Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot after trojan removal


  • Please log in to reply
5 replies to this topic

#1 kara5508

kara5508

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 January 2012 - 11:21 AM

My computer has a trojan that is a DNS redirector and when Avast removes it, windows does not load anymore. When I run the startup repair, it tells me it is too corrupt and my only option is to restore, which I then restore to before I removed the antivirus. I have tried several ways, I have removed it in safe mode - same results. Any ideas on how to remove the virus without it trashing my system files? I don't have a windows install disk on hand. Thank you :)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 27 January 2012 - 12:05 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report



Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 27 January 2012 - 12:05 PM.


#3 kara5508

kara5508
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 January 2012 - 12:24 PM

TDS report:

12:14:53.0284 3128 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
12:14:53.0684 3128 ============================================================
12:14:53.0684 3128 Current date / time: 2012/01/27 12:14:53.0684
12:14:53.0684 3128 SystemInfo:
12:14:53.0684 3128
12:14:53.0684 3128 OS Version: 6.1.7601 ServicePack: 1.0
12:14:53.0684 3128 Product type: Workstation
12:14:53.0684 3128 ComputerName: SHAWN-HP
12:14:53.0685 3128 UserName: shawn
12:14:53.0685 3128 Windows directory: C:\Windows
12:14:53.0685 3128 System windows directory: C:\Windows
12:14:53.0685 3128 Running under WOW64
12:14:53.0685 3128 Processor architecture: Intel x64
12:14:53.0685 3128 Number of processors: 4
12:14:53.0685 3128 Page size: 0x1000
12:14:53.0685 3128 Boot type: Normal boot
12:14:53.0685 3128 ============================================================
12:14:54.0578 3128 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:14:54.0680 3128 Initialize success
12:15:10.0077 0628 ============================================================
12:15:10.0077 0628 Scan started
12:15:10.0077 0628 Mode: Manual; TDLFS;
12:15:10.0077 0628 ============================================================
12:15:10.0615 0628 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:15:10.0621 0628 1394ohci - ok
12:15:10.0661 0628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:15:10.0668 0628 ACPI - ok
12:15:10.0695 0628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:15:10.0698 0628 AcpiPmi - ok
12:15:10.0765 0628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:15:10.0775 0628 adp94xx - ok
12:15:10.0792 0628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:15:10.0799 0628 adpahci - ok
12:15:10.0814 0628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:15:10.0817 0628 adpu320 - ok
12:15:10.0858 0628 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:15:10.0867 0628 AFD - ok
12:15:10.0896 0628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:15:10.0898 0628 agp440 - ok
12:15:10.0920 0628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:15:10.0921 0628 aliide - ok
12:15:10.0946 0628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:15:10.0947 0628 amdide - ok
12:15:10.0981 0628 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
12:15:10.0982 0628 amdiox64 - ok
12:15:11.0002 0628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:15:11.0004 0628 AmdK8 - ok
12:15:11.0194 0628 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
12:15:11.0360 0628 amdkmdag - ok
12:15:11.0397 0628 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
12:15:11.0399 0628 amdkmdap - ok
12:15:11.0414 0628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:15:11.0414 0628 AmdPPM - ok
12:15:11.0442 0628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:15:11.0444 0628 amdsata - ok
12:15:11.0466 0628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:15:11.0468 0628 amdsbs - ok
12:15:11.0486 0628 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:15:11.0487 0628 amdxata - ok
12:15:11.0513 0628 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
12:15:11.0514 0628 amd_sata - ok
12:15:11.0527 0628 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
12:15:11.0527 0628 amd_xata - ok
12:15:11.0578 0628 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:15:11.0579 0628 AODDriver4.01 - ok
12:15:11.0627 0628 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:15:11.0630 0628 AppID - ok
12:15:11.0672 0628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:15:11.0676 0628 arc - ok
12:15:11.0687 0628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:15:11.0691 0628 arcsas - ok
12:15:11.0707 0628 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:15:11.0708 0628 ArcSoftKsUFilter - ok
12:15:11.0735 0628 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
12:15:11.0736 0628 aswFsBlk - ok
12:15:11.0769 0628 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
12:15:11.0771 0628 aswMonFlt - ok
12:15:11.0815 0628 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
12:15:11.0816 0628 aswRdr - ok
12:15:11.0846 0628 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
12:15:11.0855 0628 aswSnx - ok
12:15:11.0882 0628 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
12:15:11.0887 0628 aswSP - ok
12:15:11.0898 0628 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
12:15:11.0899 0628 aswTdi - ok
12:15:11.0917 0628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:15:11.0920 0628 AsyncMac - ok
12:15:11.0952 0628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:15:11.0955 0628 atapi - ok
12:15:12.0002 0628 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
12:15:12.0004 0628 AtiHDAudioService - ok
12:15:12.0031 0628 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
12:15:12.0032 0628 AtiPcie - ok
12:15:12.0087 0628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:15:12.0097 0628 b06bdrv - ok
12:15:12.0120 0628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:15:12.0124 0628 b57nd60a - ok
12:15:12.0144 0628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:15:12.0145 0628 Beep - ok
12:15:12.0158 0628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:15:12.0160 0628 blbdrive - ok
12:15:12.0184 0628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:15:12.0185 0628 bowser - ok
12:15:12.0192 0628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:15:12.0193 0628 BrFiltLo - ok
12:15:12.0200 0628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:15:12.0201 0628 BrFiltUp - ok
12:15:12.0219 0628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:15:12.0222 0628 Brserid - ok
12:15:12.0229 0628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:15:12.0230 0628 BrSerWdm - ok
12:15:12.0238 0628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:15:12.0239 0628 BrUsbMdm - ok
12:15:12.0257 0628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:15:12.0258 0628 BrUsbSer - ok
12:15:12.0265 0628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:15:12.0267 0628 BTHMODEM - ok
12:15:12.0285 0628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:15:12.0286 0628 cdfs - ok
12:15:12.0316 0628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:15:12.0318 0628 cdrom - ok
12:15:12.0339 0628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:15:12.0341 0628 circlass - ok
12:15:12.0368 0628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:15:12.0373 0628 CLFS - ok
12:15:12.0400 0628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:15:12.0401 0628 CmBatt - ok
12:15:12.0415 0628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:15:12.0417 0628 cmdide - ok
12:15:12.0446 0628 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:15:12.0453 0628 CNG - ok
12:15:12.0473 0628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:15:12.0475 0628 Compbatt - ok
12:15:12.0497 0628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:15:12.0499 0628 CompositeBus - ok
12:15:12.0520 0628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:15:12.0522 0628 crcdisk - ok
12:15:12.0558 0628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:15:12.0560 0628 DfsC - ok
12:15:12.0576 0628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:15:12.0576 0628 discache - ok
12:15:12.0588 0628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:15:12.0589 0628 Disk - ok
12:15:12.0607 0628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:15:12.0608 0628 drmkaud - ok
12:15:12.0644 0628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:15:12.0648 0628 DXGKrnl - ok
12:15:12.0714 0628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:15:12.0786 0628 ebdrv - ok
12:15:12.0819 0628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:15:12.0825 0628 elxstor - ok
12:15:12.0841 0628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:15:12.0843 0628 ErrDev - ok
12:15:12.0857 0628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:15:12.0860 0628 exfat - ok
12:15:12.0875 0628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:15:12.0878 0628 fastfat - ok
12:15:12.0891 0628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:15:12.0892 0628 fdc - ok
12:15:12.0909 0628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:15:12.0911 0628 FileInfo - ok
12:15:12.0921 0628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:15:12.0923 0628 Filetrace - ok
12:15:12.0935 0628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:15:12.0936 0628 flpydisk - ok
12:15:12.0964 0628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:15:12.0967 0628 FltMgr - ok
12:15:12.0986 0628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:15:12.0988 0628 FsDepends - ok
12:15:13.0004 0628 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:15:13.0005 0628 Fs_Rec - ok
12:15:13.0022 0628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:15:13.0024 0628 fvevol - ok
12:15:13.0039 0628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:15:13.0041 0628 gagp30kx - ok
12:15:13.0074 0628 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:15:13.0074 0628 GEARAspiWDM - ok
12:15:13.0103 0628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:15:13.0105 0628 hcw85cir - ok
12:15:13.0145 0628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:15:13.0153 0628 HdAudAddService - ok
12:15:13.0183 0628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:15:13.0186 0628 HDAudBus - ok
12:15:13.0202 0628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:15:13.0205 0628 HidBatt - ok
12:15:13.0217 0628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:15:13.0220 0628 HidBth - ok
12:15:13.0237 0628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:15:13.0239 0628 HidIr - ok
12:15:13.0260 0628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:15:13.0261 0628 HidUsb - ok
12:15:13.0314 0628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:15:13.0315 0628 HpSAMD - ok
12:15:13.0354 0628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:15:13.0361 0628 HTTP - ok
12:15:13.0381 0628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:15:13.0382 0628 hwpolicy - ok
12:15:13.0400 0628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:15:13.0402 0628 i8042prt - ok
12:15:13.0433 0628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:15:13.0438 0628 iaStorV - ok
12:15:13.0464 0628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:15:13.0466 0628 iirsp - ok
12:15:13.0524 0628 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
12:15:13.0536 0628 IntcAzAudAddService - ok
12:15:13.0561 0628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:15:13.0562 0628 intelide - ok
12:15:13.0575 0628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:15:13.0577 0628 intelppm - ok
12:15:13.0606 0628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:15:13.0608 0628 IpFilterDriver - ok
12:15:13.0624 0628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:15:13.0626 0628 IPMIDRV - ok
12:15:13.0641 0628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:15:13.0643 0628 IPNAT - ok
12:15:13.0660 0628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:15:13.0661 0628 IRENUM - ok
12:15:13.0669 0628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:15:13.0670 0628 isapnp - ok
12:15:13.0694 0628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:15:13.0697 0628 iScsiPrt - ok
12:15:13.0712 0628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:15:13.0712 0628 kbdclass - ok
12:15:13.0738 0628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:15:13.0739 0628 kbdhid - ok
12:15:13.0763 0628 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:15:13.0764 0628 KSecDD - ok
12:15:13.0786 0628 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:15:13.0788 0628 KSecPkg - ok
12:15:13.0810 0628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:15:13.0812 0628 ksthunk - ok
12:15:13.0848 0628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:15:13.0850 0628 lltdio - ok
12:15:13.0927 0628 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
12:15:13.0928 0628 LMIInfo - ok
12:15:13.0944 0628 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
12:15:13.0944 0628 lmimirr - ok
12:15:13.0952 0628 LMIRfsClientNP - ok
12:15:13.0969 0628 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
12:15:13.0970 0628 LMIRfsDriver - ok
12:15:13.0999 0628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:15:14.0001 0628 LSI_FC - ok
12:15:14.0018 0628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:15:14.0045 0628 LSI_SAS - ok
12:15:14.0153 0628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:15:14.0157 0628 LSI_SAS2 - ok
12:15:14.0172 0628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:15:14.0176 0628 LSI_SCSI - ok
12:15:14.0202 0628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:15:14.0204 0628 luafv - ok
12:15:14.0216 0628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:15:14.0217 0628 megasas - ok
12:15:14.0238 0628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:15:14.0243 0628 MegaSR - ok
12:15:14.0254 0628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:15:14.0256 0628 Modem - ok
12:15:14.0280 0628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:15:14.0280 0628 monitor - ok
12:15:14.0306 0628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:15:14.0307 0628 mouclass - ok
12:15:14.0316 0628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:15:14.0318 0628 mouhid - ok
12:15:14.0346 0628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:15:14.0348 0628 mountmgr - ok
12:15:14.0375 0628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:15:14.0378 0628 mpio - ok
12:15:14.0398 0628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:15:14.0400 0628 mpsdrv - ok
12:15:14.0424 0628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:15:14.0426 0628 MRxDAV - ok
12:15:14.0472 0628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:15:14.0474 0628 mrxsmb - ok
12:15:14.0501 0628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:15:14.0504 0628 mrxsmb10 - ok
12:15:14.0515 0628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:15:14.0516 0628 mrxsmb20 - ok
12:15:14.0536 0628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:15:14.0538 0628 msahci - ok
12:15:14.0556 0628 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:15:14.0558 0628 msdsm - ok
12:15:14.0569 0628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:15:14.0570 0628 Msfs - ok
12:15:14.0586 0628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:15:14.0587 0628 mshidkmdf - ok
12:15:14.0596 0628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:15:14.0596 0628 msisadrv - ok
12:15:14.0618 0628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:15:14.0620 0628 MSKSSRV - ok
12:15:14.0634 0628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:15:14.0635 0628 MSPCLOCK - ok
12:15:14.0644 0628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:15:14.0645 0628 MSPQM - ok
12:15:14.0668 0628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:15:14.0672 0628 MsRPC - ok
12:15:14.0684 0628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:15:14.0685 0628 mssmbios - ok
12:15:14.0700 0628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:15:14.0702 0628 MSTEE - ok
12:15:14.0714 0628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:15:14.0715 0628 MTConfig - ok
12:15:14.0731 0628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:15:14.0731 0628 Mup - ok
12:15:14.0758 0628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:15:14.0761 0628 NativeWifiP - ok
12:15:14.0791 0628 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:15:14.0799 0628 NDIS - ok
12:15:14.0823 0628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:15:14.0824 0628 NdisCap - ok
12:15:14.0843 0628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:15:14.0844 0628 NdisTapi - ok
12:15:14.0870 0628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:15:14.0872 0628 Ndisuio - ok
12:15:14.0899 0628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:15:14.0901 0628 NdisWan - ok
12:15:14.0924 0628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:15:14.0928 0628 NDProxy - ok
12:15:14.0945 0628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:15:14.0947 0628 NetBIOS - ok
12:15:14.0959 0628 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:15:14.0961 0628 NetBT - ok
12:15:15.0018 0628 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
12:15:15.0031 0628 netr28x - ok
12:15:15.0073 0628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:15:15.0074 0628 nfrd960 - ok
12:15:15.0100 0628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:15:15.0102 0628 Npfs - ok
12:15:15.0120 0628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:15:15.0120 0628 nsiproxy - ok
12:15:15.0169 0628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:15:15.0195 0628 Ntfs - ok
12:15:15.0208 0628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:15:15.0210 0628 Null - ok
12:15:15.0241 0628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:15:15.0246 0628 nvraid - ok
12:15:15.0277 0628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:15:15.0280 0628 nvstor - ok
12:15:15.0313 0628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:15:15.0316 0628 nv_agp - ok
12:15:15.0332 0628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:15:15.0335 0628 ohci1394 - ok
12:15:15.0357 0628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:15:15.0359 0628 Parport - ok
12:15:15.0383 0628 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:15:15.0385 0628 partmgr - ok
12:15:15.0422 0628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:15:15.0425 0628 pci - ok
12:15:15.0449 0628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:15:15.0450 0628 pciide - ok
12:15:15.0466 0628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:15:15.0470 0628 pcmcia - ok
12:15:15.0488 0628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:15:15.0489 0628 pcw - ok
12:15:15.0511 0628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:15:15.0518 0628 PEAUTH - ok
12:15:15.0563 0628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:15:15.0565 0628 PptpMiniport - ok
12:15:15.0584 0628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:15:15.0585 0628 Processor - ok
12:15:15.0625 0628 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:15:15.0626 0628 Psched - ok
12:15:15.0676 0628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:15:15.0711 0628 ql2300 - ok
12:15:15.0729 0628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:15:15.0738 0628 ql40xx - ok
12:15:15.0768 0628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:15:15.0770 0628 QWAVEdrv - ok
12:15:15.0778 0628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:15:15.0779 0628 RasAcd - ok
12:15:15.0792 0628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:15:15.0794 0628 RasAgileVpn - ok
12:15:15.0822 0628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:15:15.0825 0628 Rasl2tp - ok
12:15:15.0848 0628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:15:15.0850 0628 RasPppoe - ok
12:15:15.0869 0628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:15:15.0871 0628 RasSstp - ok
12:15:15.0895 0628 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:15:15.0899 0628 rdbss - ok
12:15:15.0914 0628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:15:15.0916 0628 rdpbus - ok
12:15:15.0938 0628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:15:15.0939 0628 RDPCDD - ok
12:15:15.0958 0628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:15:15.0959 0628 RDPENCDD - ok
12:15:15.0995 0628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:15:15.0996 0628 RDPREFMP - ok
12:15:16.0029 0628 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:15:16.0033 0628 RDPWD - ok
12:15:16.0058 0628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:15:16.0060 0628 rdyboost - ok
12:15:16.0106 0628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:15:16.0108 0628 rspndr - ok
12:15:16.0147 0628 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:15:16.0149 0628 RTL8167 - ok
12:15:16.0174 0628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:15:16.0176 0628 sbp2port - ok
12:15:16.0195 0628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:15:16.0196 0628 scfilter - ok
12:15:16.0215 0628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:15:16.0216 0628 secdrv - ok
12:15:16.0243 0628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:15:16.0244 0628 Serenum - ok
12:15:16.0253 0628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:15:16.0261 0628 Serial - ok
12:15:16.0294 0628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:15:16.0295 0628 sermouse - ok
12:15:16.0332 0628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:15:16.0334 0628 sffdisk - ok
12:15:16.0345 0628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:15:16.0346 0628 sffp_mmc - ok
12:15:16.0357 0628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:15:16.0358 0628 sffp_sd - ok
12:15:16.0365 0628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:15:16.0366 0628 sfloppy - ok
12:15:16.0381 0628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:15:16.0382 0628 SiSRaid2 - ok
12:15:16.0390 0628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:15:16.0392 0628 SiSRaid4 - ok
12:15:16.0425 0628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:15:16.0427 0628 Smb - ok
12:15:16.0450 0628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:15:16.0458 0628 spldr - ok
12:15:16.0491 0628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:15:16.0495 0628 srv - ok
12:15:16.0513 0628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:15:16.0517 0628 srv2 - ok
12:15:16.0549 0628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:15:16.0551 0628 srvnet - ok
12:15:16.0573 0628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:15:16.0575 0628 stexstor - ok
12:15:16.0601 0628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:15:16.0602 0628 swenum - ok
12:15:16.0662 0628 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:15:16.0697 0628 Tcpip - ok
12:15:16.0737 0628 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:15:16.0746 0628 TCPIP6 - ok
12:15:16.0776 0628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:15:16.0777 0628 tcpipreg - ok
12:15:16.0791 0628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:15:16.0793 0628 TDPIPE - ok
12:15:16.0813 0628 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:15:16.0814 0628 TDTCP - ok
12:15:16.0840 0628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:15:16.0842 0628 tdx - ok
12:15:16.0854 0628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:15:16.0854 0628 TermDD - ok
12:15:16.0885 0628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:15:16.0888 0628 tssecsrv - ok
12:15:16.0917 0628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:15:16.0919 0628 TsUsbFlt - ok
12:15:16.0955 0628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:15:16.0957 0628 tunnel - ok
12:15:16.0973 0628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:15:16.0975 0628 uagp35 - ok
12:15:17.0007 0628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:15:17.0011 0628 udfs - ok
12:15:17.0041 0628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:15:17.0043 0628 uliagpkx - ok
12:15:17.0074 0628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:15:17.0075 0628 umbus - ok
12:15:17.0087 0628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:15:17.0089 0628 UmPass - ok
12:15:17.0132 0628 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:15:17.0134 0628 usbaudio - ok
12:15:17.0156 0628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:15:17.0158 0628 usbccgp - ok
12:15:17.0182 0628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:15:17.0184 0628 usbcir - ok
12:15:17.0211 0628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:15:17.0212 0628 usbehci - ok
12:15:17.0233 0628 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
12:15:17.0233 0628 usbfilter - ok
12:15:17.0250 0628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:15:17.0254 0628 usbhub - ok
12:15:17.0277 0628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:15:17.0279 0628 usbohci - ok
12:15:17.0299 0628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:15:17.0300 0628 usbprint - ok
12:15:17.0317 0628 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:15:17.0318 0628 usbscan - ok
12:15:17.0341 0628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:15:17.0343 0628 USBSTOR - ok
12:15:17.0355 0628 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:15:17.0357 0628 usbuhci - ok
12:15:17.0383 0628 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:15:17.0385 0628 usbvideo - ok
12:15:17.0399 0628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:15:17.0400 0628 vdrvroot - ok
12:15:17.0417 0628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:15:17.0423 0628 vga - ok
12:15:17.0455 0628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:15:17.0456 0628 VgaSave - ok
12:15:17.0485 0628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:15:17.0488 0628 vhdmp - ok
12:15:17.0503 0628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:15:17.0505 0628 viaide - ok
12:15:17.0519 0628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:15:17.0520 0628 volmgr - ok
12:15:17.0545 0628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:15:17.0549 0628 volmgrx - ok
12:15:17.0569 0628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:15:17.0573 0628 volsnap - ok
12:15:17.0588 0628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:15:17.0590 0628 vsmraid - ok
12:15:17.0607 0628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:15:17.0609 0628 vwifibus - ok
12:15:17.0624 0628 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:15:17.0626 0628 vwififlt - ok
12:15:17.0648 0628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:15:17.0650 0628 WacomPen - ok
12:15:17.0682 0628 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:15:17.0684 0628 WANARP - ok
12:15:17.0690 0628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:15:17.0691 0628 Wanarpv6 - ok
12:15:17.0719 0628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:15:17.0720 0628 Wd - ok
12:15:17.0740 0628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:15:17.0746 0628 Wdf01000 - ok
12:15:17.0773 0628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:15:17.0774 0628 WfpLwf - ok
12:15:17.0788 0628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:15:17.0790 0628 WIMMount - ok
12:15:17.0839 0628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:15:17.0840 0628 WmiAcpi - ok
12:15:17.0855 0628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:15:17.0856 0628 ws2ifsl - ok
12:15:17.0906 0628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:15:17.0909 0628 WudfPf - ok
12:15:17.0928 0628 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:15:17.0933 0628 WUDFRd - ok
12:15:17.0986 0628 MBR (0x1B8) (b6b4ad0da5d0ce8f18dc149ef6ff08f4) \Device\Harddisk0\DR0
12:15:18.0216 0628 \Device\Harddisk0\DR0 - ok
12:15:18.0223 0628 Boot (0x1200) (15c7c6b30c630058bf4382261084ff14) \Device\Harddisk0\DR0\Partition0
12:15:18.0224 0628 \Device\Harddisk0\DR0\Partition0 - ok
12:15:18.0250 0628 Boot (0x1200) (6aab7ace10e0f5d054a65afce209eac9) \Device\Harddisk0\DR0\Partition1
12:15:18.0251 0628 \Device\Harddisk0\DR0\Partition1 - ok
12:15:18.0276 0628 Boot (0x1200) (c429f319c78b78d4ac15d7640515a2a5) \Device\Harddisk0\DR0\Partition2
12:15:18.0277 0628 \Device\Harddisk0\DR0\Partition2 - ok
12:15:18.0278 0628 ============================================================
12:15:18.0278 0628 Scan finished
12:15:18.0278 0628 ============================================================
12:15:18.0289 3908 Detected object count: 0
12:15:18.0289 3908 Actual detected object count: 0

I have a 64 bit computer, so no GMER.

MBR log:
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-27 12:17:07
-----------------------------
12:17:07.855 OS Version: Windows x64 6.1.7601 Service Pack 1
12:17:07.856 Number of processors: 4 586 0xA00
12:17:07.856 ComputerName: SHAWN-HP UserName: shawn
12:17:11.347 Initialize success
12:17:11.402 AVAST engine defs: 12012700
12:17:28.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
12:17:28.946 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
12:17:28.957 Disk 0 MBR read successfully
12:17:28.962 Disk 0 MBR scan
12:17:28.969 Disk 0 unknown MBR code
12:17:28.980 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:17:28.988 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940541 MB offset 206848
12:17:29.021 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13226 MB offset 1926434816
12:17:29.030 Service scanning
12:17:30.033 Modules scanning
12:17:30.042 Disk 0 trace - called modules:
12:17:30.052 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:17:30.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049fb790]
12:17:30.065 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80044deac0]
12:17:30.069 5 amd_xata.sys[fffff88000dc78b4] -> nt!IofCallDriver -> \Device\00000054[0xfffffa80044d88f0]
12:17:32.637 AVAST engine scan C:\Windows
12:17:35.217 AVAST engine scan C:\Windows\system32
12:17:43.487 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:18:45.009 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
12:18:46.336 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
12:19:20.733 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
12:19:21.625 AVAST engine scan C:\Windows\system32\drivers
12:19:31.307 AVAST engine scan C:\Users\shawn
12:21:21.749 File: C:\Users\shawn\AppData\Local\Temp\fka0.4392817655759622.exe **INFECTED** Win32:Sirefef-KM [Trj]
12:21:50.851 AVAST engine scan C:\ProgramData
12:23:11.117 Scan finished successfully
12:24:02.673 Disk 0 MBR has been saved successfully to "C:\Users\shawn\Desktop\MBR.dat"
12:24:02.677 The log file has been saved successfully to "C:\Users\shawn\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 27 January 2012 - 12:29 PM

12:17:43.487 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:18:45.009 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
12:18:46.336 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
12:19:20.733 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]


You're infected by zero access rootkit.

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 kara5508

kara5508
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 January 2012 - 12:44 PM

Thank you!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 27 January 2012 - 01:03 PM

You're welcome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users