Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit Expected


  • Please log in to reply
59 replies to this topic

#1 computech1967

computech1967

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 06:39 PM

I have a computer that I believe was infected with the ZeroAccess Rootkit. Used MBAM and it actually installed and removed several trojans. I tried to run combofix (BEFORE GETTING ON THIS BOARD) and it stated I was infected with rootkit Zeroaccess, but then it stopped and rebooted computer. I have tried running AntiZeroAccess but it will not work and other programs will not install. I found several of the files associated with this rootkit and deleted the ones that were obviously not system files. It looks like this rootkit has attacked the TCP IP stack and I am lost as to what to do next. I've been working on computers for 12 years and have never experienced a rootkit like this one. I'm more of a networking (Cisco) guy and my expertise is tapped out on this one. Any help???

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 AM

Posted 05 January 2012 - 06:43 PM

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 computech1967

computech1967
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 06:53 PM

TDSS Killer found 1 infected file with rootkit. It cured it and I was able to boot into normal mode. However, when managing network connections there are no connections listed. I guess this has to do with fact that TCP/IP stack was targeted.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 AM

Posted 05 January 2012 - 06:56 PM

Can you please post the TDSSKiller log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 computech1967

computech1967
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 07:01 PM

Do I copy and paste contents in here or attach somehow? If attach, I don't see attach options. Thanks!

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 AM

Posted 05 January 2012 - 07:02 PM

Copy and paste is fine.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 computech1967

computech1967
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 07:03 PM

LOG FOLLOWS:

18:47:23.0109 1004 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:47:23.0109 1004 ============================================================
18:47:23.0109 1004 Current date / time: 2012/01/05 18:47:23.0109
18:47:23.0109 1004 SystemInfo:
18:47:23.0109 1004
18:47:23.0109 1004 OS Version: 6.0.6002 ServicePack: 2.0
18:47:23.0109 1004 Product type: Workstation
18:47:23.0109 1004 ComputerName: TERRY-PC
18:47:23.0109 1004 UserName: Terry
18:47:23.0109 1004 Windows directory: C:\Windows
18:47:23.0109 1004 System windows directory: C:\Windows
18:47:23.0109 1004 Processor architecture: Intel x86
18:47:23.0109 1004 Number of processors: 2
18:47:23.0109 1004 Page size: 0x1000
18:47:23.0109 1004 Boot type: Safe boot with network
18:47:23.0109 1004 ============================================================
18:47:23.0623 1004 Initialize success
18:47:27.0976 1232 ============================================================
18:47:27.0976 1232 Scan started
18:47:27.0976 1232 Mode: Manual;
18:47:27.0976 1232 ============================================================
18:47:28.0647 1232 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:47:28.0647 1232 ACPI - ok
18:47:28.0709 1232 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:47:28.0709 1232 adp94xx - ok
18:47:28.0756 1232 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:47:28.0756 1232 adpahci - ok
18:47:28.0787 1232 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:47:28.0787 1232 adpu160m - ok
18:47:28.0834 1232 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:47:28.0834 1232 adpu320 - ok
18:47:28.0865 1232 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
18:47:28.0865 1232 Afc - ok
18:47:28.0912 1232 AFD (83120416e8e33547c3d2f8872cbfc4ae) C:\Windows\system32\drivers\afd.sys
18:47:28.0927 1232 AFD - ok
18:47:28.0943 1232 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:47:28.0943 1232 agp440 - ok
18:47:28.0974 1232 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:47:28.0974 1232 aic78xx - ok
18:47:29.0005 1232 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:47:29.0005 1232 aliide - ok
18:47:29.0037 1232 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:47:29.0037 1232 amdagp - ok
18:47:29.0068 1232 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:47:29.0068 1232 amdide - ok
18:47:29.0083 1232 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:47:29.0083 1232 AmdK7 - ok
18:47:29.0099 1232 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:47:29.0099 1232 AmdK8 - ok
18:47:29.0146 1232 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:47:29.0161 1232 arc - ok
18:47:29.0177 1232 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:47:29.0177 1232 arcsas - ok
18:47:29.0208 1232 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:47:29.0208 1232 AsyncMac - ok
18:47:29.0239 1232 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:47:29.0239 1232 atapi - ok
18:47:29.0255 1232 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:47:29.0255 1232 Beep - ok
18:47:29.0286 1232 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:47:29.0286 1232 blbdrive - ok
18:47:29.0349 1232 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:47:29.0349 1232 bowser - ok
18:47:29.0380 1232 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:47:29.0380 1232 BrFiltLo - ok
18:47:29.0427 1232 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:47:29.0427 1232 BrFiltUp - ok
18:47:29.0458 1232 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:47:29.0458 1232 Brserid - ok
18:47:29.0505 1232 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:47:29.0505 1232 BrSerWdm - ok
18:47:29.0536 1232 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:47:29.0536 1232 BrUsbMdm - ok
18:47:29.0567 1232 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:47:29.0567 1232 BrUsbSer - ok
18:47:29.0598 1232 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:47:29.0598 1232 BTHMODEM - ok
18:47:29.0692 1232 catchme - ok
18:47:29.0770 1232 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:47:29.0770 1232 cdfs - ok
18:47:29.0801 1232 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:47:29.0801 1232 cdrom - ok
18:47:29.0832 1232 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:47:29.0832 1232 circlass - ok
18:47:29.0879 1232 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:47:29.0879 1232 CLFS - ok
18:47:29.0910 1232 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:47:29.0910 1232 cmdide - ok
18:47:29.0926 1232 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
18:47:29.0926 1232 Compbatt - ok
18:47:29.0941 1232 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:47:29.0941 1232 crcdisk - ok
18:47:29.0957 1232 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:47:29.0957 1232 Crusoe - ok
18:47:30.0035 1232 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:47:30.0035 1232 DfsC - ok
18:47:30.0082 1232 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:47:30.0082 1232 disk - ok
18:47:30.0144 1232 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:47:30.0144 1232 Dot4 - ok
18:47:30.0160 1232 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:47:30.0160 1232 Dot4Print - ok
18:47:30.0175 1232 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:47:30.0175 1232 dot4usb - ok
18:47:30.0207 1232 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:47:30.0207 1232 drmkaud - ok
18:47:30.0269 1232 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:47:30.0269 1232 DXGKrnl - ok
18:47:30.0316 1232 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:47:30.0316 1232 E1G60 - ok
18:47:30.0347 1232 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:47:30.0347 1232 Ecache - ok
18:47:30.0409 1232 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:47:30.0409 1232 elxstor - ok
18:47:30.0425 1232 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:47:30.0425 1232 ErrDev - ok
18:47:30.0487 1232 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:47:30.0487 1232 exfat - ok
18:47:30.0534 1232 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:47:30.0534 1232 fastfat - ok
18:47:30.0550 1232 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:47:30.0550 1232 fdc - ok
18:47:30.0581 1232 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:47:30.0581 1232 FileInfo - ok
18:47:30.0597 1232 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:47:30.0597 1232 Filetrace - ok
18:47:30.0628 1232 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:47:30.0628 1232 flpydisk - ok
18:47:30.0659 1232 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:47:30.0659 1232 FltMgr - ok
18:47:30.0690 1232 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:47:30.0690 1232 Fs_Rec - ok
18:47:30.0706 1232 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:47:30.0706 1232 gagp30kx - ok
18:47:30.0753 1232 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:47:30.0753 1232 HDAudBus - ok
18:47:30.0784 1232 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:47:30.0784 1232 HidBth - ok
18:47:30.0815 1232 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:47:30.0815 1232 HidIr - ok
18:47:30.0846 1232 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:47:30.0862 1232 HidUsb - ok
18:47:30.0909 1232 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:47:30.0909 1232 HpCISSs - ok
18:47:30.0971 1232 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
18:47:30.0987 1232 HSF_DP - ok
18:47:31.0018 1232 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
18:47:31.0018 1232 HSXHWBS2 - ok
18:47:31.0049 1232 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:47:31.0049 1232 HTTP - ok
18:47:31.0080 1232 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:47:31.0080 1232 i2omp - ok
18:47:31.0096 1232 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:47:31.0096 1232 i8042prt - ok
18:47:31.0127 1232 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:47:31.0127 1232 iaStorV - ok
18:47:31.0158 1232 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:47:31.0158 1232 iirsp - ok
18:47:31.0252 1232 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
18:47:31.0283 1232 IntcAzAudAddService - ok
18:47:31.0299 1232 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:47:31.0299 1232 intelide - ok
18:47:31.0330 1232 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:47:31.0330 1232 intelppm - ok
18:47:31.0377 1232 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:47:31.0377 1232 IpFilterDriver - ok
18:47:31.0392 1232 IpInIp - ok
18:47:31.0423 1232 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:47:31.0423 1232 IPMIDRV - ok
18:47:31.0455 1232 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:47:31.0455 1232 IPNAT - ok
18:47:31.0470 1232 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:47:31.0470 1232 IRENUM - ok
18:47:31.0501 1232 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:47:31.0501 1232 isapnp - ok
18:47:31.0533 1232 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:47:31.0533 1232 iScsiPrt - ok
18:47:31.0548 1232 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:47:31.0548 1232 iteatapi - ok
18:47:31.0564 1232 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:47:31.0564 1232 iteraid - ok
18:47:31.0595 1232 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:47:31.0595 1232 kbdclass - ok
18:47:31.0626 1232 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:47:31.0626 1232 kbdhid - ok
18:47:31.0657 1232 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:47:31.0657 1232 KSecDD - ok
18:47:31.0704 1232 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:47:31.0704 1232 lltdio - ok
18:47:31.0767 1232 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:47:31.0767 1232 LMIInfo - ok
18:47:31.0798 1232 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
18:47:31.0798 1232 lmimirr - ok
18:47:31.0813 1232 LMIRfsClientNP - ok
18:47:31.0829 1232 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
18:47:31.0829 1232 LMIRfsDriver - ok
18:47:31.0876 1232 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:47:31.0876 1232 LSI_FC - ok
18:47:31.0907 1232 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:47:31.0907 1232 LSI_SAS - ok
18:47:31.0923 1232 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:47:31.0923 1232 LSI_SCSI - ok
18:47:31.0954 1232 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:47:31.0954 1232 luafv - ok
18:47:31.0969 1232 MCSTRM - ok
18:47:32.0016 1232 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:47:32.0016 1232 mdmxsdk - ok
18:47:32.0032 1232 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:47:32.0032 1232 megasas - ok
18:47:32.0063 1232 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:47:32.0063 1232 MegaSR - ok
18:47:32.0094 1232 mfeavfk (64b96de8c492bd435372d9130a535f1d) C:\Windows\system32\drivers\mfeavfk.sys
18:47:32.0094 1232 mfeavfk - ok
18:47:32.0110 1232 mfebopk (078e87a89d36cc3516f19d5fb518bddc) C:\Windows\system32\drivers\mfebopk.sys
18:47:32.0110 1232 mfebopk - ok
18:47:32.0157 1232 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\Windows\system32\drivers\mfehidk.sys
18:47:32.0157 1232 mfehidk - ok
18:47:32.0188 1232 mferkdk (f7488fabf1dc4ced93be36907ebc4749) C:\Windows\system32\drivers\mferkdk.sys
18:47:32.0188 1232 mferkdk - ok
18:47:32.0203 1232 mfesmfk (63dd7b6d8a31dce0298e86de3873d013) C:\Windows\system32\drivers\mfesmfk.sys
18:47:32.0203 1232 mfesmfk - ok
18:47:32.0250 1232 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:47:32.0250 1232 Modem - ok
18:47:32.0281 1232 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:47:32.0281 1232 monitor - ok
18:47:32.0297 1232 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:47:32.0297 1232 mouclass - ok
18:47:32.0344 1232 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:47:32.0344 1232 mouhid - ok
18:47:32.0359 1232 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:47:32.0359 1232 MountMgr - ok
18:47:32.0391 1232 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:47:32.0391 1232 mpio - ok
18:47:32.0406 1232 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:47:32.0406 1232 mpsdrv - ok
18:47:32.0437 1232 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:47:32.0437 1232 Mraid35x - ok
18:47:32.0453 1232 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:47:32.0453 1232 MRxDAV - ok
18:47:32.0515 1232 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:47:32.0515 1232 mrxsmb - ok
18:47:32.0562 1232 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:47:32.0562 1232 mrxsmb10 - ok
18:47:32.0625 1232 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:47:32.0625 1232 mrxsmb20 - ok
18:47:32.0640 1232 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:47:32.0640 1232 msahci - ok
18:47:32.0671 1232 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:47:32.0671 1232 msdsm - ok
18:47:32.0718 1232 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:47:32.0718 1232 Msfs - ok
18:47:32.0718 1232 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:47:32.0718 1232 msisadrv - ok
18:47:32.0781 1232 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:47:32.0781 1232 MSKSSRV - ok
18:47:32.0827 1232 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:47:32.0827 1232 MSPCLOCK - ok
18:47:32.0859 1232 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:47:32.0859 1232 MSPQM - ok
18:47:32.0890 1232 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:47:32.0890 1232 MsRPC - ok
18:47:32.0905 1232 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:47:32.0905 1232 mssmbios - ok
18:47:32.0937 1232 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:47:32.0937 1232 MSTEE - ok
18:47:32.0968 1232 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:47:32.0968 1232 Mup - ok
18:47:32.0999 1232 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:47:32.0999 1232 NativeWifiP - ok
18:47:33.0046 1232 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:47:33.0046 1232 NDIS - ok
18:47:33.0077 1232 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:47:33.0077 1232 NdisTapi - ok
18:47:33.0093 1232 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:47:33.0108 1232 Ndisuio - ok
18:47:33.0139 1232 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:47:33.0139 1232 NdisWan - ok
18:47:33.0155 1232 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:47:33.0155 1232 NDProxy - ok
18:47:33.0186 1232 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:47:33.0186 1232 NetBIOS - ok
18:47:33.0202 1232 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:47:33.0202 1232 netbt - ok
18:47:33.0233 1232 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:47:33.0233 1232 nfrd960 - ok
18:47:33.0264 1232 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:47:33.0264 1232 Npfs - ok
18:47:33.0280 1232 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:47:33.0280 1232 nsiproxy - ok
18:47:33.0342 1232 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:47:33.0358 1232 Ntfs - ok
18:47:33.0373 1232 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:47:33.0389 1232 ntrigdigi - ok
18:47:33.0405 1232 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:47:33.0405 1232 Null - ok
18:47:33.0451 1232 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:47:33.0467 1232 NVENETFD - ok
18:47:33.0654 1232 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:47:33.0795 1232 nvlddmkm - ok
18:47:33.0826 1232 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:47:33.0826 1232 nvraid - ok
18:47:33.0841 1232 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
18:47:33.0841 1232 nvsmu - ok
18:47:33.0873 1232 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:47:33.0873 1232 nvstor - ok
18:47:33.0888 1232 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:47:33.0904 1232 nv_agp - ok
18:47:33.0904 1232 NwlnkFlt - ok
18:47:33.0919 1232 NwlnkFwd - ok
18:47:33.0966 1232 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:47:33.0966 1232 ohci1394 - ok
18:47:34.0029 1232 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:47:34.0029 1232 Parport - ok
18:47:34.0060 1232 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:47:34.0060 1232 partmgr - ok
18:47:34.0091 1232 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:47:34.0091 1232 Parvdm - ok
18:47:34.0138 1232 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:47:34.0138 1232 pci - ok
18:47:34.0153 1232 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:47:34.0153 1232 pciide - ok
18:47:34.0185 1232 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:47:34.0185 1232 pcmcia - ok
18:47:34.0247 1232 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:47:34.0263 1232 PEAUTH - ok
18:47:34.0325 1232 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:47:34.0325 1232 PptpMiniport - ok
18:47:34.0356 1232 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:47:34.0356 1232 Processor - ok
18:47:34.0387 1232 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
18:47:34.0403 1232 Ps2 - ok
18:47:34.0419 1232 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:47:34.0419 1232 PSched - ok
18:47:34.0465 1232 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:47:34.0481 1232 ql2300 - ok
18:47:34.0528 1232 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:47:34.0528 1232 ql40xx - ok
18:47:34.0543 1232 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:47:34.0543 1232 QWAVEdrv - ok
18:47:34.0559 1232 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:47:34.0559 1232 RasAcd - ok
18:47:34.0575 1232 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:47:34.0590 1232 Rasl2tp - ok
18:47:34.0621 1232 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:47:34.0621 1232 RasPppoe - ok
18:47:34.0637 1232 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:47:34.0637 1232 RasSstp - ok
18:47:34.0668 1232 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:47:34.0668 1232 rdbss - ok
18:47:34.0684 1232 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:47:34.0684 1232 RDPCDD - ok
18:47:34.0731 1232 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:47:34.0731 1232 rdpdr - ok
18:47:34.0746 1232 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:47:34.0746 1232 RDPENCDD - ok
18:47:34.0777 1232 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:47:34.0793 1232 RDPWD - ok
18:47:34.0840 1232 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:47:34.0840 1232 rspndr - ok
18:47:34.0871 1232 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:47:34.0871 1232 sbp2port - ok
18:47:34.0918 1232 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:47:34.0918 1232 secdrv - ok
18:47:34.0933 1232 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:47:34.0933 1232 Serenum - ok
18:47:34.0965 1232 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:47:34.0965 1232 Serial - ok
18:47:34.0980 1232 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:47:34.0980 1232 sermouse - ok
18:47:35.0011 1232 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:47:35.0011 1232 sffdisk - ok
18:47:35.0043 1232 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:47:35.0043 1232 sffp_mmc - ok
18:47:35.0058 1232 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:47:35.0058 1232 sffp_sd - ok
18:47:35.0089 1232 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:47:35.0089 1232 sfloppy - ok
18:47:35.0136 1232 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:47:35.0136 1232 sisagp - ok
18:47:35.0183 1232 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:47:35.0183 1232 SiSRaid2 - ok
18:47:35.0199 1232 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:47:35.0199 1232 SiSRaid4 - ok
18:47:35.0245 1232 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:47:35.0245 1232 Smb - ok
18:47:35.0277 1232 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:47:35.0277 1232 spldr - ok
18:47:35.0323 1232 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:47:35.0339 1232 srv - ok
18:47:35.0370 1232 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:47:35.0370 1232 srv2 - ok
18:47:35.0417 1232 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:47:35.0417 1232 srvnet - ok
18:47:35.0448 1232 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:47:35.0448 1232 swenum - ok
18:47:35.0479 1232 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:47:35.0479 1232 Symc8xx - ok
18:47:35.0495 1232 SymIMMP - ok
18:47:35.0511 1232 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:47:35.0526 1232 Sym_hi - ok
18:47:35.0542 1232 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:47:35.0542 1232 Sym_u3 - ok
18:47:35.0651 1232 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:47:35.0651 1232 Tcpip - ok
18:47:35.0713 1232 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:47:35.0713 1232 Tcpip6 - ok
18:47:35.0745 1232 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:47:35.0745 1232 tcpipreg - ok
18:47:35.0776 1232 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:47:35.0776 1232 TDPIPE - ok
18:47:35.0807 1232 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:47:35.0807 1232 TDTCP - ok
18:47:35.0838 1232 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:47:35.0838 1232 tdx - ok
18:47:35.0869 1232 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:47:35.0869 1232 TermDD - ok
18:47:35.0916 1232 TrufosAlt (d7e5ea5e740b566344a41fd9c525dccd) C:\Windows\system32\DRIVERS\TrufosAlt.sys
18:47:35.0916 1232 TrufosAlt - ok
18:47:35.0963 1232 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:47:35.0963 1232 tssecsrv - ok
18:47:35.0979 1232 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:47:35.0979 1232 tunmp - ok
18:47:35.0994 1232 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:47:35.0994 1232 tunnel - ok
18:47:36.0025 1232 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:47:36.0025 1232 uagp35 - ok
18:47:36.0057 1232 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:47:36.0057 1232 udfs - ok
18:47:36.0088 1232 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:47:36.0088 1232 uliagpkx - ok
18:47:36.0135 1232 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:47:36.0135 1232 uliahci - ok
18:47:36.0197 1232 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:47:36.0197 1232 UlSata - ok
18:47:36.0228 1232 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:47:36.0228 1232 ulsata2 - ok
18:47:36.0244 1232 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:47:36.0244 1232 umbus - ok
18:47:36.0306 1232 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:47:36.0306 1232 usbaudio - ok
18:47:36.0337 1232 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:47:36.0337 1232 usbccgp - ok
18:47:36.0353 1232 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:47:36.0353 1232 usbcir - ok
18:47:36.0369 1232 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:47:36.0384 1232 usbehci - ok
18:47:36.0400 1232 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:47:36.0400 1232 usbhub - ok
18:47:36.0415 1232 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:47:36.0415 1232 usbohci - ok
18:47:36.0447 1232 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:47:36.0447 1232 usbprint - ok
18:47:36.0462 1232 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:47:36.0462 1232 usbscan - ok
18:47:36.0493 1232 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:47:36.0493 1232 USBSTOR - ok
18:47:36.0509 1232 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:47:36.0509 1232 usbuhci - ok
18:47:36.0540 1232 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:47:36.0540 1232 vga - ok
18:47:36.0571 1232 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:47:36.0571 1232 VgaSave - ok
18:47:36.0603 1232 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:47:36.0603 1232 viaagp - ok
18:47:36.0618 1232 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:47:36.0618 1232 ViaC7 - ok
18:47:36.0634 1232 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:47:36.0634 1232 viaide - ok
18:47:36.0649 1232 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:47:36.0649 1232 volmgr - ok
18:47:36.0696 1232 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:47:36.0696 1232 volmgrx - ok
18:47:36.0743 1232 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:47:36.0743 1232 volsnap - ok
18:47:36.0759 1232 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:47:36.0759 1232 vsmraid - ok
18:47:36.0805 1232 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:47:36.0805 1232 WacomPen - ok
18:47:36.0821 1232 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:47:36.0821 1232 Wanarp - ok
18:47:36.0821 1232 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:47:36.0821 1232 Wanarpv6 - ok
18:47:36.0868 1232 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:47:36.0868 1232 Wd - ok
18:47:36.0899 1232 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:47:36.0915 1232 Wdf01000 - ok
18:47:36.0993 1232 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:47:36.0993 1232 winachsf - ok
18:47:37.0024 1232 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:47:37.0024 1232 WmiAcpi - ok
18:47:37.0086 1232 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:47:37.0086 1232 WpdUsb - ok
18:47:37.0117 1232 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:47:37.0117 1232 ws2ifsl - ok
18:47:37.0164 1232 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:47:37.0164 1232 WUDFRd - ok
18:47:37.0195 1232 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:47:37.0195 1232 XAudio - ok
18:47:37.0227 1232 MBR (0x1B8) (13af81ffe36981a6a5910f5f7a43b4f8) \Device\Harddisk0\DR0
18:47:37.0258 1232 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
18:47:37.0258 1232 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
18:47:37.0258 1232 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR6
18:47:44.0637 1232 \Device\Harddisk1\DR6 - ok
18:47:44.0637 1232 Boot (0x1200) (2b4af9c6e20ad6598e8be13d5b63e962) \Device\Harddisk0\DR0\Partition0
18:47:44.0637 1232 \Device\Harddisk0\DR0\Partition0 - ok
18:47:44.0668 1232 Boot (0x1200) (9db965fd11b825f90b13ffe1609d6e33) \Device\Harddisk0\DR0\Partition1
18:47:44.0668 1232 \Device\Harddisk0\DR0\Partition1 - ok
18:47:44.0668 1232 Boot (0x1200) (ccffa5e22f5512086c3aa2f24798ace5) \Device\Harddisk1\DR6\Partition0
18:47:44.0668 1232 \Device\Harddisk1\DR6\Partition0 - ok
18:47:44.0683 1232 ============================================================
18:47:44.0683 1232 Scan finished
18:47:44.0683 1232 ============================================================
18:47:44.0683 1104 Detected object count: 1
18:47:44.0683 1104 Actual detected object count: 1
18:48:19.0362 1104 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
18:48:19.0362 1104 \Device\Harddisk0\DR0 - ok
18:48:19.0362 1104 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
18:48:22.0950 0924 Deinitialize success

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 AM

Posted 05 January 2012 - 07:05 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 computech1967

computech1967
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 07:10 PM

Thanks! Will do. I noticed many of the services are disabled.

#10 computech1967

computech1967
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 07:13 PM

FSS LOG FOLLOWS:
Farbar Service Scanner
Ran by Terry (administrator) on 05-01-2012 at 19:11:00
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is set to Disabled. The default start type is Auto.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
Checking LEGACY_Nsi: Attention! Unable to open LEGACY_Nsi\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-09-12 20:18] - [2011-04-21 08:58] - 0273408 ____A () 83120416E8E33547C3D2F8872CBFC4AE

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2009-11-12 20:46] - [2009-04-11 01:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-11-12 20:44] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2009-11-12 20:44] - [2009-04-11 01:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2009-11-12 20:44] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 AM

Posted 05 January 2012 - 07:16 PM

Can you please update MBAM, run a quick scan and then post the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 computech1967

computech1967
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 07:17 PM

Update MBAM? I tried that but I guess bc no internet it gives me an error when trying to update. Do I need to manually upload defs?

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 AM

Posted 05 January 2012 - 07:21 PM

Sorry about that, I forgot you won't be able to update.

You can update manually from here:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_Database_d6025.html

Just double-click on mbam-rules.exe to install.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 computech1967

computech1967
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 07:38 PM

When manually adding those defs and then opening MBAM it says database is missing or corrupt. I tried with new installation multiple times but no luck. So, I downloaded the latest MBAM that had 12-24-2011 defs and did a scan. Found no threats.

#15 computech1967

computech1967
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 05 January 2012 - 07:40 PM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Terry :: TERRY-PC [administrator]

1/5/2012 7:36:26 PM
mbam-log-2012-01-05 (19-36-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177493
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users