Jump to content

Trojan.Agent-svchost keeps being detected


Recommended Posts

I forgot to include the last scan:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.16.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

destiny :: DESTINY-PC [administrator]

Protection: Enabled

2/16/2012 4:40:15 PM

mbam-log-2012-02-16 (16-40-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205146

Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 4400 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Link to post
Share on other sites

Hello and :welcome:

Lets do first also a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hi Elise. First of all thank you for helping. Here is the output from TDSSKiller:

10:03:30.0080 6584 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

10:03:30.0642 6584 ============================================================

10:03:30.0642 6584 Current date / time: 2012/02/17 10:03:30.0642

10:03:30.0642 6584 SystemInfo:

10:03:30.0642 6584

10:03:30.0642 6584 OS Version: 6.1.7601 ServicePack: 1.0

10:03:30.0642 6584 Product type: Workstation

10:03:30.0642 6584 ComputerName: DESTINY-PC

10:03:30.0642 6584 UserName: destiny

10:03:30.0642 6584 Windows directory: C:\Windows

10:03:30.0642 6584 System windows directory: C:\Windows

10:03:30.0642 6584 Running under WOW64

10:03:30.0642 6584 Processor architecture: Intel x64

10:03:30.0642 6584 Number of processors: 4

10:03:30.0642 6584 Page size: 0x1000

10:03:30.0642 6584 Boot type: Normal boot

10:03:30.0642 6584 ============================================================

10:03:31.0172 6584 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:03:31.0188 6584 \Device\Harddisk0\DR0:

10:03:31.0188 6584 MBR used

10:03:31.0188 6584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

10:03:31.0188 6584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

10:03:31.0219 6584 Initialize success

10:03:31.0219 6584 ============================================================

10:03:52.0061 3376 ============================================================

10:03:52.0061 3376 Scan started

10:03:52.0061 3376 Mode: Manual;

10:03:52.0061 3376 ============================================================

10:03:52.0607 3376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:03:52.0607 3376 1394ohci - ok

10:03:52.0685 3376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:03:52.0701 3376 ACPI - ok

10:03:52.0763 3376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:03:52.0763 3376 AcpiPmi - ok

10:03:52.0857 3376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:03:52.0872 3376 adp94xx - ok

10:03:52.0935 3376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:03:52.0935 3376 adpahci - ok

10:03:52.0997 3376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:03:52.0997 3376 adpu320 - ok

10:03:53.0122 3376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:03:53.0122 3376 AFD - ok

10:03:53.0200 3376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:03:53.0200 3376 agp440 - ok

10:03:53.0309 3376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:03:53.0309 3376 aliide - ok

10:03:53.0371 3376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:03:53.0387 3376 amdide - ok

10:03:53.0449 3376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:03:53.0449 3376 AmdK8 - ok

10:03:53.0496 3376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:03:53.0496 3376 AmdPPM - ok

10:03:53.0605 3376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:03:53.0605 3376 amdsata - ok

10:03:53.0652 3376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:03:53.0652 3376 amdsbs - ok

10:03:53.0699 3376 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:03:53.0699 3376 amdxata - ok

10:03:53.0777 3376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:03:53.0777 3376 AppID - ok

10:03:53.0855 3376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:03:53.0855 3376 arc - ok

10:03:53.0902 3376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:03:53.0902 3376 arcsas - ok

10:03:53.0964 3376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:03:53.0964 3376 AsyncMac - ok

10:03:54.0042 3376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:03:54.0042 3376 atapi - ok

10:03:54.0198 3376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:03:54.0214 3376 b06bdrv - ok

10:03:54.0292 3376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:03:54.0292 3376 b57nd60a - ok

10:03:54.0432 3376 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

10:03:54.0432 3376 BCM42RLY - ok

10:03:54.0510 3376 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

10:03:54.0588 3376 BCM43XX - ok

10:03:54.0729 3376 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

10:03:54.0729 3376 BcmVWL - ok

10:03:54.0838 3376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:03:54.0838 3376 Beep - ok

10:03:54.0885 3376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:03:54.0885 3376 blbdrive - ok

10:03:55.0025 3376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:03:55.0025 3376 bowser - ok

10:03:55.0103 3376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:03:55.0103 3376 BrFiltLo - ok

10:03:55.0134 3376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:03:55.0134 3376 BrFiltUp - ok

10:03:55.0197 3376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:03:55.0212 3376 Brserid - ok

10:03:55.0259 3376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:03:55.0259 3376 BrSerWdm - ok

10:03:55.0290 3376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:03:55.0290 3376 BrUsbMdm - ok

10:03:55.0353 3376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:03:55.0353 3376 BrUsbSer - ok

10:03:55.0431 3376 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

10:03:55.0431 3376 BthEnum - ok

10:03:55.0493 3376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:03:55.0493 3376 BTHMODEM - ok

10:03:55.0555 3376 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

10:03:55.0555 3376 BthPan - ok

10:03:55.0633 3376 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

10:03:55.0649 3376 BTHPORT - ok

10:03:55.0727 3376 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

10:03:55.0727 3376 BTHUSB - ok

10:03:55.0758 3376 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys

10:03:55.0774 3376 btusbflt - ok

10:03:55.0852 3376 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys

10:03:55.0852 3376 btwaudio - ok

10:03:55.0914 3376 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

10:03:55.0914 3376 btwavdt - ok

10:03:55.0945 3376 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

10:03:55.0945 3376 btwl2cap - ok

10:03:55.0992 3376 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

10:03:55.0992 3376 btwrchid - ok

10:03:56.0055 3376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:03:56.0055 3376 cdfs - ok

10:03:56.0148 3376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:03:56.0148 3376 cdrom - ok

10:03:56.0242 3376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:03:56.0242 3376 circlass - ok

10:03:56.0289 3376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:03:56.0289 3376 CLFS - ok

10:03:56.0460 3376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:03:56.0460 3376 CmBatt - ok

10:03:56.0523 3376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:03:56.0523 3376 cmdide - ok

10:03:56.0585 3376 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:03:56.0601 3376 CNG - ok

10:03:56.0694 3376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:03:56.0694 3376 Compbatt - ok

10:03:56.0803 3376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:03:56.0803 3376 CompositeBus - ok

10:03:56.0881 3376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:03:56.0881 3376 crcdisk - ok

10:03:56.0975 3376 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

10:03:56.0975 3376 CtClsFlt - ok

10:03:57.0115 3376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:03:57.0115 3376 DfsC - ok

10:03:57.0193 3376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:03:57.0193 3376 discache - ok

10:03:57.0256 3376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:03:57.0256 3376 Disk - ok

10:03:57.0349 3376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:03:57.0349 3376 drmkaud - ok

10:03:57.0427 3376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:03:57.0459 3376 DXGKrnl - ok

10:03:57.0568 3376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:03:57.0646 3376 ebdrv - ok

10:03:57.0755 3376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:03:57.0755 3376 elxstor - ok

10:03:57.0817 3376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:03:57.0817 3376 ErrDev - ok

10:03:57.0864 3376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:03:57.0864 3376 exfat - ok

10:03:57.0911 3376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:03:57.0911 3376 fastfat - ok

10:03:57.0973 3376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:03:57.0989 3376 fdc - ok

10:03:58.0036 3376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:03:58.0036 3376 FileInfo - ok

10:03:58.0083 3376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:03:58.0083 3376 Filetrace - ok

10:03:58.0129 3376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:03:58.0129 3376 flpydisk - ok

10:03:58.0207 3376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:03:58.0207 3376 FltMgr - ok

10:03:58.0301 3376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:03:58.0301 3376 FsDepends - ok

10:03:58.0363 3376 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:03:58.0363 3376 Fs_Rec - ok

10:03:58.0426 3376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:03:58.0426 3376 fvevol - ok

10:03:58.0473 3376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:03:58.0473 3376 gagp30kx - ok

10:03:58.0613 3376 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:03:58.0629 3376 GEARAspiWDM - ok

10:03:58.0691 3376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:03:58.0691 3376 hcw85cir - ok

10:03:58.0785 3376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:03:58.0785 3376 HdAudAddService - ok

10:03:58.0863 3376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:03:58.0878 3376 HDAudBus - ok

10:03:58.0926 3376 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

10:03:58.0926 3376 HECIx64 - ok

10:03:58.0973 3376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:03:58.0973 3376 HidBatt - ok

10:03:59.0004 3376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:03:59.0004 3376 HidBth - ok

10:03:59.0066 3376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:03:59.0066 3376 HidIr - ok

10:03:59.0144 3376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

10:03:59.0144 3376 HidUsb - ok

10:03:59.0254 3376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:03:59.0254 3376 HpSAMD - ok

10:03:59.0347 3376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:03:59.0363 3376 HTTP - ok

10:03:59.0456 3376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:03:59.0456 3376 hwpolicy - ok

10:03:59.0534 3376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:03:59.0534 3376 i8042prt - ok

10:03:59.0628 3376 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys

10:03:59.0628 3376 iaStor - ok

10:03:59.0768 3376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:03:59.0768 3376 iaStorV - ok

10:04:00.0080 3376 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:04:00.0314 3376 igfx - ok

10:04:00.0408 3376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:04:00.0408 3376 iirsp - ok

10:04:00.0517 3376 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

10:04:00.0517 3376 Impcd - ok

10:04:00.0611 3376 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys

10:04:00.0626 3376 IntcDAud - ok

10:04:00.0704 3376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:04:00.0704 3376 intelide - ok

10:04:00.0751 3376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:04:00.0767 3376 intelppm - ok

10:04:00.0845 3376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:04:00.0845 3376 IpFilterDriver - ok

10:04:00.0907 3376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:04:00.0907 3376 IPMIDRV - ok

10:04:00.0954 3376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:04:00.0954 3376 IPNAT - ok

10:04:01.0032 3376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:04:01.0048 3376 IRENUM - ok

10:04:01.0094 3376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:04:01.0094 3376 isapnp - ok

10:04:01.0157 3376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:04:01.0157 3376 iScsiPrt - ok

10:04:01.0235 3376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:04:01.0235 3376 kbdclass - ok

10:04:01.0313 3376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:04:01.0313 3376 kbdhid - ok

10:04:01.0375 3376 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:04:01.0375 3376 KSecDD - ok

10:04:01.0453 3376 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:04:01.0453 3376 KSecPkg - ok

10:04:01.0500 3376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:04:01.0500 3376 ksthunk - ok

10:04:01.0609 3376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:04:01.0609 3376 lltdio - ok

10:04:01.0750 3376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:04:01.0765 3376 LSI_FC - ok

10:04:01.0796 3376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:04:01.0812 3376 LSI_SAS - ok

10:04:01.0843 3376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:04:01.0843 3376 LSI_SAS2 - ok

10:04:01.0890 3376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:04:01.0906 3376 LSI_SCSI - ok

10:04:01.0937 3376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:04:01.0937 3376 luafv - ok

10:04:02.0062 3376 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

10:04:02.0062 3376 MBAMProtector - ok

10:04:02.0202 3376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:04:02.0202 3376 megasas - ok

10:04:02.0233 3376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:04:02.0249 3376 MegaSR - ok

10:04:02.0342 3376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:04:02.0342 3376 Modem - ok

10:04:02.0389 3376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:04:02.0389 3376 monitor - ok

10:04:02.0483 3376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

10:04:02.0483 3376 mouclass - ok

10:04:02.0592 3376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:04:02.0592 3376 mouhid - ok

10:04:02.0639 3376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:04:02.0654 3376 mountmgr - ok

10:04:02.0701 3376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:04:02.0701 3376 mpio - ok

10:04:02.0732 3376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:04:02.0748 3376 mpsdrv - ok

10:04:02.0795 3376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:04:02.0810 3376 MRxDAV - ok

10:04:02.0857 3376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:04:02.0873 3376 mrxsmb - ok

10:04:02.0935 3376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:04:02.0935 3376 mrxsmb10 - ok

10:04:02.0966 3376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:04:02.0966 3376 mrxsmb20 - ok

10:04:03.0029 3376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:04:03.0029 3376 msahci - ok

10:04:03.0076 3376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:04:03.0076 3376 msdsm - ok

10:04:03.0154 3376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:04:03.0154 3376 Msfs - ok

10:04:03.0185 3376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:04:03.0200 3376 mshidkmdf - ok

10:04:03.0263 3376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:04:03.0263 3376 msisadrv - ok

10:04:03.0341 3376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:04:03.0341 3376 MSKSSRV - ok

10:04:03.0372 3376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:04:03.0372 3376 MSPCLOCK - ok

10:04:03.0419 3376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:04:03.0419 3376 MSPQM - ok

10:04:03.0512 3376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:04:03.0512 3376 MsRPC - ok

10:04:03.0575 3376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:04:03.0575 3376 mssmbios - ok

10:04:03.0653 3376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:04:03.0653 3376 MSTEE - ok

10:04:03.0700 3376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:04:03.0700 3376 MTConfig - ok

10:04:03.0762 3376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:04:03.0762 3376 Mup - ok

10:04:03.0856 3376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:04:03.0871 3376 NativeWifiP - ok

10:04:04.0012 3376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:04:04.0043 3376 NDIS - ok

10:04:04.0105 3376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:04:04.0121 3376 NdisCap - ok

10:04:04.0183 3376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:04:04.0183 3376 NdisTapi - ok

10:04:04.0261 3376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:04:04.0261 3376 Ndisuio - ok

10:04:04.0324 3376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:04:04.0324 3376 NdisWan - ok

10:04:04.0402 3376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:04:04.0417 3376 NDProxy - ok

10:04:04.0511 3376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:04:04.0511 3376 NetBIOS - ok

10:04:04.0573 3376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:04:04.0589 3376 NetBT - ok

10:04:04.0682 3376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:04:04.0682 3376 nfrd960 - ok

10:04:04.0776 3376 NMgamingmsFltr (fbca3fd51604147770eb4fb53d6144a8) C:\Windows\system32\drivers\NMgamingms.sys

10:04:04.0776 3376 NMgamingmsFltr - ok

10:04:04.0823 3376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:04:04.0823 3376 Npfs - ok

10:04:04.0870 3376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:04:04.0870 3376 nsiproxy - ok

10:04:04.0963 3376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:04:05.0010 3376 Ntfs - ok

10:04:05.0057 3376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:04:05.0057 3376 Null - ok

10:04:05.0150 3376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:04:05.0150 3376 nvraid - ok

10:04:05.0197 3376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:04:05.0213 3376 nvstor - ok

10:04:05.0275 3376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:04:05.0291 3376 nv_agp - ok

10:04:05.0338 3376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:04:05.0338 3376 ohci1394 - ok

10:04:05.0416 3376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:04:05.0431 3376 Parport - ok

10:04:05.0494 3376 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:04:05.0494 3376 partmgr - ok

10:04:05.0556 3376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:04:05.0556 3376 pci - ok

10:04:05.0634 3376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:04:05.0634 3376 pciide - ok

10:04:05.0696 3376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:04:05.0696 3376 pcmcia - ok

10:04:05.0728 3376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:04:05.0728 3376 pcw - ok

10:04:05.0790 3376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:04:05.0790 3376 PEAUTH - ok

10:04:05.0946 3376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:04:05.0946 3376 PptpMiniport - ok

10:04:06.0008 3376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:04:06.0008 3376 Processor - ok

10:04:06.0071 3376 PROCEXP151 - ok

10:04:06.0149 3376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:04:06.0149 3376 Psched - ok

10:04:06.0242 3376 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

10:04:06.0242 3376 PxHlpa64 - ok

10:04:06.0367 3376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:04:06.0398 3376 ql2300 - ok

10:04:06.0430 3376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:04:06.0430 3376 ql40xx - ok

10:04:06.0461 3376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:04:06.0461 3376 QWAVEdrv - ok

10:04:06.0539 3376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:04:06.0539 3376 RasAcd - ok

10:04:06.0632 3376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:04:06.0632 3376 RasAgileVpn - ok

10:04:06.0679 3376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:04:06.0695 3376 Rasl2tp - ok

10:04:06.0757 3376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:04:06.0773 3376 RasPppoe - ok

10:04:06.0804 3376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:04:06.0804 3376 RasSstp - ok

10:04:06.0866 3376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:04:06.0866 3376 rdbss - ok

10:04:06.0913 3376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:04:06.0913 3376 rdpbus - ok

10:04:06.0960 3376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:04:06.0960 3376 RDPCDD - ok

10:04:07.0022 3376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:04:07.0022 3376 RDPENCDD - ok

10:04:07.0085 3376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:04:07.0085 3376 RDPREFMP - ok

10:04:07.0132 3376 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:04:07.0147 3376 RDPWD - ok

10:04:07.0225 3376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:04:07.0225 3376 rdyboost - ok

10:04:07.0350 3376 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

10:04:07.0350 3376 RFCOMM - ok

10:04:07.0428 3376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:04:07.0428 3376 rspndr - ok

10:04:07.0490 3376 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys

10:04:07.0506 3376 RSUSBSTOR - ok

10:04:07.0584 3376 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:04:07.0584 3376 RTL8167 - ok

10:04:07.0646 3376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:04:07.0646 3376 sbp2port - ok

10:04:07.0709 3376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:04:07.0709 3376 scfilter - ok

10:04:07.0818 3376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:04:07.0834 3376 secdrv - ok

10:04:07.0896 3376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:04:07.0896 3376 Serenum - ok

10:04:07.0943 3376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:04:07.0943 3376 Serial - ok

10:04:08.0036 3376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:04:08.0036 3376 sermouse - ok

10:04:08.0114 3376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:04:08.0114 3376 sffdisk - ok

10:04:08.0161 3376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:04:08.0161 3376 sffp_mmc - ok

10:04:08.0192 3376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:04:08.0208 3376 sffp_sd - ok

10:04:08.0270 3376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:04:08.0270 3376 sfloppy - ok

10:04:08.0348 3376 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:04:08.0380 3376 Sftfs - ok

10:04:08.0411 3376 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:04:08.0426 3376 Sftplay - ok

10:04:08.0473 3376 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:04:08.0473 3376 Sftredir - ok

10:04:08.0504 3376 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:04:08.0504 3376 Sftvol - ok

10:04:08.0614 3376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:04:08.0614 3376 SiSRaid2 - ok

10:04:08.0660 3376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:04:08.0660 3376 SiSRaid4 - ok

10:04:08.0723 3376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:04:08.0723 3376 Smb - ok

10:04:08.0801 3376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:04:08.0801 3376 spldr - ok

10:04:08.0879 3376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:04:08.0879 3376 srv - ok

10:04:08.0926 3376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:04:08.0941 3376 srv2 - ok

10:04:09.0004 3376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:04:09.0004 3376 srvnet - ok

10:04:09.0066 3376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:04:09.0066 3376 stexstor - ok

10:04:09.0160 3376 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys

10:04:09.0160 3376 STHDA - ok

10:04:09.0269 3376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:04:09.0284 3376 swenum - ok

10:04:09.0362 3376 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys

10:04:09.0362 3376 SynTP - ok

10:04:09.0456 3376 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:04:09.0503 3376 Tcpip - ok

10:04:09.0628 3376 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:04:09.0643 3376 TCPIP6 - ok

10:04:09.0721 3376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:04:09.0721 3376 tcpipreg - ok

10:04:09.0768 3376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:04:09.0768 3376 TDPIPE - ok

10:04:09.0815 3376 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:04:09.0815 3376 TDTCP - ok

10:04:09.0862 3376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:04:09.0862 3376 tdx - ok

10:04:09.0955 3376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:04:09.0955 3376 TermDD - ok

10:04:10.0018 3376 TfFsMon - ok

10:04:10.0080 3376 TfNetMon - ok

10:04:10.0111 3376 TFSysMon - ok

10:04:10.0189 3376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:04:10.0189 3376 tssecsrv - ok

10:04:10.0283 3376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:04:10.0283 3376 TsUsbFlt - ok

10:04:10.0361 3376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:04:10.0376 3376 tunnel - ok

10:04:10.0423 3376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:04:10.0423 3376 uagp35 - ok

10:04:10.0486 3376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:04:10.0486 3376 udfs - ok

10:04:10.0579 3376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:04:10.0579 3376 uliagpkx - ok

10:04:10.0688 3376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:04:10.0688 3376 umbus - ok

10:04:10.0751 3376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:04:10.0751 3376 UmPass - ok

10:04:10.0829 3376 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

10:04:10.0829 3376 USBAAPL64 - ok

10:04:10.0907 3376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:04:10.0907 3376 usbccgp - ok

10:04:11.0000 3376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:04:11.0000 3376 usbcir - ok

10:04:11.0078 3376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

10:04:11.0078 3376 usbehci - ok

10:04:11.0125 3376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:04:11.0125 3376 usbhub - ok

10:04:11.0188 3376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:04:11.0188 3376 usbohci - ok

10:04:11.0266 3376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:04:11.0266 3376 usbprint - ok

10:04:11.0312 3376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:04:11.0328 3376 USBSTOR - ok

10:04:11.0390 3376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:04:11.0390 3376 usbuhci - ok

10:04:11.0468 3376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:04:11.0484 3376 usbvideo - ok

10:04:11.0562 3376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:04:11.0562 3376 vdrvroot - ok

10:04:11.0624 3376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:04:11.0624 3376 vga - ok

10:04:11.0671 3376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:04:11.0671 3376 VgaSave - ok

10:04:11.0749 3376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:04:11.0749 3376 vhdmp - ok

10:04:11.0827 3376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:04:11.0827 3376 viaide - ok

10:04:11.0890 3376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:04:11.0890 3376 volmgr - ok

10:04:11.0952 3376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:04:11.0968 3376 volmgrx - ok

10:04:12.0030 3376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:04:12.0030 3376 volsnap - ok

10:04:12.0108 3376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:04:12.0108 3376 vsmraid - ok

10:04:12.0139 3376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:04:12.0139 3376 vwifibus - ok

10:04:12.0202 3376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:04:12.0202 3376 vwififlt - ok

10:04:12.0233 3376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:04:12.0248 3376 WacomPen - ok

10:04:12.0311 3376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:04:12.0311 3376 WANARP - ok

10:04:12.0326 3376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:04:12.0326 3376 Wanarpv6 - ok

10:04:12.0420 3376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:04:12.0420 3376 Wd - ok

10:04:12.0482 3376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:04:12.0498 3376 Wdf01000 - ok

10:04:12.0592 3376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:04:12.0592 3376 WfpLwf - ok

10:04:12.0685 3376 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

10:04:12.0701 3376 WimFltr - ok

10:04:12.0779 3376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:04:12.0779 3376 WIMMount - ok

10:04:12.0935 3376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUsb.sys

10:04:12.0935 3376 WinUsb - ok

10:04:13.0122 3376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:04:13.0122 3376 WmiAcpi - ok

10:04:13.0169 3376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:04:13.0169 3376 ws2ifsl - ok

10:04:13.0247 3376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:04:13.0247 3376 WudfPf - ok

10:04:13.0325 3376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:04:13.0325 3376 WUDFRd - ok

10:04:13.0465 3376 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

10:04:13.0465 3376 yukonw7 - ok

10:04:13.0512 3376 MBR (0x1B8) (4f67409277c79a1c33061decc087f711) \Device\Harddisk0\DR0

10:04:13.0543 3376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:04:13.0543 3376 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:04:13.0590 3376 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0

10:04:13.0590 3376 \Device\Harddisk0\DR0\Partition0 - ok

10:04:13.0606 3376 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1

10:04:13.0606 3376 \Device\Harddisk0\DR0\Partition1 - ok

10:04:13.0606 3376 ============================================================

10:04:13.0606 3376 Scan finished

10:04:13.0606 3376 ============================================================

10:04:13.0621 1780 Detected object count: 1

10:04:13.0621 1780 Actual detected object count: 1

10:04:47.0598 1780 \Device\Harddisk0\DR0\# - copied to quarantine

10:04:47.0598 1780 \Device\Harddisk0\DR0 - copied to quarantine

10:04:47.0692 1780 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:04:47.0692 1780 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:04:47.0723 1780 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:04:47.0738 1780 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:04:47.0738 1780 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:04:47.0738 1780 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:04:47.0738 1780 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:04:47.0738 1780 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:04:47.0738 1780 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:04:47.0754 1780 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:04:47.0754 1780 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine

10:04:47.0754 1780 \Device\Harddisk0\DR0\TDLFS\spr.dll - copied to quarantine

10:04:47.0770 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

10:04:47.0770 1780 \Device\Harddisk0\DR0 - ok

10:04:47.0894 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

10:05:21.0232 6488 Deinitialize success

Link to post
Share on other sites

Hi, unfortunately you had a nasty rootkit on your computer. It is gone now, but please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi Scott, that is indeed the safest solution. Please let me know if you need any assistance with that. I'll also include some general prevention information below.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.