Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"System Fix" infected


  • Please log in to reply
3 replies to this topic

#1 Mytsia

Mytsia

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 15 November 2011 - 12:10 PM

Hello everyone,

First of all I will ask you please to be tolerant with my english, it's not my mother tong.

I hope you can guys help me,
I identified my problem it's a malware named Systeme Fix, I found on the bleepingcomputer a tutorial how to remove it (http://www.bleepingcomputer.com/virus-removal/remove-system-fix) but the thing is... I'm not a patient person in general and with the anger of the 1st minutes I pressed to many times ctrl + alt + suppr/del and it resulted in the reboot of my computer.
That's my problem, it means my Temp files and shortcuts are all gone, even when I click on the start button it is an empty window that opens. I saw in the tutorial that it was important to not erase those temp files. That's why I'm here now, where should i start and how should I do now that they are gone (for good..?) ?

I don't think it matters much but in case, my OS is Windows 7 and my laptop is an Acer Aspire 5742G.

I would really appreciate your help,
Thanx in advance,
Mytsia

Edited by Orange Blossom, 16 November 2011 - 12:32 PM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:48 PM

Posted 16 November 2011 - 01:04 PM

Hello, This takes a little time but is not too difficukt.. So let me put it in this order.

This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.



DO NOT Reboot the machine until after the MBAM (last ) scan.

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

>>>

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

>>>

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware


Post the TDSS and MBAM logs and let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Mytsia

Mytsia
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 16 November 2011 - 02:18 PM

Hello boopme,
Thanx a lot for the answer, seemed that avira managed to erase everithing before but i still runned the program as you said earlier today and the results are so

TDSSKiller :

11:43:04.0257 4348 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
11:43:06.0269 4348 ============================================================
11:43:06.0269 4348 Current date / time: 2011/11/16 11:43:06.0269
11:43:06.0269 4348 SystemInfo:
11:43:06.0269 4348
11:43:06.0269 4348 OS Version: 6.1.7601 ServicePack: 1.0
11:43:06.0269 4348 Product type: Workstation
11:43:06.0269 4348 ComputerName: SARAH-PC
11:43:06.0269 4348 UserName: Sarah
11:43:06.0269 4348 Windows directory: C:\Windows
11:43:06.0269 4348 System windows directory: C:\Windows
11:43:06.0269 4348 Running under WOW64
11:43:06.0269 4348 Processor architecture: Intel x64
11:43:06.0269 4348 Number of processors: 4
11:43:06.0269 4348 Page size: 0x1000
11:43:06.0269 4348 Boot type: Normal boot
11:43:06.0269 4348 ============================================================
11:43:09.0592 4348 Initialize success
11:43:44.0605 3760 ============================================================
11:43:44.0605 3760 Scan started
11:43:44.0605 3760 Mode: Manual;
11:43:44.0605 3760 ============================================================
11:43:48.0692 3760 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:43:48.0692 3760 1394ohci - ok
11:43:49.0160 3760 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:43:49.0160 3760 ACPI - ok
11:43:49.0488 3760 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:43:49.0488 3760 AcpiPmi - ok
11:43:50.0018 3760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:43:50.0018 3760 adp94xx - ok
11:43:50.0580 3760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:43:50.0580 3760 adpahci - ok
11:43:51.0048 3760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:43:51.0048 3760 adpu320 - ok
11:43:51.0406 3760 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:43:51.0422 3760 AFD - ok
11:43:51.0859 3760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:43:51.0968 3760 agp440 - ok
11:43:52.0452 3760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:43:52.0514 3760 aliide - ok
11:43:52.0998 3760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:43:52.0998 3760 amdide - ok
11:43:53.0684 3760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:43:53.0684 3760 AmdK8 - ok
11:43:55.0072 3760 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
11:43:55.0228 3760 amdkmdag - ok
11:43:55.0603 3760 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:43:55.0603 3760 amdkmdap - ok
11:43:55.0930 3760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:43:55.0930 3760 AmdPPM - ok
11:43:56.0227 3760 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:43:56.0227 3760 amdsata - ok
11:43:56.0586 3760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:43:56.0586 3760 amdsbs - ok
11:43:56.0976 3760 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:43:56.0976 3760 amdxata - ok
11:43:57.0428 3760 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:43:57.0428 3760 AppID - ok
11:43:57.0849 3760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:43:57.0849 3760 arc - ok
11:43:58.0380 3760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:43:58.0395 3760 arcsas - ok
11:43:58.0645 3760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:43:58.0645 3760 AsyncMac - ok
11:43:59.0035 3760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:43:59.0035 3760 atapi - ok
11:43:59.0487 3760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:43:59.0487 3760 b06bdrv - ok
11:44:00.0018 3760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:44:00.0018 3760 b57nd60a - ok
11:44:01.0266 3760 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:44:01.0312 3760 BCM43XX - ok
11:44:01.0734 3760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:44:01.0734 3760 Beep - ok
11:44:02.0326 3760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:44:02.0326 3760 blbdrive - ok
11:44:02.0607 3760 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:44:02.0607 3760 bowser - ok
11:44:03.0138 3760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:44:03.0184 3760 BrFiltLo - ok
11:44:03.0980 3760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:44:03.0980 3760 BrFiltUp - ok
11:44:04.0510 3760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:44:04.0573 3760 Brserid - ok
11:44:04.0869 3760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:44:04.0885 3760 BrSerWdm - ok
11:44:05.0088 3760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:44:05.0088 3760 BrUsbMdm - ok
11:44:05.0384 3760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:44:05.0384 3760 BrUsbSer - ok
11:44:05.0649 3760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:44:05.0649 3760 BTHMODEM - ok
11:44:06.0242 3760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:44:06.0242 3760 cdfs - ok
11:44:06.0679 3760 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:44:06.0679 3760 cdrom - ok
11:44:07.0318 3760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:44:07.0318 3760 circlass - ok
11:44:07.0818 3760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:44:07.0818 3760 CLFS - ok
11:44:08.0130 3760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:44:08.0130 3760 CmBatt - ok
11:44:08.0410 3760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:44:08.0410 3760 cmdide - ok
11:44:08.0754 3760 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:44:08.0754 3760 CNG - ok
11:44:09.0128 3760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:44:09.0128 3760 Compbatt - ok
11:44:09.0456 3760 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:44:09.0456 3760 CompositeBus - ok
11:44:09.0908 3760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:44:10.0048 3760 crcdisk - ok
11:44:10.0938 3760 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:44:10.0938 3760 DfsC - ok
11:44:11.0172 3760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:44:11.0172 3760 discache - ok
11:44:11.0468 3760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:44:11.0484 3760 Disk - ok
11:44:11.0842 3760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:44:11.0842 3760 drmkaud - ok
11:44:12.0232 3760 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:44:12.0248 3760 DXGKrnl - ok
11:44:13.0652 3760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:44:13.0964 3760 ebdrv - ok
11:44:14.0728 3760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:44:14.0853 3760 elxstor - ok
11:44:15.0243 3760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:44:15.0243 3760 ErrDev - ok
11:44:15.0555 3760 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
11:44:15.0555 3760 ETD - ok
11:44:15.0898 3760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:44:15.0898 3760 exfat - ok
11:44:16.0086 3760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:44:16.0086 3760 fastfat - ok
11:44:16.0491 3760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:44:16.0491 3760 fdc - ok
11:44:16.0663 3760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:44:16.0678 3760 FileInfo - ok
11:44:16.0897 3760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:44:16.0897 3760 Filetrace - ok
11:44:17.0193 3760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:44:17.0209 3760 flpydisk - ok
11:44:17.0739 3760 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:44:17.0739 3760 FltMgr - ok
11:44:18.0036 3760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:44:18.0036 3760 FsDepends - ok
11:44:18.0644 3760 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
11:44:18.0644 3760 fssfltr - ok
11:44:19.0128 3760 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:44:19.0128 3760 Fs_Rec - ok
11:44:19.0486 3760 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:44:19.0549 3760 fvevol - ok
11:44:20.0032 3760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:44:20.0032 3760 gagp30kx - ok
11:44:20.0282 3760 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:44:20.0282 3760 GEARAspiWDM - ok
11:44:20.0750 3760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:44:20.0750 3760 hcw85cir - ok
11:44:21.0093 3760 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:44:21.0140 3760 HdAudAddService - ok
11:44:21.0702 3760 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:44:21.0702 3760 HDAudBus - ok
11:44:22.0638 3760 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:44:22.0638 3760 HECIx64 - ok
11:44:22.0903 3760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:44:22.0918 3760 HidBatt - ok
11:44:23.0230 3760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:44:23.0230 3760 HidBth - ok
11:44:23.0402 3760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:44:23.0402 3760 HidIr - ok
11:44:23.0496 3760 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:44:23.0496 3760 HidUsb - ok
11:44:23.0605 3760 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:44:23.0605 3760 HpSAMD - ok
11:44:23.0823 3760 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:44:23.0854 3760 HTTP - ok
11:44:24.0369 3760 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:44:24.0369 3760 hwpolicy - ok
11:44:24.0806 3760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:44:24.0806 3760 i8042prt - ok
11:44:25.0633 3760 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
11:44:25.0648 3760 iaStor - ok
11:44:26.0787 3760 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:44:26.0865 3760 iaStorV - ok
11:44:27.0864 3760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:44:27.0864 3760 iirsp - ok
11:44:29.0564 3760 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
11:44:29.0595 3760 IntcAzAudAddService - ok
11:44:30.0266 3760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:44:30.0282 3760 intelide - ok
11:44:30.0718 3760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:44:30.0718 3760 intelppm - ok
11:44:31.0077 3760 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:44:31.0077 3760 IpFilterDriver - ok
11:44:31.0717 3760 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:44:31.0795 3760 IPMIDRV - ok
11:44:32.0762 3760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:44:32.0762 3760 IPNAT - ok
11:44:33.0012 3760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:44:33.0012 3760 IRENUM - ok
11:44:33.0355 3760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:44:33.0355 3760 isapnp - ok
11:44:33.0885 3760 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:44:33.0979 3760 iScsiPrt - ok
11:44:34.0915 3760 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
11:44:34.0915 3760 k57nd60a - ok
11:44:35.0492 3760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:44:35.0492 3760 kbdclass - ok
11:44:35.0788 3760 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:44:35.0788 3760 kbdhid - ok
11:44:36.0475 3760 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:44:36.0475 3760 KSecDD - ok
11:44:36.0880 3760 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:44:36.0880 3760 KSecPkg - ok
11:44:37.0177 3760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:44:37.0192 3760 ksthunk - ok
11:44:37.0660 3760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:44:37.0660 3760 lltdio - ok
11:44:38.0456 3760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:44:38.0456 3760 LSI_FC - ok
11:44:38.0815 3760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:44:38.0815 3760 LSI_SAS - ok
11:44:39.0142 3760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:44:39.0142 3760 LSI_SAS2 - ok
11:44:39.0610 3760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:44:39.0626 3760 LSI_SCSI - ok
11:44:39.0642 3760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:44:39.0657 3760 luafv - ok
11:44:39.0720 3760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:44:39.0720 3760 megasas - ok
11:44:39.0844 3760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:44:39.0844 3760 MegaSR - ok
11:44:40.0234 3760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:44:40.0234 3760 Modem - ok
11:44:40.0515 3760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:44:40.0515 3760 monitor - ok
11:44:40.0890 3760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:44:40.0890 3760 mouclass - ok
11:44:41.0389 3760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:44:41.0389 3760 mouhid - ok
11:44:41.0748 3760 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:44:41.0748 3760 mountmgr - ok
11:44:42.0403 3760 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:44:42.0403 3760 mpio - ok
11:44:42.0824 3760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:44:42.0824 3760 mpsdrv - ok
11:44:43.0214 3760 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:44:43.0214 3760 MRxDAV - ok
11:44:43.0557 3760 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:44:43.0557 3760 mrxsmb - ok
11:44:44.0010 3760 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:44:44.0072 3760 mrxsmb10 - ok
11:44:44.0524 3760 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:44:44.0524 3760 mrxsmb20 - ok
11:44:44.0930 3760 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:44:44.0946 3760 msahci - ok
11:44:45.0367 3760 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:44:45.0367 3760 msdsm - ok
11:44:45.0445 3760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:44:45.0445 3760 Msfs - ok
11:44:45.0476 3760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:44:45.0476 3760 mshidkmdf - ok
11:44:45.0507 3760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:44:45.0507 3760 msisadrv - ok
11:44:45.0663 3760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:44:45.0663 3760 MSKSSRV - ok
11:44:45.0944 3760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:44:45.0944 3760 MSPCLOCK - ok
11:44:46.0303 3760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:44:46.0303 3760 MSPQM - ok
11:44:46.0708 3760 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:44:46.0708 3760 MsRPC - ok
11:44:47.0052 3760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:44:47.0067 3760 mssmbios - ok
11:44:47.0379 3760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:44:47.0395 3760 MSTEE - ok
11:44:47.0722 3760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:44:47.0722 3760 MTConfig - ok
11:44:48.0237 3760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:44:48.0237 3760 Mup - ok
11:44:48.0736 3760 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:44:48.0736 3760 mwlPSDFilter - ok
11:44:48.0970 3760 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:44:48.0970 3760 mwlPSDNServ - ok
11:44:49.0220 3760 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:44:49.0220 3760 mwlPSDVDisk - ok
11:44:49.0641 3760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:44:49.0641 3760 NativeWifiP - ok
11:44:50.0562 3760 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:44:50.0577 3760 NDIS - ok
11:44:51.0092 3760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:44:51.0092 3760 NdisCap - ok
11:44:51.0560 3760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:44:51.0560 3760 NdisTapi - ok
11:44:52.0059 3760 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:44:52.0059 3760 Ndisuio - ok
11:44:52.0246 3760 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:44:52.0262 3760 NdisWan - ok
11:44:52.0387 3760 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:44:52.0387 3760 NDProxy - ok
11:44:52.0652 3760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:44:52.0652 3760 NetBIOS - ok
11:44:53.0042 3760 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:44:53.0042 3760 NetBT - ok
11:44:53.0572 3760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:44:53.0572 3760 nfrd960 - ok
11:44:53.0947 3760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:44:53.0947 3760 Npfs - ok
11:44:54.0508 3760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:44:54.0508 3760 nsiproxy - ok
11:44:55.0086 3760 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:44:55.0148 3760 Ntfs - ok
11:44:55.0460 3760 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
11:44:55.0460 3760 NTIDrvr - ok
11:44:55.0694 3760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:44:55.0694 3760 Null - ok
11:44:56.0146 3760 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:44:56.0146 3760 nvraid - ok
11:44:56.0490 3760 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:44:56.0490 3760 nvstor - ok
11:44:56.0864 3760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:44:56.0880 3760 nv_agp - ok
11:44:57.0254 3760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:44:57.0254 3760 ohci1394 - ok
11:44:57.0457 3760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:44:57.0457 3760 Parport - ok
11:44:57.0660 3760 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:44:57.0660 3760 partmgr - ok
11:44:57.0816 3760 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:44:57.0816 3760 pci - ok
11:44:58.0190 3760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:44:58.0190 3760 pciide - ok
11:44:58.0627 3760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:44:58.0627 3760 pcmcia - ok
11:44:58.0892 3760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:44:58.0892 3760 pcw - ok
11:44:59.0344 3760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:44:59.0360 3760 PEAUTH - ok
11:44:59.0937 3760 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:44:59.0937 3760 PptpMiniport - ok
11:45:00.0124 3760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:45:00.0124 3760 Processor - ok
11:45:00.0296 3760 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:45:00.0296 3760 Psched - ok
11:45:00.0514 3760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:45:00.0561 3760 ql2300 - ok
11:45:00.0748 3760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:45:00.0748 3760 ql40xx - ok
11:45:01.0201 3760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:45:01.0201 3760 QWAVEdrv - ok
11:45:01.0357 3760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:45:01.0357 3760 RasAcd - ok
11:45:01.0528 3760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:45:01.0528 3760 RasAgileVpn - ok
11:45:01.0669 3760 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:45:01.0684 3760 Rasl2tp - ok
11:45:02.0012 3760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:45:02.0012 3760 RasPppoe - ok
11:45:02.0308 3760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:45:02.0308 3760 RasSstp - ok
11:45:02.0542 3760 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:45:02.0558 3760 rdbss - ok
11:45:02.0761 3760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:45:02.0761 3760 rdpbus - ok
11:45:02.0901 3760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:45:02.0901 3760 RDPCDD - ok
11:45:03.0042 3760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:45:03.0042 3760 RDPENCDD - ok
11:45:03.0213 3760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:45:03.0213 3760 RDPREFMP - ok
11:45:03.0416 3760 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:45:03.0416 3760 RDPWD - ok
11:45:03.0619 3760 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:45:03.0619 3760 rdyboost - ok
11:45:03.0759 3760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:45:03.0759 3760 rspndr - ok
11:45:03.0946 3760 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
11:45:03.0962 3760 RSUSBSTOR - ok
11:45:04.0227 3760 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
11:45:04.0243 3760 RTHDMIAzAudService - ok
11:45:04.0446 3760 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:45:04.0446 3760 sbp2port - ok
11:45:04.0602 3760 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:45:04.0602 3760 scfilter - ok
11:45:05.0335 3760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:45:05.0335 3760 secdrv - ok
11:45:05.0491 3760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:45:05.0491 3760 Serenum - ok
11:45:05.0662 3760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:45:05.0662 3760 Serial - ok
11:45:05.0818 3760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:45:05.0818 3760 sermouse - ok
11:45:05.0974 3760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:45:05.0974 3760 sffdisk - ok
11:45:06.0146 3760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:45:06.0146 3760 sffp_mmc - ok
11:45:06.0411 3760 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:45:06.0411 3760 sffp_sd - ok
11:45:06.0723 3760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:45:06.0723 3760 sfloppy - ok
11:45:07.0051 3760 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:45:07.0051 3760 Sftfs - ok
11:45:07.0363 3760 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:45:07.0363 3760 Sftplay - ok
11:45:07.0612 3760 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:45:07.0612 3760 Sftredir - ok
11:45:07.0924 3760 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:45:07.0924 3760 Sftvol - ok
11:45:08.0127 3760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:45:08.0127 3760 SiSRaid2 - ok
11:45:08.0314 3760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:45:08.0314 3760 SiSRaid4 - ok
11:45:08.0455 3760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:45:08.0455 3760 Smb - ok
11:45:08.0626 3760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:45:08.0626 3760 spldr - ok
11:45:08.0845 3760 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:45:08.0860 3760 srv - ok
11:45:09.0032 3760 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:45:09.0048 3760 srv2 - ok
11:45:09.0157 3760 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:45:09.0172 3760 srvnet - ok
11:45:09.0453 3760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:45:09.0453 3760 stexstor - ok
11:45:09.0594 3760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:45:09.0594 3760 swenum - ok
11:45:09.0843 3760 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:45:09.0921 3760 Tcpip - ok
11:45:10.0264 3760 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:45:10.0280 3760 TCPIP6 - ok
11:45:10.0467 3760 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:45:10.0467 3760 tcpipreg - ok
11:45:10.0623 3760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:45:10.0623 3760 TDPIPE - ok
11:45:10.0779 3760 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:45:10.0779 3760 TDTCP - ok
11:45:11.0013 3760 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:45:11.0013 3760 tdx - ok
11:45:11.0232 3760 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:45:11.0232 3760 TermDD - ok
11:45:11.0419 3760 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:45:11.0419 3760 tssecsrv - ok
11:45:11.0700 3760 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:45:11.0700 3760 TsUsbFlt - ok
11:45:11.0871 3760 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:45:11.0871 3760 tunnel - ok
11:45:12.0292 3760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:45:12.0292 3760 uagp35 - ok
11:45:12.0495 3760 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
11:45:12.0495 3760 UBHelper - ok
11:45:12.0760 3760 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:45:12.0760 3760 udfs - ok
11:45:12.0948 3760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:45:12.0948 3760 uliagpkx - ok
11:45:13.0150 3760 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:45:13.0166 3760 umbus - ok
11:45:13.0322 3760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:45:13.0322 3760 UmPass - ok
11:45:13.0478 3760 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
11:45:13.0478 3760 USBAAPL64 - ok
11:45:13.0618 3760 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:45:13.0618 3760 usbccgp - ok
11:45:13.0852 3760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:45:13.0852 3760 usbcir - ok
11:45:14.0086 3760 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:45:14.0086 3760 usbehci - ok
11:45:14.0726 3760 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:45:14.0726 3760 usbhub - ok
11:45:14.0882 3760 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:45:14.0882 3760 usbohci - ok
11:45:14.0991 3760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:45:14.0991 3760 usbprint - ok
11:45:15.0147 3760 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:45:15.0147 3760 USBSTOR - ok
11:45:15.0334 3760 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:45:15.0334 3760 usbuhci - ok
11:45:15.0568 3760 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:45:15.0584 3760 usbvideo - ok
11:45:15.0818 3760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:45:15.0818 3760 vdrvroot - ok
11:45:16.0005 3760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:45:16.0005 3760 vga - ok
11:45:16.0130 3760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:45:16.0130 3760 VgaSave - ok
11:45:16.0333 3760 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:45:16.0333 3760 vhdmp - ok
11:45:16.0505 3760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:45:16.0505 3760 viaide - ok
11:45:16.0661 3760 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:45:16.0661 3760 volmgr - ok
11:45:16.0832 3760 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:45:16.0832 3760 volmgrx - ok
11:45:16.0988 3760 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:45:17.0004 3760 volsnap - ok
11:45:17.0222 3760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:45:17.0222 3760 vsmraid - ok
11:45:17.0363 3760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:45:17.0363 3760 vwifibus - ok
11:45:17.0534 3760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:45:17.0534 3760 vwififlt - ok
11:45:17.0721 3760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:45:17.0721 3760 WacomPen - ok
11:45:17.0909 3760 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:45:17.0909 3760 WANARP - ok
11:45:17.0940 3760 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:45:17.0955 3760 Wanarpv6 - ok
11:45:18.0174 3760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:45:18.0174 3760 Wd - ok
11:45:18.0361 3760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:45:18.0377 3760 Wdf01000 - ok
11:45:18.0517 3760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:45:18.0517 3760 WfpLwf - ok
11:45:18.0642 3760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:45:18.0642 3760 WIMMount - ok
11:45:18.0891 3760 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:45:18.0891 3760 WinUsb - ok
11:45:19.0047 3760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:45:19.0047 3760 WmiAcpi - ok
11:45:19.0219 3760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:45:19.0219 3760 ws2ifsl - ok
11:45:19.0406 3760 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:45:19.0406 3760 WudfPf - ok
11:45:19.0547 3760 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:45:19.0547 3760 WUDFRd - ok
11:45:19.0609 3760 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:45:19.0656 3760 \Device\Harddisk0\DR0 - ok
11:45:19.0656 3760 Boot (0x1200) (24fe4d84bb4fcef223dbd11a3561ac84) \Device\Harddisk0\DR0\Partition0
11:45:19.0656 3760 \Device\Harddisk0\DR0\Partition0 - ok
11:45:19.0671 3760 Boot (0x1200) (89fac4ca8a13049bb4962e74af36d206) \Device\Harddisk0\DR0\Partition1
11:45:19.0671 3760 \Device\Harddisk0\DR0\Partition1 - ok
11:45:19.0671 3760 ============================================================
11:45:19.0671 3760 Scan finished
11:45:19.0671 3760 ============================================================
11:45:19.0703 1348 Detected object count: 0
11:45:19.0703 1348 Actual detected object count: 0
11:45:40.0731 3408 Deinitialize success

Malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8174

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

16/11/2011 12:27:29
mbam-log-2011-11-16 (12-27-29).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 167896
Temps écoulé: 3 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

sorry it's in french, basically it says that nothing is infected or detected...

But something looks weird for me, after I did all this, my pc seems to work properly as before files are back and so on but the start menu changed its apparance, I mean it is not just the windows logo as by default on Windows 7, but it is written "start", could it be a result of this virus ? Or does it mean that it's still there changing my settings ? As I said all the rest seems to be fine so far, and in any case thanx a lot for yoru help =)

Edited by Mytsia, 16 November 2011 - 02:22 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:48 PM

Posted 16 November 2011 - 04:42 PM

Do you know if it is 32 or 64 bit?

To find out if your computer is running a 32-bit or 64-bit version
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users