Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't tell if I am still infected


  • This topic is locked This topic is locked
11 replies to this topic

#1 Bluecoco

Bluecoco

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 05 January 2012 - 09:02 PM

Hello, I'm new and was not sure if I post my issue here.

My computer was infected with some malware, so I used malwarebytes in safe mode, which removed alot of malware. But when I started my computer backup some thing called system fix started and I restarted in safe mode with networking, used a search to find out how to remove it. I found the removal guide here and during the rkill download, system fix started while I was in safe mode. I finally got rkill to run before it could and then used Malwarebytes, which found and removed it. I then started up normally and used the Unhide.exe but noticed that when I searched for sites I was being redirected. Not only that now I can't seem to get Windows firewall to work. It says Error code: 0x8007042c, my restore points are missing and not everything is back like my desktop background. Plus the System Fix icon is on the desktop still.

I am way over my head, sorry for the life story.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 PM

Posted 09 January 2012 - 07:56 PM

Hello and welcome. Please do this next.
Did you install MBAM on Safe mode?
Is this XP or another?



Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Bluecoco

Bluecoco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 09 January 2012 - 09:15 PM

Thank you for responding!
Yes I installed MBAM in safe mode. The computer is a Windows 7.

Here is the report:
18:09:23.0974 5332 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:09:24.0941 5332 ============================================================
18:09:24.0941 5332 Current date / time: 2012/01/09 18:09:24.0941
18:09:24.0941 5332 SystemInfo:
18:09:24.0941 5332
18:09:24.0941 5332 OS Version: 6.1.7600 ServicePack: 0.0
18:09:24.0941 5332 Product type: Workstation
18:09:24.0941 5332 ComputerName: ERIN-PC
18:09:24.0941 5332 UserName: Rizu
18:09:24.0941 5332 Windows directory: C:\Windows
18:09:24.0941 5332 System windows directory: C:\Windows
18:09:24.0941 5332 Running under WOW64
18:09:24.0941 5332 Processor architecture: Intel x64
18:09:24.0941 5332 Number of processors: 2
18:09:24.0941 5332 Page size: 0x1000
18:09:24.0941 5332 Boot type: Normal boot
18:09:24.0941 5332 ============================================================
18:09:28.0825 5332 Initialize success
18:09:38.0248 3548 ============================================================
18:09:38.0248 3548 Scan started
18:09:38.0248 3548 Mode: Manual;
18:09:38.0248 3548 ============================================================
18:09:43.0427 3548 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:09:43.0427 3548 1394ohci - ok
18:09:43.0505 3548 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:09:43.0505 3548 ACPI - ok
18:09:43.0536 3548 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:09:43.0536 3548 AcpiPmi - ok
18:09:43.0583 3548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:09:43.0599 3548 adp94xx - ok
18:09:43.0692 3548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:09:43.0708 3548 adpahci - ok
18:09:43.0723 3548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:09:43.0739 3548 adpu320 - ok
18:09:43.0833 3548 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
18:09:43.0833 3548 AFD - ok
18:09:43.0911 3548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:09:43.0926 3548 agp440 - ok
18:09:44.0004 3548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:09:44.0004 3548 aliide - ok
18:09:44.0035 3548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:09:44.0035 3548 amdide - ok
18:09:44.0129 3548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:09:44.0129 3548 AmdK8 - ok
18:09:44.0160 3548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:09:44.0160 3548 AmdPPM - ok
18:09:44.0254 3548 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:09:44.0254 3548 amdsata - ok
18:09:44.0347 3548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:09:44.0347 3548 amdsbs - ok
18:09:44.0394 3548 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:09:44.0394 3548 amdxata - ok
18:09:44.0441 3548 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:09:44.0457 3548 AppID - ok
18:09:44.0535 3548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:09:44.0535 3548 arc - ok
18:09:44.0566 3548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:09:44.0566 3548 arcsas - ok
18:09:44.0644 3548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:09:44.0659 3548 AsyncMac - ok
18:09:44.0691 3548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:09:44.0691 3548 atapi - ok
18:09:44.0847 3548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:09:44.0862 3548 b06bdrv - ok
18:09:44.0987 3548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:09:45.0003 3548 b57nd60a - ok
18:09:45.0049 3548 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
18:09:45.0049 3548 BCM42RLY - ok
18:09:45.0221 3548 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:09:45.0315 3548 BCM43XX - ok
18:09:45.0471 3548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:09:45.0471 3548 Beep - ok
18:09:45.0564 3548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:09:45.0564 3548 blbdrive - ok
18:09:45.0689 3548 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:09:45.0689 3548 bowser - ok
18:09:45.0736 3548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:09:45.0736 3548 BrFiltLo - ok
18:09:45.0736 3548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:09:45.0736 3548 BrFiltUp - ok
18:09:45.0767 3548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:09:45.0783 3548 Brserid - ok
18:09:45.0814 3548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:09:45.0814 3548 BrSerWdm - ok
18:09:45.0845 3548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:09:45.0845 3548 BrUsbMdm - ok
18:09:45.0861 3548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:09:45.0861 3548 BrUsbSer - ok
18:09:45.0907 3548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:09:45.0907 3548 BTHMODEM - ok
18:09:45.0939 3548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:09:45.0939 3548 cdfs - ok
18:09:46.0017 3548 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:09:46.0017 3548 cdrom - ok
18:09:46.0079 3548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:09:46.0079 3548 circlass - ok
18:09:46.0173 3548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:09:46.0188 3548 CLFS - ok
18:09:46.0313 3548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:09:46.0313 3548 CmBatt - ok
18:09:46.0360 3548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:09:46.0360 3548 cmdide - ok
18:09:46.0438 3548 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:09:46.0453 3548 CNG - ok
18:09:46.0516 3548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:09:46.0516 3548 Compbatt - ok
18:09:46.0594 3548 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:09:46.0594 3548 CompositeBus - ok
18:09:46.0656 3548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:09:46.0672 3548 crcdisk - ok
18:09:46.0765 3548 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:09:46.0765 3548 CtClsFlt - ok
18:09:46.0875 3548 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:09:46.0875 3548 DfsC - ok
18:09:46.0906 3548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:09:46.0906 3548 discache - ok
18:09:47.0015 3548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:09:47.0015 3548 Disk - ok
18:09:47.0124 3548 djnpolbc (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\djnpolbc.sys
18:09:47.0124 3548 djnpolbc - ok
18:09:47.0249 3548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:09:47.0249 3548 drmkaud - ok
18:09:47.0374 3548 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:09:47.0405 3548 DXGKrnl - ok
18:09:47.0561 3548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:09:47.0655 3548 ebdrv - ok
18:09:47.0857 3548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:09:47.0873 3548 elxstor - ok
18:09:47.0889 3548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:09:47.0889 3548 ErrDev - ok
18:09:47.0982 3548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:09:47.0998 3548 exfat - ok
18:09:48.0029 3548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:09:48.0029 3548 fastfat - ok
18:09:48.0091 3548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:09:48.0091 3548 fdc - ok
18:09:48.0138 3548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:09:48.0138 3548 FileInfo - ok
18:09:48.0169 3548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:09:48.0169 3548 Filetrace - ok
18:09:48.0216 3548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:09:48.0216 3548 flpydisk - ok
18:09:48.0279 3548 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:09:48.0325 3548 FltMgr - ok
18:09:48.0435 3548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:09:48.0435 3548 FsDepends - ok
18:09:48.0466 3548 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:09:48.0466 3548 Fs_Rec - ok
18:09:48.0575 3548 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:09:48.0575 3548 fvevol - ok
18:09:48.0637 3548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:09:48.0637 3548 gagp30kx - ok
18:09:48.0731 3548 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:09:48.0731 3548 GEARAspiWDM - ok
18:09:48.0840 3548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:09:48.0856 3548 hcw85cir - ok
18:09:48.0934 3548 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:09:48.0934 3548 HDAudBus - ok
18:09:48.0981 3548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:09:48.0981 3548 HidBatt - ok
18:09:49.0043 3548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:09:49.0043 3548 HidBth - ok
18:09:49.0121 3548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:09:49.0121 3548 HidIr - ok
18:09:49.0183 3548 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:09:49.0183 3548 HidUsb - ok
18:09:49.0277 3548 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:09:49.0277 3548 HpSAMD - ok
18:09:49.0402 3548 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:09:49.0402 3548 HTCAND64 - ok
18:09:49.0449 3548 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:09:49.0511 3548 HTTP - ok
18:09:49.0527 3548 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:09:49.0527 3548 hwpolicy - ok
18:09:49.0605 3548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:09:49.0605 3548 i8042prt - ok
18:09:49.0698 3548 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:09:49.0714 3548 iaStorV - ok
18:09:50.0010 3548 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:09:50.0275 3548 igfx - ok
18:09:54.0160 3548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:09:54.0160 3548 iirsp - ok
18:09:54.0363 3548 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
18:09:54.0363 3548 IntcHdmiAddService - ok
18:09:54.0612 3548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:09:54.0612 3548 intelide - ok
18:09:54.0831 3548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:09:54.0831 3548 intelppm - ok
18:09:55.0033 3548 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:09:55.0033 3548 IpFilterDriver - ok
18:09:55.0267 3548 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:09:55.0267 3548 IPMIDRV - ok
18:09:55.0517 3548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:09:55.0517 3548 IPNAT - ok
18:09:55.0845 3548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:09:55.0860 3548 IRENUM - ok
18:09:56.0063 3548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:09:56.0063 3548 isapnp - ok
18:09:56.0281 3548 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:09:56.0281 3548 iScsiPrt - ok
18:09:56.0500 3548 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:09:56.0500 3548 k57nd60a - ok
18:09:56.0796 3548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:09:56.0796 3548 kbdclass - ok
18:09:57.0139 3548 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:09:57.0139 3548 kbdhid - ok
18:09:57.0405 3548 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:09:57.0420 3548 KSecDD - ok
18:09:57.0607 3548 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
18:09:57.0607 3548 KSecPkg - ok
18:09:57.0810 3548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:09:57.0810 3548 ksthunk - ok
18:09:58.0091 3548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:09:58.0169 3548 lltdio - ok
18:09:58.0481 3548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:09:58.0481 3548 LSI_FC - ok
18:09:58.0684 3548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:09:58.0684 3548 LSI_SAS - ok
18:09:58.0996 3548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:09:58.0996 3548 LSI_SAS2 - ok
18:09:59.0292 3548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:09:59.0308 3548 LSI_SCSI - ok
18:09:59.0479 3548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:09:59.0479 3548 luafv - ok
18:09:59.0667 3548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:09:59.0667 3548 megasas - ok
18:09:59.0838 3548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:09:59.0854 3548 MegaSR - ok
18:10:00.0025 3548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:10:00.0025 3548 Modem - ok
18:10:00.0275 3548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:10:00.0275 3548 monitor - ok
18:10:00.0618 3548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:10:00.0634 3548 mouclass - ok
18:10:00.0852 3548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:10:00.0852 3548 mouhid - ok
18:10:01.0055 3548 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:10:01.0055 3548 mountmgr - ok
18:10:01.0258 3548 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:10:01.0258 3548 mpio - ok
18:10:01.0539 3548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:10:01.0554 3548 mpsdrv - ok
18:10:01.0710 3548 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:10:01.0726 3548 MRxDAV - ok
18:10:01.0929 3548 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:10:01.0944 3548 mrxsmb - ok
18:10:02.0865 3548 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:10:02.0865 3548 mrxsmb10 - ok
18:10:03.0083 3548 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:10:03.0083 3548 mrxsmb20 - ok
18:10:03.0239 3548 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:10:03.0239 3548 msahci - ok
18:10:03.0411 3548 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:10:03.0411 3548 msdsm - ok
18:10:03.0738 3548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:10:03.0738 3548 Msfs - ok
18:10:03.0972 3548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:10:03.0972 3548 mshidkmdf - ok
18:10:04.0253 3548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:10:04.0253 3548 msisadrv - ok
18:10:04.0471 3548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:10:04.0471 3548 MSKSSRV - ok
18:10:04.0737 3548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:10:04.0737 3548 MSPCLOCK - ok
18:10:04.0924 3548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:10:04.0924 3548 MSPQM - ok
18:10:05.0205 3548 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:10:05.0220 3548 MsRPC - ok
18:10:05.0407 3548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:10:05.0407 3548 mssmbios - ok
18:10:05.0657 3548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:10:05.0657 3548 MSTEE - ok
18:10:05.0891 3548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:10:05.0891 3548 MTConfig - ok
18:10:06.0047 3548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:10:06.0063 3548 Mup - ok
18:10:06.0312 3548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:10:06.0328 3548 NativeWifiP - ok
18:10:06.0546 3548 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:10:06.0624 3548 NDIS - ok
18:10:06.0858 3548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:10:06.0858 3548 NdisCap - ok
18:10:07.0061 3548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:10:07.0061 3548 NdisTapi - ok
18:10:07.0248 3548 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:10:07.0248 3548 Ndisuio - ok
18:10:07.0435 3548 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:10:07.0435 3548 NdisWan - ok
18:10:07.0623 3548 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:10:07.0638 3548 NDProxy - ok
18:10:07.0810 3548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:10:07.0810 3548 NetBIOS - ok
18:10:07.0919 3548 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:10:07.0935 3548 NetBT - ok
18:10:08.0200 3548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:10:08.0200 3548 nfrd960 - ok
18:10:08.0403 3548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:10:08.0403 3548 Npfs - ok
18:10:08.0605 3548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:10:08.0605 3548 nsiproxy - ok
18:10:09.0370 3548 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:10:09.0432 3548 Ntfs - ok
18:10:09.0495 3548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:10:09.0495 3548 Null - ok
18:10:09.0588 3548 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:10:09.0588 3548 nvraid - ok
18:10:09.0666 3548 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:10:09.0666 3548 nvstor - ok
18:10:09.0729 3548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:10:09.0729 3548 nv_agp - ok
18:10:09.0822 3548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:10:09.0822 3548 ohci1394 - ok
18:10:09.0931 3548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:10:09.0931 3548 Parport - ok
18:10:09.0978 3548 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:10:09.0978 3548 partmgr - ok
18:10:10.0025 3548 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:10:10.0025 3548 pci - ok
18:10:10.0056 3548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:10:10.0056 3548 pciide - ok
18:10:10.0103 3548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:10:10.0119 3548 pcmcia - ok
18:10:10.0212 3548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:10:10.0212 3548 pcw - ok
18:10:10.0259 3548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:10:10.0290 3548 PEAUTH - ok
18:10:10.0415 3548 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:10:10.0415 3548 PptpMiniport - ok
18:10:10.0462 3548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:10:10.0462 3548 Processor - ok
18:10:10.0524 3548 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:10:10.0524 3548 Psched - ok
18:10:10.0633 3548 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:10:10.0633 3548 PxHlpa64 - ok
18:10:10.0727 3548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:10:10.0774 3548 ql2300 - ok
18:10:10.0821 3548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:10:10.0821 3548 ql40xx - ok
18:10:10.0867 3548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:10:10.0867 3548 QWAVEdrv - ok
18:10:10.0914 3548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:10:10.0914 3548 RasAcd - ok
18:10:10.0992 3548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:10:10.0992 3548 RasAgileVpn - ok
18:10:11.0039 3548 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:10:11.0055 3548 Rasl2tp - ok
18:10:11.0086 3548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:10:11.0086 3548 RasPppoe - ok
18:10:11.0148 3548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:10:11.0164 3548 RasSstp - ok
18:10:11.0195 3548 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:10:11.0211 3548 rdbss - ok
18:10:11.0242 3548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:10:11.0257 3548 rdpbus - ok
18:10:11.0273 3548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:10:11.0273 3548 RDPCDD - ok
18:10:11.0335 3548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:10:11.0335 3548 RDPENCDD - ok
18:10:11.0367 3548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:10:11.0367 3548 RDPREFMP - ok
18:10:11.0413 3548 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:10:11.0413 3548 RDPWD - ok
18:10:11.0476 3548 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:10:11.0476 3548 rdyboost - ok
18:10:11.0585 3548 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
18:10:11.0585 3548 rimmptsk - ok
18:10:11.0616 3548 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
18:10:11.0632 3548 rimsptsk - ok
18:10:11.0710 3548 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
18:10:11.0710 3548 rismxdp - ok
18:10:11.0819 3548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:10:11.0819 3548 rspndr - ok
18:10:11.0866 3548 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:10:11.0881 3548 sbp2port - ok
18:10:11.0928 3548 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:10:11.0928 3548 scfilter - ok
18:10:12.0022 3548 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
18:10:12.0022 3548 sdbus - ok
18:10:12.0084 3548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:10:12.0084 3548 secdrv - ok
18:10:12.0131 3548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:10:12.0131 3548 Serenum - ok
18:10:12.0209 3548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:10:12.0209 3548 Serial - ok
18:10:12.0240 3548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:10:12.0256 3548 sermouse - ok
18:10:12.0287 3548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:10:12.0287 3548 sffdisk - ok
18:10:12.0334 3548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:10:12.0334 3548 sffp_mmc - ok
18:10:12.0381 3548 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:10:12.0381 3548 sffp_sd - ok
18:10:12.0427 3548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:10:12.0427 3548 sfloppy - ok
18:10:12.0537 3548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:10:12.0537 3548 SiSRaid2 - ok
18:10:12.0568 3548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:10:12.0568 3548 SiSRaid4 - ok
18:10:12.0661 3548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:10:12.0661 3548 Smb - ok
18:10:12.0708 3548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:10:12.0708 3548 spldr - ok
18:10:12.0817 3548 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:10:12.0833 3548 srv - ok
18:10:12.0880 3548 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:10:12.0895 3548 srv2 - ok
18:10:12.0958 3548 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:10:12.0958 3548 srvnet - ok
18:10:13.0067 3548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:10:13.0067 3548 stexstor - ok
18:10:13.0129 3548 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
18:10:13.0145 3548 STHDA - ok
18:10:13.0192 3548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:10:13.0192 3548 swenum - ok
18:10:13.0270 3548 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
18:10:13.0285 3548 SynTP - ok
18:10:13.0410 3548 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:10:13.0488 3548 Tcpip - ok
18:10:13.0566 3548 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:10:13.0582 3548 TCPIP6 - ok
18:10:13.0629 3548 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:10:13.0629 3548 tcpipreg - ok
18:10:13.0722 3548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:10:13.0722 3548 TDPIPE - ok
18:10:13.0753 3548 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:10:13.0753 3548 TDTCP - ok
18:10:13.0785 3548 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:10:13.0800 3548 tdx - ok
18:10:13.0831 3548 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:10:13.0831 3548 TermDD - ok
18:10:13.0894 3548 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:10:13.0894 3548 tssecsrv - ok
18:10:14.0019 3548 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:10:14.0019 3548 tunnel - ok
18:10:14.0065 3548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:10:14.0065 3548 uagp35 - ok
18:10:14.0097 3548 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:10:14.0097 3548 udfs - ok
18:10:14.0175 3548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:10:14.0175 3548 uliagpkx - ok
18:10:14.0237 3548 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:10:14.0237 3548 umbus - ok
18:10:14.0331 3548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:10:14.0331 3548 UmPass - ok
18:10:14.0409 3548 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
18:10:14.0409 3548 USBAAPL64 - ok
18:10:14.0533 3548 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
18:10:14.0533 3548 usbbus - ok
18:10:14.0596 3548 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:10:14.0596 3548 usbccgp - ok
18:10:14.0674 3548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:10:14.0689 3548 usbcir - ok
18:10:14.0736 3548 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
18:10:14.0736 3548 UsbDiag - ok
18:10:14.0799 3548 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:10:14.0799 3548 usbehci - ok
18:10:14.0892 3548 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:10:14.0892 3548 usbhub - ok
18:10:14.0986 3548 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
18:10:14.0986 3548 USBModem - ok
18:10:15.0064 3548 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:10:15.0064 3548 usbohci - ok
18:10:15.0173 3548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:10:15.0173 3548 usbprint - ok
18:10:15.0235 3548 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:10:15.0235 3548 usbscan - ok
18:10:15.0282 3548 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:10:15.0298 3548 USBSTOR - ok
18:10:15.0329 3548 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:10:15.0329 3548 usbuhci - ok
18:10:15.0438 3548 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:10:15.0438 3548 usbvideo - ok
18:10:15.0594 3548 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
18:10:15.0594 3548 usb_rndisx - ok
18:10:15.0688 3548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:10:15.0688 3548 vdrvroot - ok
18:10:15.0735 3548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:10:15.0735 3548 vga - ok
18:10:15.0766 3548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:10:15.0766 3548 VgaSave - ok
18:10:15.0813 3548 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:10:15.0813 3548 vhdmp - ok
18:10:15.0859 3548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:10:15.0859 3548 viaide - ok
18:10:15.0891 3548 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:10:15.0906 3548 volmgr - ok
18:10:15.0953 3548 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:10:15.0969 3548 volmgrx - ok
18:10:16.0000 3548 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:10:16.0000 3548 volsnap - ok
18:10:16.0062 3548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:10:16.0078 3548 vsmraid - ok
18:10:16.0125 3548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:10:16.0125 3548 vwifibus - ok
18:10:16.0187 3548 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:10:16.0187 3548 vwififlt - ok
18:10:16.0281 3548 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:10:16.0281 3548 vwifimp - ok
18:10:16.0312 3548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:10:16.0312 3548 WacomPen - ok
18:10:16.0405 3548 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:10:16.0405 3548 WANARP - ok
18:10:16.0421 3548 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:10:16.0437 3548 Wanarpv6 - ok
18:10:16.0546 3548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:10:16.0546 3548 Wd - ok
18:10:16.0593 3548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:10:16.0608 3548 Wdf01000 - ok
18:10:16.0717 3548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:10:16.0733 3548 WfpLwf - ok
18:10:16.0795 3548 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:10:16.0811 3548 WimFltr - ok
18:10:16.0842 3548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:10:16.0842 3548 WIMMount - ok
18:10:16.0983 3548 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:10:16.0983 3548 WinUsb - ok
18:10:17.0014 3548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:10:17.0029 3548 WmiAcpi - ok
18:10:17.0092 3548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:10:17.0107 3548 ws2ifsl - ok
18:10:17.0139 3548 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:10:17.0154 3548 WudfPf - ok
18:10:17.0232 3548 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:10:17.0232 3548 WUDFRd - ok
18:10:17.0341 3548 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:10:17.0419 3548 \Device\Harddisk0\DR0 - ok
18:10:17.0419 3548 Boot (0x1200) (d7378bf694d12b3be92b25933efd13fa) \Device\Harddisk0\DR0\Partition0
18:10:17.0419 3548 \Device\Harddisk0\DR0\Partition0 - ok
18:10:17.0451 3548 Boot (0x1200) (d67adc0b2e566bf8f52b4ab7a2cf5dea) \Device\Harddisk0\DR0\Partition1
18:10:17.0451 3548 \Device\Harddisk0\DR0\Partition1 - ok
18:10:17.0451 3548 ============================================================
18:10:17.0451 3548 Scan finished
18:10:17.0451 3548 ============================================================
18:10:17.0466 3040 Detected object count: 0
18:10:17.0466 3040 Actual detected object count: 0
18:11:12.0176 5444 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 PM

Posted 09 January 2012 - 09:36 PM

Run these next
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.



Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Bluecoco

Bluecoco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 09 January 2012 - 10:14 PM

Alright, here is FSS:
Farbar Service Scanner
Ran by Rizu (administrator) on 09-01-2012 at 18:40:01
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 16:09] - [2009-07-13 17:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 16:09] - [2009-07-13 17:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 15:36] - [2009-07-13 17:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 15:39] - [2009-07-13 17:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-02-09 20:51] - [2010-12-20 22:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 16:36] - [2009-07-13 17:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 15:46] - [2009-07-13 17:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 15:49] - [2009-07-13 17:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 Bluecoco

Bluecoco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 09 January 2012 - 10:17 PM

And here is the aswMBR:
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-09 19:09:08
-----------------------------
19:09:08.640 OS Version: Windows x64 6.1.7600
19:09:08.640 Number of processors: 2 586 0x170A
19:09:08.640 ComputerName: ERIN-PC UserName: Rizu
19:09:11.448 Initialize success
19:09:18.561 AVAST engine defs: 12010901
19:09:24.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:09:24.427 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11
19:09:24.489 Disk 0 MBR read successfully
19:09:24.505 Disk 0 MBR scan
19:09:24.505 Disk 0 Windows VISTA default MBR code
19:09:24.505 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:09:24.567 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
19:09:24.599 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
19:09:24.614 Service scanning
19:09:33.147 Modules scanning
19:09:33.147 Disk 0 trace - called modules:
19:09:33.194 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:09:33.194 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fb4340]
19:09:33.210 3 CLASSPNP.SYS[fffff880016bd43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ea2060]
19:09:35.487 AVAST engine scan C:\Windows
19:09:41.712 AVAST engine scan C:\Windows\system32
19:10:01.071 File: C:\Windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
19:12:23.989 AVAST engine scan C:\Windows\system32\drivers
19:12:38.435 AVAST engine scan C:\Users\Rizu
19:12:55.330 Disk 0 MBR has been saved successfully to "C:\Users\Rizu\Desktop\MBR.dat"
19:12:55.345 The log file has been saved successfully to "C:\Users\Rizu\Desktop\aswMBR.txt"


I don't know if it finished but I had to run this one three times. First time, the screen turned blue and said Windows ran into an error and I could't read the rest but it restarted. And then it did it the second time. Nothing happened the third, so I presumed it finished.

#7 Bluecoco

Bluecoco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 11 January 2012 - 01:36 AM

It was that bad? :mellow:

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 PM

Posted 11 January 2012 - 10:32 AM

Well it will require some stronger tools then we allow running in this fourum.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and Include the aswMBR: log you posted earlier.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Bluecoco

Bluecoco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 11 January 2012 - 09:07 PM

The defogger didn't ask for a restart and the computer started acting weird while the DDS was running but it made the logs. I do have a question about how to describe what is wrong, should I just make a link to this thread in the new topic?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 PM

Posted 11 January 2012 - 09:57 PM

Just copy this link
http://www.bleepingcomputer.com/forums/topic436503.html/page__pid__2549745#entry2549745

Use this as your title
Win64:Sirefef-C

You can reuse this..
My computer was infected with some malware, so I used malwarebytes in safe mode, which removed alot of malware. But when I started my computer backup some thing called system fix started and I restarted in safe mode with networking, used a search to find out how to remove it. I found the removal guide here and during the rkill download, system fix started while I was in safe mode. I finally got rkill to run before it could and then used Malwarebytes, which found and removed it. I then started up normally and used the Unhide.exe but noticed that when I searched for sites I was being redirected. Not only that now I can't seem to get Windows firewall to work. It says Error code: 0x8007042c, my restore points are missing and not everything is back like my desktop background. Plus the System Fix icon is on the desktop still.

I am way over my head, sorry for the life story.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Bluecoco

Bluecoco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 11 January 2012 - 10:21 PM

Thank You! :)

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 PM

Posted 11 January 2012 - 11:23 PM

You're welcome,

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which

may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and

not open the thread to respond.


The current wait time is 1 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.

Edited by boopme, 11 January 2012 - 11:24 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users