 4332 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

10:48:13.0715 4332 sffp_sd - ok

10:48:13.0752 4332 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:48:13.0757 4332 sfloppy - ok

10:48:13.0866 4332 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:48:13.0874 4332 SiSRaid2 - ok

10:48:13.0890 4332 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:48:13.0899 4332 SiSRaid4 - ok

10:48:13.0927 4332 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:48:13.0934 4332 Smb - ok

10:48:13.0961 4332 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:48:13.0966 4332 spldr - ok

10:48:14.0029 4332 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

10:48:14.0084 4332 srv - ok

10:48:14.0106 4332 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

10:48:14.0151 4332 srv2 - ok

10:48:14.0197 4332 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

10:48:14.0255 4332 srvnet - ok

10:48:14.0305 4332 ssadbus (7525e8cc3f60ccef004bb8c3408b8ad4) C:\Windows\system32\DRIVERS\ssadbus.sys

10:48:14.0356 4332 ssadbus - ok

10:48:14.0394 4332 ssadmdfl (af68680d623402194b32c3298c33b115) C:\Windows\system32\DRIVERS\ssadmdfl.sys

10:48:14.0446 4332 ssadmdfl - ok

10:48:14.0484 4332 ssadmdm (6179b45dc3b4dd5b6d57c1bd8278224d) C:\Windows\system32\DRIVERS\ssadmdm.sys

10:48:14.0552 4332 ssadmdm - ok

10:48:14.0603 4332 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:48:14.0607 4332 stexstor - ok

10:48:14.0662 4332 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

10:48:14.0666 4332 StillCam - ok

10:48:14.0698 4332 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

10:48:14.0707 4332 swenum - ok

10:48:14.0747 4332 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys

10:48:14.0806 4332 SynTP - ok

10:48:14.0884 4332 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

10:48:15.0083 4332 Tcpip - ok

10:48:15.0202 4332 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

10:48:15.0221 4332 TCPIP6 - ok

10:48:15.0254 4332 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

10:48:15.0260 4332 tcpipreg - ok

10:48:15.0290 4332 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:48:15.0299 4332 TDPIPE - ok

10:48:15.0315 4332 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:48:15.0319 4332 TDTCP - ok

10:48:15.0343 4332 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

10:48:15.0350 4332 tdx - ok

10:48:15.0370 4332 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

10:48:15.0379 4332 TermDD - ok

10:48:15.0420 4332 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:48:15.0424 4332 tssecsrv - ok

10:48:15.0453 4332 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

10:48:15.0464 4332 tunnel - ok

10:48:15.0514 4332 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys

10:48:15.0576 4332 TurboB - ok

10:48:15.0608 4332 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:48:15.0613 4332 uagp35 - ok

10:48:15.0648 4332 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

10:48:15.0694 4332 udfs - ok

10:48:15.0746 4332 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

10:48:15.0757 4332 uliagpkx - ok

10:48:15.0895 4332 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

10:48:15.0904 4332 umbus - ok

10:48:15.0943 4332 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:48:15.0948 4332 UmPass - ok

10:48:16.0020 4332 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

10:48:16.0066 4332 USBAAPL64 - ok

10:48:16.0116 4332 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

10:48:16.0174 4332 usbccgp - ok

10:48:16.0209 4332 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

10:48:16.0214 4332 usbcir - ok

10:48:16.0278 4332 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

10:48:16.0331 4332 usbehci - ok

10:48:16.0397 4332 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

10:48:16.0454 4332 usbhub - ok

10:48:16.0497 4332 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

10:48:16.0546 4332 usbohci - ok

10:48:16.0586 4332 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:48:16.0592 4332 usbprint - ok

10:48:16.0632 4332 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:48:16.0689 4332 USBSTOR - ok

10:48:16.0751 4332 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

10:48:16.0789 4332 usbuhci - ok

10:48:16.0845 4332 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

10:48:16.0901 4332 usbvideo - ok

10:48:16.0957 4332 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

10:48:16.0967 4332 vdrvroot - ok

10:48:17.0003 4332 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:48:17.0012 4332 vga - ok

10:48:17.0034 4332 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:48:17.0042 4332 VgaSave - ok

10:48:17.0057 4332 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

10:48:17.0069 4332 vhdmp - ok

10:48:17.0116 4332 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

10:48:17.0124 4332 viaide - ok

10:48:17.0151 4332 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

10:48:17.0158 4332 volmgr - ok

10:48:17.0182 4332 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

10:48:17.0192 4332 volmgrx - ok

10:48:17.0211 4332 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

10:48:17.0220 4332 volsnap - ok

10:48:17.0250 4332 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:48:17.0262 4332 vsmraid - ok

10:48:17.0289 4332 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:48:17.0293 4332 vwifibus - ok

10:48:17.0322 4332 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:48:17.0333 4332 vwififlt - ok

10:48:17.0368 4332 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

10:48:17.0375 4332 vwifimp - ok

10:48:17.0415 4332 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:48:17.0423 4332 WacomPen - ok

10:48:17.0461 4332 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

10:48:17.0467 4332 WANARP - ok

10:48:17.0474 4332 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

10:48:17.0476 4332 Wanarpv6 - ok

10:48:17.0531 4332 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:48:17.0536 4332 Wd - ok

10:48:17.0573 4332 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:48:17.0610 4332 Wdf01000 - ok

10:48:17.0656 4332 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:48:17.0660 4332 WfpLwf - ok

10:48:17.0693 4332 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

10:48:17.0746 4332 WimFltr - ok

10:48:17.0766 4332 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:48:17.0769 4332 WIMMount - ok

10:48:17.0865 4332 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

10:48:17.0920 4332 WinUsb - ok

10:48:17.0949 4332 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

10:48:17.0953 4332 WmiAcpi - ok

10:48:18.0016 4332 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:48:18.0050 4332 ws2ifsl - ok

10:48:18.0106 4332 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

10:48:18.0160 4332 WudfPf - ok

10:48:18.0181 4332 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:48:18.0220 4332 WUDFRd - ok

10:48:18.0249 4332 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0

10:48:18.0279 4332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:48:18.0279 4332 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:48:18.0317 4332 Boot (0x1200) (79ed531b8aef9bad535b4adefc409b13) \Device\Harddisk0\DR0\Partition0

10:48:18.0319 4332 \Device\Harddisk0\DR0\Partition0 - ok

10:48:18.0330 4332 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1

10:48:18.0331 4332 \Device\Harddisk0\DR0\Partition1 - ok

10:48:18.0332 4332 ============================================================

10:48:18.0332 4332 Scan finished

10:48:18.0332 4332 ============================================================

10:48:18.0349 19000 Detected object count: 1

10:48:18.0349 19000 Actual detected object count: 1

10:53:23.0840 19000 \Device\Harddisk0\DR0\# - copied to quarantine

10:53:23.0847 19000 \Device\Harddisk0\DR0 - copied to quarantine

10:53:23.0925 19000 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:53:29.0619 19000 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:53:34.0431 19000 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:53:39.0050 19000 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:53:43.0644 19000 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:53:43.0650 19000 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:53:43.0661 19000 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:53:43.0669 19000 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:53:48.0339 19000 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:53:53.0109 19000 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:53:53.0145 19000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

10:53:53.0148 19000 \Device\Harddisk0\DR0 - ok

10:53:53.0148 19000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

10:54:52.0616 2444 Deinitialize success

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.