Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Network - Base Filtering Engine


  • Please log in to reply
5 replies to this topic

#1 rbensen

rbensen

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 17 February 2012 - 09:28 AM

Not sure how, but I recently lost networking on my Windows 7 PC. I downloaded farbar service scanner, and its telling me that there may be something wrong with afd.sys. I have attached the farbar output along with the file search output for afd.sys.

Attached File  FSS1.txt   3.19KB   7 downloads
Attached File  FSS2.txt   2.7KB   7 downloads

Edited by hamluis, 17 February 2012 - 11:03 AM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:29 PM

Posted 17 February 2012 - 09:26 PM

Copy these tools from a clean PC to the infected PC

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 rbensen

rbensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 17 February 2012 - 10:22 PM

21:09:53.0971 3356 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
21:09:53.0971 3356 ============================================================
21:09:53.0971 3356 Current date / time: 2012/02/17 21:09:53.0971
21:09:53.0971 3356 SystemInfo:
21:09:53.0971 3356
21:09:53.0971 3356 OS Version: 6.1.7601 ServicePack: 1.0
21:09:53.0971 3356 Product type: Workstation
21:09:53.0971 3356 ComputerName: OFFICE-PC
21:09:53.0971 3356 UserName: Ross
21:09:53.0971 3356 Windows directory: C:\Windows
21:09:53.0971 3356 System windows directory: C:\Windows
21:09:53.0971 3356 Running under WOW64
21:09:53.0971 3356 Processor architecture: Intel x64
21:09:53.0971 3356 Number of processors: 4
21:09:53.0971 3356 Page size: 0x1000
21:09:53.0971 3356 Boot type: Normal boot
21:09:53.0971 3356 ============================================================
21:10:01.0958 3356 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:10:01.0974 3356 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:10:01.0990 3356 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:10:02.0005 3356 Drive \Device\Harddisk3\DR3 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:10:10.0164 3356 Drive \Device\Harddisk6\DR7 - Size: 0x1DFFFFE00 (7.50 Gb), SectorSize: 0x200, Cylinders: 0x3D3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:10:10.0164 3356 \Device\Harddisk0\DR0:
21:10:10.0164 3356 MBR used
21:10:10.0164 3356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
21:10:10.0164 3356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x72B7BDB0
21:10:10.0164 3356 \Device\Harddisk1\DR1:
21:10:10.0180 3356 MBR used
21:10:10.0180 3356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38FE4841
21:10:10.0180 3356 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x38FE4880, BlocksNum 0x13A0010
21:10:10.0180 3356 \Device\Harddisk2\DR2:
21:10:10.0180 3356 MBR used
21:10:10.0180 3356 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
21:10:10.0180 3356 \Device\Harddisk3\DR3:
21:10:10.0195 3356 MBR used
21:10:10.0195 3356 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E937C82
21:10:10.0195 3356 \Device\Harddisk6\DR7:
21:10:10.0195 3356 MBR used
21:10:10.0195 3356 \Device\Harddisk6\DR7\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEFFFC0
21:10:10.0320 3356 Initialize success
21:10:10.0320 3356 ============================================================
21:10:37.0792 3780 ============================================================
21:10:37.0792 3780 Scan started
21:10:37.0792 3780 Mode: Manual; TDLFS;
21:10:37.0792 3780 ============================================================
21:10:38.0572 3780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:10:38.0572 3780 1394ohci - ok
21:10:38.0618 3780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:10:38.0618 3780 ACPI - ok
21:10:38.0650 3780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:10:38.0650 3780 AcpiPmi - ok
21:10:38.0681 3780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:10:38.0681 3780 adp94xx - ok
21:10:38.0712 3780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:10:38.0712 3780 adpahci - ok
21:10:38.0728 3780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:10:38.0728 3780 adpu320 - ok
21:10:38.0774 3780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:10:38.0774 3780 AFD - ok
21:10:38.0806 3780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:10:38.0806 3780 agp440 - ok
21:10:38.0837 3780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:10:38.0837 3780 aliide - ok
21:10:38.0852 3780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:10:38.0852 3780 amdide - ok
21:10:38.0868 3780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:10:38.0868 3780 AmdK8 - ok
21:10:38.0884 3780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:10:38.0884 3780 AmdPPM - ok
21:10:38.0915 3780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:10:38.0930 3780 amdsata - ok
21:10:38.0946 3780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:10:38.0946 3780 amdsbs - ok
21:10:38.0962 3780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:10:38.0962 3780 amdxata - ok
21:10:38.0993 3780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:10:38.0993 3780 AppID - ok
21:10:39.0024 3780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:10:39.0024 3780 arc - ok
21:10:39.0040 3780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:10:39.0040 3780 arcsas - ok
21:10:39.0071 3780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:39.0071 3780 AsyncMac - ok
21:10:39.0102 3780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:10:39.0102 3780 atapi - ok
21:10:39.0133 3780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:10:39.0133 3780 b06bdrv - ok
21:10:39.0196 3780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:10:39.0211 3780 b57nd60a - ok
21:10:39.0242 3780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:10:39.0242 3780 Beep - ok
21:10:39.0289 3780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:10:39.0289 3780 blbdrive - ok
21:10:39.0336 3780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:10:39.0336 3780 bowser - ok
21:10:39.0352 3780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:10:39.0352 3780 BrFiltLo - ok
21:10:39.0367 3780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:10:39.0367 3780 BrFiltUp - ok
21:10:39.0383 3780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:10:39.0383 3780 Brserid - ok
21:10:39.0398 3780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:10:39.0398 3780 BrSerWdm - ok
21:10:39.0398 3780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:10:39.0398 3780 BrUsbMdm - ok
21:10:39.0414 3780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:10:39.0414 3780 BrUsbSer - ok
21:10:39.0430 3780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:10:39.0430 3780 BTHMODEM - ok
21:10:39.0461 3780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:10:39.0461 3780 cdfs - ok
21:10:39.0508 3780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:10:39.0508 3780 cdrom - ok
21:10:39.0523 3780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:10:39.0523 3780 circlass - ok
21:10:39.0554 3780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:10:39.0554 3780 CLFS - ok
21:10:39.0586 3780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:10:39.0586 3780 CmBatt - ok
21:10:39.0617 3780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:10:39.0617 3780 cmdide - ok
21:10:39.0664 3780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:10:39.0664 3780 CNG - ok
21:10:39.0695 3780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:10:39.0695 3780 Compbatt - ok
21:10:39.0726 3780 CompFilter64 (11cc395d18ff03e95e8c6a149c84c91b) C:\Windows\system32\DRIVERS\lvbflt64.sys
21:10:39.0726 3780 CompFilter64 - ok
21:10:39.0757 3780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:10:39.0757 3780 CompositeBus - ok
21:10:39.0788 3780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:10:39.0788 3780 crcdisk - ok
21:10:39.0835 3780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:10:39.0835 3780 DfsC - ok
21:10:39.0851 3780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:10:39.0851 3780 discache - ok
21:10:39.0866 3780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:10:39.0866 3780 Disk - ok
21:10:39.0882 3780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:10:39.0882 3780 drmkaud - ok
21:10:39.0929 3780 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
21:10:39.0929 3780 dsNcAdpt - ok
21:10:39.0991 3780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:10:40.0007 3780 DXGKrnl - ok
21:10:40.0054 3780 e1kexpress (fcd4e9eaa7682d5fa4acef433c3b42a8) C:\Windows\system32\DRIVERS\e1k62x64.sys
21:10:40.0054 3780 e1kexpress - ok
21:10:40.0116 3780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:10:40.0194 3780 ebdrv - ok
21:10:40.0241 3780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:10:40.0241 3780 elxstor - ok
21:10:40.0272 3780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:10:40.0272 3780 ErrDev - ok
21:10:40.0319 3780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:10:40.0319 3780 exfat - ok
21:10:40.0350 3780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:10:40.0350 3780 fastfat - ok
21:10:40.0381 3780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:10:40.0381 3780 fdc - ok
21:10:40.0412 3780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:10:40.0412 3780 FileInfo - ok
21:10:40.0412 3780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:10:40.0412 3780 Filetrace - ok
21:10:40.0459 3780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:10:40.0459 3780 flpydisk - ok
21:10:40.0506 3780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:10:40.0506 3780 FltMgr - ok
21:10:40.0537 3780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:10:40.0537 3780 FsDepends - ok
21:10:40.0553 3780 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:10:40.0553 3780 Fs_Rec - ok
21:10:40.0600 3780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:10:40.0600 3780 fvevol - ok
21:10:40.0615 3780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:10:40.0615 3780 gagp30kx - ok
21:10:40.0646 3780 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:10:40.0646 3780 GEARAspiWDM - ok
21:10:40.0678 3780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:10:40.0678 3780 hcw85cir - ok
21:10:40.0724 3780 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:10:40.0724 3780 HdAudAddService - ok
21:10:40.0756 3780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:10:40.0756 3780 HDAudBus - ok
21:10:40.0787 3780 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:10:40.0787 3780 HECIx64 - ok
21:10:40.0802 3780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:10:40.0802 3780 HidBatt - ok
21:10:40.0818 3780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:10:40.0818 3780 HidBth - ok
21:10:40.0834 3780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:10:40.0834 3780 HidIr - ok
21:10:40.0865 3780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:10:40.0865 3780 HidUsb - ok
21:10:40.0880 3780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:10:40.0880 3780 HpSAMD - ok
21:10:40.0927 3780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:10:40.0927 3780 HTTP - ok
21:10:40.0974 3780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:10:40.0974 3780 hwpolicy - ok
21:10:41.0005 3780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:10:41.0005 3780 i8042prt - ok
21:10:41.0052 3780 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
21:10:41.0052 3780 iaStor - ok
21:10:41.0083 3780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:10:41.0083 3780 iaStorV - ok
21:10:41.0302 3780 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:10:41.0489 3780 igfx - ok
21:10:41.0520 3780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:10:41.0520 3780 iirsp - ok
21:10:41.0582 3780 IntcAzAudAddService (d2356ebe25781b2fb61687e4d07ed188) C:\Windows\system32\drivers\RTKVHD64.sys
21:10:41.0629 3780 IntcAzAudAddService - ok
21:10:41.0676 3780 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:10:41.0676 3780 IntcDAud - ok
21:10:41.0723 3780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:10:41.0723 3780 intelide - ok
21:10:41.0754 3780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:10:41.0754 3780 intelppm - ok
21:10:41.0801 3780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:10:41.0801 3780 IpFilterDriver - ok
21:10:41.0848 3780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:10:41.0848 3780 IPMIDRV - ok
21:10:41.0863 3780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:10:41.0863 3780 IPNAT - ok
21:10:41.0894 3780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:10:41.0894 3780 IRENUM - ok
21:10:41.0926 3780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:10:41.0926 3780 isapnp - ok
21:10:41.0957 3780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:10:41.0957 3780 iScsiPrt - ok
21:10:41.0988 3780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:10:41.0988 3780 kbdclass - ok
21:10:42.0004 3780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:10:42.0004 3780 kbdhid - ok
21:10:42.0035 3780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:10:42.0035 3780 KSecDD - ok
21:10:42.0066 3780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:10:42.0066 3780 KSecPkg - ok
21:10:42.0082 3780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:10:42.0082 3780 ksthunk - ok
21:10:42.0113 3780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:10:42.0113 3780 lltdio - ok
21:10:42.0144 3780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:10:42.0144 3780 LSI_FC - ok
21:10:42.0160 3780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:10:42.0160 3780 LSI_SAS - ok
21:10:42.0160 3780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:10:42.0160 3780 LSI_SAS2 - ok
21:10:42.0175 3780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:10:42.0175 3780 LSI_SCSI - ok
21:10:42.0191 3780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:10:42.0191 3780 luafv - ok
21:10:42.0222 3780 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:10:42.0222 3780 LVPr2M64 - ok
21:10:42.0222 3780 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:10:42.0222 3780 LVPr2Mon - ok
21:10:42.0253 3780 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
21:10:42.0253 3780 LVRS64 - ok
21:10:42.0347 3780 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:10:42.0425 3780 LVUVC64 - ok
21:10:42.0440 3780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:10:42.0440 3780 megasas - ok
21:10:42.0456 3780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:10:42.0456 3780 MegaSR - ok
21:10:42.0503 3780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:10:42.0503 3780 Modem - ok
21:10:42.0534 3780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:10:42.0534 3780 monitor - ok
21:10:42.0581 3780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:10:42.0581 3780 mouclass - ok
21:10:42.0612 3780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:10:42.0612 3780 mouhid - ok
21:10:42.0643 3780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:10:42.0643 3780 mountmgr - ok
21:10:42.0674 3780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:10:42.0674 3780 mpio - ok
21:10:42.0690 3780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:10:42.0690 3780 mpsdrv - ok
21:10:42.0721 3780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:10:42.0721 3780 MRxDAV - ok
21:10:42.0752 3780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:42.0752 3780 mrxsmb - ok
21:10:42.0799 3780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:42.0799 3780 mrxsmb10 - ok
21:10:42.0846 3780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:42.0846 3780 mrxsmb20 - ok
21:10:42.0862 3780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:10:42.0862 3780 msahci - ok
21:10:42.0877 3780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:10:42.0877 3780 msdsm - ok
21:10:42.0908 3780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:10:42.0908 3780 Msfs - ok
21:10:42.0908 3780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:10:42.0908 3780 mshidkmdf - ok
21:10:42.0955 3780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:10:42.0955 3780 msisadrv - ok
21:10:42.0986 3780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:10:42.0986 3780 MSKSSRV - ok
21:10:43.0002 3780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:43.0002 3780 MSPCLOCK - ok
21:10:43.0018 3780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:10:43.0018 3780 MSPQM - ok
21:10:43.0049 3780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:10:43.0064 3780 MsRPC - ok
21:10:43.0080 3780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:10:43.0080 3780 mssmbios - ok
21:10:43.0111 3780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:10:43.0111 3780 MSTEE - ok
21:10:43.0127 3780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:10:43.0127 3780 MTConfig - ok
21:10:43.0142 3780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:10:43.0142 3780 Mup - ok
21:10:43.0158 3780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:10:43.0158 3780 NativeWifiP - ok
21:10:43.0220 3780 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:10:43.0220 3780 NDIS - ok
21:10:43.0252 3780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:10:43.0252 3780 NdisCap - ok
21:10:43.0267 3780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:43.0267 3780 NdisTapi - ok
21:10:43.0298 3780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:43.0298 3780 Ndisuio - ok
21:10:43.0345 3780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:43.0345 3780 NdisWan - ok
21:10:43.0376 3780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:10:43.0376 3780 NDProxy - ok
21:10:43.0392 3780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:10:43.0392 3780 NetBIOS - ok
21:10:43.0423 3780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:10:43.0439 3780 NetBT - ok
21:10:43.0470 3780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:10:43.0470 3780 nfrd960 - ok
21:10:43.0486 3780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:10:43.0486 3780 Npfs - ok
21:10:43.0501 3780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:10:43.0501 3780 nsiproxy - ok
21:10:43.0564 3780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:10:43.0579 3780 Ntfs - ok
21:10:43.0610 3780 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:10:43.0610 3780 NTIDrvr - ok
21:10:43.0626 3780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:10:43.0626 3780 Null - ok
21:10:43.0657 3780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:10:43.0673 3780 nvraid - ok
21:10:43.0688 3780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:10:43.0688 3780 nvstor - ok
21:10:43.0720 3780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:10:43.0735 3780 nv_agp - ok
21:10:43.0766 3780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:10:43.0766 3780 ohci1394 - ok
21:10:43.0798 3780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:10:43.0813 3780 Parport - ok
21:10:43.0829 3780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:10:43.0829 3780 partmgr - ok
21:10:43.0876 3780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:10:43.0876 3780 pci - ok
21:10:43.0907 3780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:10:43.0907 3780 pciide - ok
21:10:43.0922 3780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:10:43.0922 3780 pcmcia - ok
21:10:43.0938 3780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:10:43.0938 3780 pcw - ok
21:10:43.0969 3780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:10:43.0969 3780 PEAUTH - ok
21:10:44.0032 3780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:10:44.0032 3780 PptpMiniport - ok
21:10:44.0047 3780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:10:44.0047 3780 Processor - ok
21:10:44.0110 3780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:10:44.0110 3780 Psched - ok
21:10:44.0156 3780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:10:44.0172 3780 ql2300 - ok
21:10:44.0188 3780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:10:44.0188 3780 ql40xx - ok
21:10:44.0203 3780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:10:44.0203 3780 QWAVEdrv - ok
21:10:44.0219 3780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:10:44.0219 3780 RasAcd - ok
21:10:44.0250 3780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:10:44.0250 3780 RasAgileVpn - ok
21:10:44.0297 3780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:44.0297 3780 Rasl2tp - ok
21:10:44.0312 3780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:44.0312 3780 RasPppoe - ok
21:10:44.0328 3780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:10:44.0328 3780 RasSstp - ok
21:10:44.0375 3780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:10:44.0375 3780 rdbss - ok
21:10:44.0390 3780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:10:44.0390 3780 rdpbus - ok
21:10:44.0406 3780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:44.0406 3780 RDPCDD - ok
21:10:44.0422 3780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:10:44.0422 3780 RDPENCDD - ok
21:10:44.0437 3780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:10:44.0437 3780 RDPREFMP - ok
21:10:44.0468 3780 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:10:44.0468 3780 RDPWD - ok
21:10:44.0500 3780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:10:44.0515 3780 rdyboost - ok
21:10:44.0546 3780 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:10:44.0546 3780 RimUsb - ok
21:10:44.0562 3780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:10:44.0562 3780 rspndr - ok
21:10:44.0609 3780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:10:44.0609 3780 sbp2port - ok
21:10:44.0640 3780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:10:44.0640 3780 scfilter - ok
21:10:44.0671 3780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:10:44.0671 3780 secdrv - ok
21:10:44.0702 3780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:10:44.0702 3780 Serenum - ok
21:10:44.0734 3780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:10:44.0734 3780 Serial - ok
21:10:44.0780 3780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:10:44.0780 3780 sermouse - ok
21:10:44.0827 3780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:10:44.0827 3780 sffdisk - ok
21:10:44.0843 3780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:10:44.0843 3780 sffp_mmc - ok
21:10:44.0858 3780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:10:44.0858 3780 sffp_sd - ok
21:10:44.0874 3780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:10:44.0874 3780 sfloppy - ok
21:10:44.0890 3780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:10:44.0890 3780 SiSRaid2 - ok
21:10:44.0905 3780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:10:44.0905 3780 SiSRaid4 - ok
21:10:44.0921 3780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:10:44.0921 3780 Smb - ok
21:10:44.0936 3780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:10:44.0936 3780 spldr - ok
21:10:44.0983 3780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:10:44.0983 3780 srv - ok
21:10:45.0014 3780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:10:45.0030 3780 srv2 - ok
21:10:45.0030 3780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:10:45.0030 3780 srvnet - ok
21:10:45.0061 3780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:10:45.0077 3780 stexstor - ok
21:10:45.0124 3780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:10:45.0124 3780 swenum - ok
21:10:45.0202 3780 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:10:45.0217 3780 Tcpip - ok
21:10:45.0264 3780 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:10:45.0264 3780 TCPIP6 - ok
21:10:45.0311 3780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:10:45.0311 3780 tcpipreg - ok
21:10:45.0326 3780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:10:45.0326 3780 TDPIPE - ok
21:10:45.0326 3780 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:10:45.0326 3780 TDTCP - ok
21:10:45.0373 3780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:10:45.0373 3780 tdx - ok
21:10:45.0389 3780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:10:45.0389 3780 TermDD - ok
21:10:45.0436 3780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:45.0436 3780 tssecsrv - ok
21:10:45.0482 3780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:10:45.0482 3780 TsUsbFlt - ok
21:10:45.0545 3780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:10:45.0545 3780 tunnel - ok
21:10:45.0560 3780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:10:45.0560 3780 uagp35 - ok
21:10:45.0607 3780 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:10:45.0607 3780 UBHelper - ok
21:10:45.0638 3780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:10:45.0638 3780 udfs - ok
21:10:45.0670 3780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:10:45.0685 3780 uliagpkx - ok
21:10:45.0716 3780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:10:45.0716 3780 umbus - ok
21:10:45.0732 3780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:10:45.0732 3780 UmPass - ok
21:10:45.0794 3780 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:10:45.0794 3780 USBAAPL64 - ok
21:10:45.0826 3780 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:10:45.0826 3780 usbaudio - ok
21:10:45.0857 3780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:45.0857 3780 usbccgp - ok
21:10:45.0904 3780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:10:45.0904 3780 usbcir - ok
21:10:45.0950 3780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:10:45.0950 3780 usbehci - ok
21:10:45.0982 3780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:10:45.0982 3780 usbhub - ok
21:10:45.0997 3780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:10:45.0997 3780 usbohci - ok
21:10:46.0013 3780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:10:46.0013 3780 usbprint - ok
21:10:46.0060 3780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:46.0060 3780 USBSTOR - ok
21:10:46.0091 3780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:10:46.0091 3780 usbuhci - ok
21:10:46.0122 3780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:10:46.0122 3780 vdrvroot - ok
21:10:46.0138 3780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:46.0138 3780 vga - ok
21:10:46.0169 3780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:10:46.0169 3780 VgaSave - ok
21:10:46.0200 3780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:10:46.0200 3780 vhdmp - ok
21:10:46.0216 3780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:10:46.0216 3780 viaide - ok
21:10:46.0231 3780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:10:46.0231 3780 volmgr - ok
21:10:46.0278 3780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:10:46.0278 3780 volmgrx - ok
21:10:46.0294 3780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:10:46.0309 3780 volsnap - ok
21:10:46.0325 3780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:10:46.0325 3780 vsmraid - ok
21:10:46.0325 3780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:10:46.0325 3780 vwifibus - ok
21:10:46.0356 3780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:10:46.0356 3780 WacomPen - ok
21:10:46.0387 3780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:46.0387 3780 WANARP - ok
21:10:46.0387 3780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:46.0387 3780 Wanarpv6 - ok
21:10:46.0418 3780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:10:46.0434 3780 Wd - ok
21:10:46.0450 3780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:10:46.0465 3780 Wdf01000 - ok
21:10:46.0481 3780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:10:46.0481 3780 WfpLwf - ok
21:10:46.0496 3780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:10:46.0496 3780 WIMMount - ok
21:10:46.0559 3780 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:10:46.0559 3780 WinUsb - ok
21:10:46.0637 3780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:10:46.0637 3780 WmiAcpi - ok
21:10:46.0668 3780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:10:46.0668 3780 ws2ifsl - ok
21:10:46.0715 3780 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:10:46.0715 3780 WSDPrintDevice - ok
21:10:46.0730 3780 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
21:10:46.0730 3780 WSDScan - ok
21:10:46.0762 3780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:10:46.0762 3780 WudfPf - ok
21:10:46.0777 3780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:46.0777 3780 WUDFRd - ok
21:10:46.0808 3780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:10:46.0949 3780 \Device\Harddisk0\DR0 - ok
21:10:46.0964 3780 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk1\DR1
21:10:47.0214 3780 \Device\Harddisk1\DR1 - ok
21:10:47.0214 3780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
21:10:47.0323 3780 \Device\Harddisk2\DR2 - ok
21:10:47.0323 3780 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk3\DR3
21:10:49.0382 3780 \Device\Harddisk3\DR3 - ok
21:10:49.0382 3780 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk6\DR7
21:10:57.0042 3780 \Device\Harddisk6\DR7 - ok
21:10:57.0042 3780 Boot (0x1200) (b57f793d31ccf623b804a8d8d8da0edc) \Device\Harddisk0\DR0\Partition0
21:10:57.0042 3780 \Device\Harddisk0\DR0\Partition0 - ok
21:10:57.0058 3780 Boot (0x1200) (5cd5dba8fe66bbaf410b908ddf2a45f0) \Device\Harddisk0\DR0\Partition1
21:10:57.0058 3780 \Device\Harddisk0\DR0\Partition1 - ok
21:10:57.0089 3780 Boot (0x1200) (2bf9b180a4ed569431c0fd734273e35c) \Device\Harddisk1\DR1\Partition0
21:10:57.0089 3780 \Device\Harddisk1\DR1\Partition0 - ok
21:10:57.0104 3780 Boot (0x1200) (ac0cf20f5ea3ba69a66313443a3527f8) \Device\Harddisk1\DR1\Partition1
21:10:57.0104 3780 \Device\Harddisk1\DR1\Partition1 - ok
21:10:57.0120 3780 Boot (0x1200) (181efc0222b36b24131684e8f807451d) \Device\Harddisk2\DR2\Partition0
21:10:57.0120 3780 \Device\Harddisk2\DR2\Partition0 - ok
21:10:57.0120 3780 Boot (0x1200) (9732636f17fbfc25c60f7c8334d9ad58) \Device\Harddisk3\DR3\Partition0
21:10:57.0120 3780 \Device\Harddisk3\DR3\Partition0 - ok
21:10:57.0120 3780 Boot (0x1200) (da2e4aa599f45f9ff1f8a76bd59bf064) \Device\Harddisk6\DR7\Partition0
21:10:57.0120 3780 \Device\Harddisk6\DR7\Partition0 - ok
21:10:57.0120 3780 ============================================================
21:10:57.0120 3780 Scan finished
21:10:57.0120 3780 ============================================================
21:10:57.0136 2620 Detected object count: 0
21:10:57.0136 2620 Actual detected object count: 0
21:11:11.0769 0692 Deinitialize success

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 21:12:16
-----------------------------
21:12:16.255 OS Version: Windows x64 6.1.7601 Service Pack 1
21:12:16.255 Number of processors: 4 586 0x2502
21:12:16.255 ComputerName: OFFICE-PC UserName: Ross
21:12:18.221 Initialize success
21:12:30.155 AVAST engine download error: 0
21:12:49.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:12:49.670 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
21:12:49.670 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
21:12:49.670 Disk 1 Vendor: ST350063 3.CH Size: 476940MB BusType: 3
21:12:49.686 Disk 0 MBR read successfully
21:12:49.686 Disk 0 MBR scan
21:12:49.686 Disk 0 Windows 7 default MBR code
21:12:49.701 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
21:12:49.717 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
21:12:49.717 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939767 MB offset 28878848
21:12:49.717 Service scanning
21:12:50.637 Modules scanning
21:12:50.637 Disk 0 trace - called modules:
21:12:50.637 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:12:50.637 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006421060]
21:12:50.637 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006316050]
21:12:50.653 Scan finished successfully
21:13:34.349 Disk 0 MBR has been saved successfully to "L:\MBR.dat"
21:13:34.770 The log file has been saved successfully to "L:\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:29 PM

Posted 18 February 2012 - 07:40 AM

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions(ignore)
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Click on start button and type

cmd right click-Run as administrator

Run the following commands


netsh i i r r
netsh winsock reset
ipconfig /registerdns
ipconfig /flushdns
ipconfig /release
ipconfig /renew


Press Windows+R key and type

devmgmt.msc and click ok

Expand network adapters

Right click on your network driver-Uninstall

Restart your PC and check your browser

if that doesnt work open command prompt as administrator and run the command

sfc /scannow

Allow it to finish and post the FSS log

good luck

Edited by narenxp, 18 February 2012 - 07:41 AM.


#5 rbensen

rbensen
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 18 February 2012 - 10:19 AM

ESET won't start due to the lack of Internet connection (can't download definitions).

I tried all of the other steps and still get this message for BFE startup: "Windows could not start the Base Filtering Engine service on local Computer. Error 2: The system cannot find the file specified.

Here is the FSS log:

Farbar Service Scanner Version: 14-02-2012
Ran by Ross (administrator) on 18-02-2012 at 09:09:38
Running from "L:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 23:56] - [2011-12-27 21:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:29 PM

Posted 18 February 2012 - 11:10 AM

I tried all of the other steps and still get this message for BFE startup: "Windows could not start the Base Filtering Engine service on local Computer. Error 2: The system cannot find the file specified.

Its not the main issue.It can be easily fixed.Main problem is the you may be infected and internet is not working

Firewall and bfe issues are closely connected with zero access rootkit.We need advanced tools to make sure PC is clean.

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users