Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have an infection, Not sure with what.


  • Please log in to reply
6 replies to this topic

#1 Casey_D.

Casey_D.

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 19 February 2012 - 08:46 PM

For the past few weeks I have been dealing with some kind of infection that has been redirecting me from my Google searches. I have ran spybot search & destroy with nothing being found, and also ran malwarebytes anti-malware. The malwarebtyes found 5 Trojans, removed then and restarted but I am still coming across with this redirect.

And I should point out the redirects aren't my major concern with whatever I have gotten, my major issue is that I cannot connect to my localhost or 127.0.0.1 because of whatever I have been infected with. (Just a note I am 99% certain this is the issue as I have had 2-3 different professionals take a look at my system and they are also stumped as to why it may be happening otherwise.)

Other things I have tried are resetting the host file back to factory settings to no avail. Running both the programs I used in safe mode, also not finding anything else after those 5. Also I cannot get winsock to reset after reading that may be an issue but I just come up with the missing .dll error.

At this point I am completely stumped as to what to do and was wondering if anyone had any suggestions or solutions.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:53 PM

Posted 19 February 2012 - 08:51 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 PM

Posted 19 February 2012 - 08:54 PM

Hello and welcome ... please run these amd return the logs for review and update me on how it's running.


EDIT ,I see you already have a reply.

Edited by boopme, 19 February 2012 - 08:55 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 19 February 2012 - 09:54 PM

So I should have mentioned that I do use a 64bit system so I couldn't run gmer, however here are the two other logs requested.


17:57:07.0907 1400 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
17:57:08.0640 1400 ============================================================
17:57:08.0640 1400 Current date / time: 2012/02/19 17:57:08.0640
17:57:08.0640 1400 SystemInfo:
17:57:08.0640 1400
17:57:08.0640 1400 OS Version: 6.1.7601 ServicePack: 1.0
17:57:08.0640 1400 Product type: Workstation
17:57:08.0640 1400 ComputerName: CASEY-PC
17:57:08.0640 1400 UserName: Grie
17:57:08.0640 1400 Windows directory: B:\Windows
17:57:08.0640 1400 System windows directory: B:\Windows
17:57:08.0640 1400 Running under WOW64
17:57:08.0640 1400 Processor architecture: Intel x64
17:57:08.0640 1400 Number of processors: 2
17:57:08.0640 1400 Page size: 0x1000
17:57:08.0640 1400 Boot type: Normal boot
17:57:08.0640 1400 ============================================================
17:57:10.0380 1400 Drive \Device\Harddisk3\DR3 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x9769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:57:10.0403 1400 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:10.0404 1400 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:10.0440 1400 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:10.0443 1400 \Device\Harddisk3\DR3:
17:57:10.0444 1400 MBR used
17:57:10.0444 1400 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1081F791
17:57:10.0462 1400 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x1081F80F, BlocksNum 0x126CB181
17:57:10.0462 1400 \Device\Harddisk0\DR0:
17:57:10.0462 1400 MBR used
17:57:10.0462 1400 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
17:57:10.0463 1400 \Device\Harddisk1\DR1:
17:57:10.0463 1400 MBR used
17:57:10.0463 1400 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:57:10.0463 1400 \Device\Harddisk2\DR2:
17:57:10.0463 1400 MBR used
17:57:10.0463 1400 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:57:10.0549 1400 Initialize success
17:57:10.0549 1400 ============================================================
17:57:26.0897 3924 ============================================================
17:57:26.0898 3924 Scan started
17:57:26.0898 3924 Mode: Manual; TDLFS;
17:57:26.0898 3924 ============================================================
17:57:30.0332 3924 1394ohci (a87d604aea360176311474c87a63bb88) B:\Windows\system32\drivers\1394ohci.sys
17:57:30.0366 3924 1394ohci - ok
17:57:30.0548 3924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) B:\Windows\system32\drivers\ACPI.sys
17:57:30.0550 3924 ACPI - ok
17:57:30.0710 3924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) B:\Windows\system32\drivers\acpipmi.sys
17:57:30.0724 3924 AcpiPmi - ok
17:57:31.0076 3924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) B:\Windows\system32\DRIVERS\adp94xx.sys
17:57:31.0092 3924 adp94xx - ok
17:57:31.0225 3924 adpahci (597f78224ee9224ea1a13d6350ced962) B:\Windows\system32\DRIVERS\adpahci.sys
17:57:31.0239 3924 adpahci - ok
17:57:31.0367 3924 adpu320 (e109549c90f62fb570b9540c4b148e54) B:\Windows\system32\DRIVERS\adpu320.sys
17:57:31.0371 3924 adpu320 - ok
17:57:31.0553 3924 AFD (1c7857b62de5994a75b054a9fd4c3825) B:\Windows\system32\drivers\afd.sys
17:57:31.0596 3924 AFD - ok
17:57:31.0680 3924 agp440 (608c14dba7299d8cb6ed035a68a15799) B:\Windows\system32\drivers\agp440.sys
17:57:31.0697 3924 agp440 - ok
17:57:31.0966 3924 aliide (5812713a477a3ad7363c7438ca2ee038) B:\Windows\system32\drivers\aliide.sys
17:57:31.0978 3924 aliide - ok
17:57:32.0085 3924 amdide (1ff8b4431c353ce385c875f194924c0c) B:\Windows\system32\drivers\amdide.sys
17:57:32.0087 3924 amdide - ok
17:57:32.0231 3924 AmdK8 (7024f087cff1833a806193ef9d22cda9) B:\Windows\system32\DRIVERS\amdk8.sys
17:57:32.0232 3924 AmdK8 - ok
17:57:32.0283 3924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) B:\Windows\system32\DRIVERS\amdppm.sys
17:57:32.0297 3924 AmdPPM - ok
17:57:32.0451 3924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) B:\Windows\system32\drivers\amdsata.sys
17:57:32.0455 3924 amdsata - ok
17:57:32.0553 3924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) B:\Windows\system32\DRIVERS\amdsbs.sys
17:57:32.0557 3924 amdsbs - ok
17:57:32.0726 3924 amdxata (540daf1cea6094886d72126fd7c33048) B:\Windows\system32\drivers\amdxata.sys
17:57:32.0735 3924 amdxata - ok
17:57:32.0852 3924 androidusb (81fc369485c12837de3d708b7c8fda7d) B:\Windows\system32\Drivers\androidusb.sys
17:57:32.0864 3924 androidusb - ok
17:57:33.0086 3924 AppID (89a69c3f2f319b43379399547526d952) B:\Windows\system32\drivers\appid.sys
17:57:33.0095 3924 AppID - ok
17:57:33.0357 3924 arc (c484f8ceb1717c540242531db7845c4e) B:\Windows\system32\DRIVERS\arc.sys
17:57:33.0368 3924 arc - ok
17:57:33.0489 3924 arcsas (019af6924aefe7839f61c830227fe79c) B:\Windows\system32\DRIVERS\arcsas.sys
17:57:33.0502 3924 arcsas - ok
17:57:33.0805 3924 AsyncMac (769765ce2cc62867468cea93969b2242) B:\Windows\system32\DRIVERS\asyncmac.sys
17:57:33.0806 3924 AsyncMac - ok
17:57:33.0949 3924 atapi (02062c0b390b7729edc9e69c680a6f3c) B:\Windows\system32\drivers\atapi.sys
17:57:33.0951 3924 atapi - ok
17:57:34.0251 3924 b06bdrv (3e5b191307609f7514148c6832bb0842) B:\Windows\system32\DRIVERS\bxvbda.sys
17:57:34.0277 3924 b06bdrv - ok
17:57:34.0468 3924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) B:\Windows\system32\DRIVERS\b57nd60a.sys
17:57:34.0473 3924 b57nd60a - ok
17:57:34.0554 3924 Beep (16a47ce2decc9b099349a5f840654746) B:\Windows\system32\drivers\Beep.sys
17:57:34.0563 3924 Beep - ok
17:57:34.0629 3924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) B:\Windows\system32\DRIVERS\blbdrive.sys
17:57:34.0646 3924 blbdrive - ok
17:57:34.0732 3924 bowser (6c02a83164f5cc0a262f4199f0871cf5) B:\Windows\system32\DRIVERS\bowser.sys
17:57:34.0747 3924 bowser - ok
17:57:34.0852 3924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) B:\Windows\system32\DRIVERS\BrFiltLo.sys
17:57:34.0858 3924 BrFiltLo - ok
17:57:34.0907 3924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) B:\Windows\system32\DRIVERS\BrFiltUp.sys
17:57:34.0925 3924 BrFiltUp - ok
17:57:35.0212 3924 BridgeMP (5c2f352a4e961d72518261257aae204b) B:\Windows\system32\DRIVERS\bridge.sys
17:57:35.0222 3924 BridgeMP - ok
17:57:35.0342 3924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) B:\Windows\System32\Drivers\Brserid.sys
17:57:35.0355 3924 Brserid - ok
17:57:35.0466 3924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) B:\Windows\System32\Drivers\BrSerWdm.sys
17:57:35.0474 3924 BrSerWdm - ok
17:57:35.0575 3924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) B:\Windows\System32\Drivers\BrUsbMdm.sys
17:57:35.0583 3924 BrUsbMdm - ok
17:57:35.0694 3924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) B:\Windows\System32\Drivers\BrUsbSer.sys
17:57:35.0695 3924 BrUsbSer - ok
17:57:35.0799 3924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) B:\Windows\system32\DRIVERS\bthmodem.sys
17:57:35.0806 3924 BTHMODEM - ok
17:57:35.0897 3924 cdfs (b8bd2bb284668c84865658c77574381a) B:\Windows\system32\DRIVERS\cdfs.sys
17:57:35.0906 3924 cdfs - ok
17:57:36.0093 3924 cdrom (f036ce71586e93d94dab220d7bdf4416) B:\Windows\system32\DRIVERS\cdrom.sys
17:57:36.0110 3924 cdrom - ok
17:57:36.0322 3924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) B:\Windows\system32\DRIVERS\circlass.sys
17:57:36.0336 3924 circlass - ok
17:57:36.0508 3924 CLFS (fe1ec06f2253f691fe36217c592a0206) B:\Windows\system32\CLFS.sys
17:57:36.0522 3924 CLFS - ok
17:57:36.0756 3924 CmBatt (0840155d0bddf1190f84a663c284bd33) B:\Windows\system32\DRIVERS\CmBatt.sys
17:57:36.0765 3924 CmBatt - ok
17:57:37.0023 3924 cmdide (e19d3f095812725d88f9001985b94edd) B:\Windows\system32\drivers\cmdide.sys
17:57:37.0045 3924 cmdide - ok
17:57:37.0190 3924 CNG (c4943b6c962e4b82197542447ad599f4) B:\Windows\system32\Drivers\cng.sys
17:57:37.0215 3924 CNG - ok
17:57:37.0348 3924 Compbatt (102de219c3f61415f964c88e9085ad14) B:\Windows\system32\DRIVERS\compbatt.sys
17:57:37.0356 3924 Compbatt - ok
17:57:37.0614 3924 CompositeBus (03edb043586cceba243d689bdda370a8) B:\Windows\system32\drivers\CompositeBus.sys
17:57:37.0642 3924 CompositeBus - ok
17:57:38.0168 3924 cpuz135 (76355d5eafdfa3e9b7580b9153de1f30) B:\Windows\system32\drivers\cpuz135_x64.sys
17:57:38.0170 3924 cpuz135 - ok
17:57:38.0309 3924 crcdisk (1c827878a998c18847245fe1f34ee597) B:\Windows\system32\DRIVERS\crcdisk.sys
17:57:38.0311 3924 crcdisk - ok
17:57:38.0527 3924 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) B:\Windows\system32\drivers\csc.sys
17:57:38.0543 3924 CSC - ok
17:57:38.0793 3924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) B:\Windows\system32\Drivers\dfsc.sys
17:57:38.0795 3924 DfsC - ok
17:57:38.0960 3924 discache (13096b05847ec78f0977f2c0f79e9ab3) B:\Windows\system32\drivers\discache.sys
17:57:38.0970 3924 discache - ok
17:57:39.0046 3924 Disk (9819eee8b5ea3784ec4af3b137a5244c) B:\Windows\system32\DRIVERS\disk.sys
17:57:39.0057 3924 Disk - ok
17:57:39.0167 3924 drmkaud (9b19f34400d24df84c858a421c205754) B:\Windows\system32\drivers\drmkaud.sys
17:57:39.0169 3924 drmkaud - ok
17:57:39.0307 3924 dump_wmimmc - ok
17:57:39.0600 3924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) B:\Windows\System32\drivers\dxgkrnl.sys
17:57:39.0659 3924 DXGKrnl - ok
17:57:40.0111 3924 ebdrv (dc5d737f51be844d8c82c695eb17372f) B:\Windows\system32\DRIVERS\evbda.sys
17:57:40.0191 3924 ebdrv - ok
17:57:40.0415 3924 elxstor (0e5da5369a0fcaea12456dd852545184) B:\Windows\system32\DRIVERS\elxstor.sys
17:57:40.0426 3924 elxstor - ok
17:57:40.0581 3924 ErrDev (34a3c54752046e79a126e15c51db409b) B:\Windows\system32\drivers\errdev.sys
17:57:40.0597 3924 ErrDev - ok
17:57:40.0726 3924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) B:\Windows\system32\drivers\exfat.sys
17:57:40.0752 3924 exfat - ok
17:57:41.0034 3924 fastfat (0adc83218b66a6db380c330836f3e36d) B:\Windows\system32\drivers\fastfat.sys
17:57:41.0044 3924 fastfat - ok
17:57:41.0208 3924 fdc (d765d19cd8ef61f650c384f62fac00ab) B:\Windows\system32\DRIVERS\fdc.sys
17:57:41.0218 3924 fdc - ok
17:57:41.0297 3924 FileInfo (655661be46b5f5f3fd454e2c3095b930) B:\Windows\system32\drivers\fileinfo.sys
17:57:41.0299 3924 FileInfo - ok
17:57:41.0377 3924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) B:\Windows\system32\drivers\filetrace.sys
17:57:41.0389 3924 Filetrace - ok
17:57:41.0529 3924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) B:\Windows\system32\DRIVERS\flpydisk.sys
17:57:41.0540 3924 flpydisk - ok
17:57:41.0628 3924 FltMgr (da6b67270fd9db3697b20fce94950741) B:\Windows\system32\drivers\fltmgr.sys
17:57:41.0653 3924 FltMgr - ok
17:57:41.0758 3924 FsDepends (d43703496149971890703b4b1b723eac) B:\Windows\system32\drivers\FsDepends.sys
17:57:41.0767 3924 FsDepends - ok
17:57:41.0808 3924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) B:\Windows\system32\drivers\Fs_Rec.sys
17:57:41.0809 3924 Fs_Rec - ok
17:57:41.0915 3924 fvevol (1f7b25b858fa27015169fe95e54108ed) B:\Windows\system32\DRIVERS\fvevol.sys
17:57:41.0941 3924 fvevol - ok
17:57:42.0090 3924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) B:\Windows\system32\DRIVERS\gagp30kx.sys
17:57:42.0105 3924 gagp30kx - ok
17:57:42.0374 3924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) B:\Windows\system32\drivers\hcw85cir.sys
17:57:42.0388 3924 hcw85cir - ok
17:57:42.0545 3924 HdAudAddService (975761c778e33cd22498059b91e7373a) B:\Windows\system32\drivers\HdAudio.sys
17:57:42.0562 3924 HdAudAddService - ok
17:57:42.0816 3924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) B:\Windows\system32\drivers\HDAudBus.sys
17:57:42.0817 3924 HDAudBus - ok
17:57:43.0016 3924 HidBatt (78e86380454a7b10a5eb255dc44a355f) B:\Windows\system32\DRIVERS\HidBatt.sys
17:57:43.0019 3924 HidBatt - ok
17:57:43.0150 3924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) B:\Windows\system32\DRIVERS\hidbth.sys
17:57:43.0163 3924 HidBth - ok
17:57:43.0287 3924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) B:\Windows\system32\DRIVERS\hidir.sys
17:57:43.0294 3924 HidIr - ok
17:57:43.0568 3924 HidUsb (9592090a7e2b61cd582b612b6df70536) B:\Windows\system32\DRIVERS\hidusb.sys
17:57:43.0576 3924 HidUsb - ok
17:57:43.0802 3924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) B:\Windows\system32\drivers\HpSAMD.sys
17:57:43.0811 3924 HpSAMD - ok
17:57:44.0142 3924 HTCAND64 (81fc369485c12837de3d708b7c8fda7d) B:\Windows\system32\Drivers\ANDROIDUSB.sys
17:57:44.0142 3924 HTCAND64 - ok
17:57:44.0417 3924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) B:\Windows\system32\drivers\HTTP.sys
17:57:44.0444 3924 HTTP - ok
17:57:44.0632 3924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) B:\Windows\system32\drivers\hwpolicy.sys
17:57:44.0641 3924 hwpolicy - ok
17:57:44.0866 3924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) B:\Windows\system32\drivers\i8042prt.sys
17:57:44.0874 3924 i8042prt - ok
17:57:45.0783 3924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) B:\Windows\system32\drivers\iaStorV.sys
17:57:45.0805 3924 iaStorV - ok
17:57:46.0027 3924 iirsp (5c18831c61933628f5bb0ea2675b9d21) B:\Windows\system32\DRIVERS\iirsp.sys
17:57:46.0039 3924 iirsp - ok
17:57:46.0286 3924 intelide (f00f20e70c6ec3aa366910083a0518aa) B:\Windows\system32\drivers\intelide.sys
17:57:46.0294 3924 intelide - ok
17:57:46.0449 3924 intelppm (ada036632c664caa754079041cf1f8c1) B:\Windows\system32\DRIVERS\intelppm.sys
17:57:46.0461 3924 intelppm - ok
17:57:46.0635 3924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) B:\Windows\system32\DRIVERS\ipfltdrv.sys
17:57:46.0646 3924 IpFilterDriver - ok
17:57:47.0071 3924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) B:\Windows\system32\drivers\IPMIDrv.sys
17:57:47.0078 3924 IPMIDRV - ok
17:57:47.0323 3924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) B:\Windows\system32\drivers\ipnat.sys
17:57:47.0336 3924 IPNAT - ok
17:57:47.0461 3924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) B:\Windows\system32\drivers\irenum.sys
17:57:47.0474 3924 IRENUM - ok
17:57:47.0549 3924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) B:\Windows\system32\drivers\isapnp.sys
17:57:47.0550 3924 isapnp - ok
17:57:47.0634 3924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) B:\Windows\system32\drivers\msiscsi.sys
17:57:47.0685 3924 iScsiPrt - ok
17:57:47.0789 3924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) B:\Windows\system32\DRIVERS\kbdclass.sys
17:57:47.0805 3924 kbdclass - ok
17:57:47.0899 3924 kbdhid (0705eff5b42a9db58548eec3b26bb484) B:\Windows\system32\DRIVERS\kbdhid.sys
17:57:47.0906 3924 kbdhid - ok
17:57:48.0346 3924 KSecDD (da1e991a61cfdd755a589e206b97644b) B:\Windows\system32\Drivers\ksecdd.sys
17:57:48.0366 3924 KSecDD - ok
17:57:48.0508 3924 KSecPkg (7e33198d956943a4f11a5474c1e9106f) B:\Windows\system32\Drivers\ksecpkg.sys
17:57:48.0520 3924 KSecPkg - ok
17:57:48.0740 3924 ksthunk (6869281e78cb31a43e969f06b57347c4) B:\Windows\system32\drivers\ksthunk.sys
17:57:48.0748 3924 ksthunk - ok
17:57:49.0031 3924 libusb0 (bd3b46fe838b468254415c5f95008b4f) B:\Windows\system32\drivers\libusb0.sys
17:57:49.0041 3924 libusb0 - ok
17:57:49.0419 3924 lltdio (1538831cf8ad2979a04c423779465827) B:\Windows\system32\DRIVERS\lltdio.sys
17:57:49.0433 3924 lltdio - ok
17:57:49.0767 3924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) B:\Windows\system32\DRIVERS\lsi_fc.sys
17:57:49.0779 3924 LSI_FC - ok
17:57:49.0852 3924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) B:\Windows\system32\DRIVERS\lsi_sas.sys
17:57:49.0864 3924 LSI_SAS - ok
17:57:49.0963 3924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) B:\Windows\system32\DRIVERS\lsi_sas2.sys
17:57:49.0974 3924 LSI_SAS2 - ok
17:57:50.0131 3924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) B:\Windows\system32\DRIVERS\lsi_scsi.sys
17:57:50.0145 3924 LSI_SCSI - ok
17:57:50.0307 3924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) B:\Windows\system32\drivers\luafv.sys
17:57:50.0322 3924 luafv - ok
17:57:50.0452 3924 megasas (a55805f747c6edb6a9080d7c633bd0f4) B:\Windows\system32\DRIVERS\megasas.sys
17:57:50.0462 3924 megasas - ok
17:57:50.0627 3924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) B:\Windows\system32\DRIVERS\MegaSR.sys
17:57:50.0636 3924 MegaSR - ok
17:57:50.0815 3924 Modem (800ba92f7010378b09f9ed9270f07137) B:\Windows\system32\drivers\modem.sys
17:57:50.0825 3924 Modem - ok
17:57:51.0064 3924 monitor (b03d591dc7da45ece20b3b467e6aadaa) B:\Windows\system32\DRIVERS\monitor.sys
17:57:51.0065 3924 monitor - ok
17:57:51.0228 3924 MotioninJoyXFilter (cda14c7b99ec3ff2b4128b9356b83f5c) B:\Windows\system32\DRIVERS\MijXfilt.sys
17:57:51.0239 3924 MotioninJoyXFilter - ok
17:57:51.0299 3924 mouclass (7d27ea49f3c1f687d357e77a470aea99) B:\Windows\system32\DRIVERS\mouclass.sys
17:57:51.0311 3924 mouclass - ok
17:57:51.0402 3924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) B:\Windows\system32\DRIVERS\mouhid.sys
17:57:51.0403 3924 mouhid - ok
17:57:51.0478 3924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) B:\Windows\system32\drivers\mountmgr.sys
17:57:51.0490 3924 mountmgr - ok
17:57:51.0569 3924 mpio (a44b420d30bd56e145d6a2bc8768ec58) B:\Windows\system32\drivers\mpio.sys
17:57:51.0587 3924 mpio - ok
17:57:51.0687 3924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) B:\Windows\system32\drivers\mpsdrv.sys
17:57:51.0702 3924 mpsdrv - ok
17:57:51.0789 3924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) B:\Windows\system32\drivers\mrxdav.sys
17:57:51.0792 3924 MRxDAV - ok
17:57:51.0895 3924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) B:\Windows\system32\DRIVERS\mrxsmb.sys
17:57:51.0912 3924 mrxsmb - ok
17:57:52.0017 3924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) B:\Windows\system32\DRIVERS\mrxsmb10.sys
17:57:52.0032 3924 mrxsmb10 - ok
17:57:52.0112 3924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) B:\Windows\system32\DRIVERS\mrxsmb20.sys
17:57:52.0127 3924 mrxsmb20 - ok
17:57:52.0251 3924 msahci (c25f0bafa182cbca2dd3c851c2e75796) B:\Windows\system32\drivers\msahci.sys
17:57:52.0252 3924 msahci - ok
17:57:52.0329 3924 msdsm (db801a638d011b9633829eb6f663c900) B:\Windows\system32\drivers\msdsm.sys
17:57:52.0333 3924 msdsm - ok
17:57:52.0410 3924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) B:\Windows\system32\drivers\Msfs.sys
17:57:52.0420 3924 Msfs - ok
17:57:52.0460 3924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) B:\Windows\System32\drivers\mshidkmdf.sys
17:57:52.0461 3924 mshidkmdf - ok
17:57:52.0525 3924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) B:\Windows\system32\drivers\msisadrv.sys
17:57:52.0537 3924 msisadrv - ok
17:57:52.0768 3924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) B:\Windows\system32\drivers\MSKSSRV.sys
17:57:52.0773 3924 MSKSSRV - ok
17:57:53.0039 3924 msloop (103b3bbe23ab774b009d182276ec6786) B:\Windows\system32\DRIVERS\loop.sys
17:57:53.0062 3924 msloop - ok
17:57:53.0218 3924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) B:\Windows\system32\drivers\MSPCLOCK.sys
17:57:53.0228 3924 MSPCLOCK - ok
17:57:53.0369 3924 MSPQM (4ed981241db27c3383d72092b618a1d0) B:\Windows\system32\drivers\MSPQM.sys
17:57:53.0381 3924 MSPQM - ok
17:57:53.0578 3924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) B:\Windows\system32\drivers\MsRPC.sys
17:57:53.0604 3924 MsRPC - ok
17:57:53.0897 3924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) B:\Windows\system32\drivers\mssmbios.sys
17:57:53.0898 3924 mssmbios - ok
17:57:54.0100 3924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) B:\Windows\system32\drivers\MSTEE.sys
17:57:54.0108 3924 MSTEE - ok
17:57:54.0303 3924 MTConfig (7ea404308934e675bffde8edf0757bcd) B:\Windows\system32\DRIVERS\MTConfig.sys
17:57:54.0310 3924 MTConfig - ok
17:57:54.0476 3924 Mup (f9a18612fd3526fe473c1bda678d61c8) B:\Windows\system32\Drivers\mup.sys
17:57:54.0487 3924 Mup - ok
17:57:54.0734 3924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) B:\Windows\system32\DRIVERS\nwifi.sys
17:57:54.0750 3924 NativeWifiP - ok
17:57:55.0197 3924 NDIS (79b47fd40d9a817e932f9d26fac0a81c) B:\Windows\system32\drivers\ndis.sys
17:57:55.0236 3924 NDIS - ok
17:57:55.0537 3924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) B:\Windows\system32\DRIVERS\ndiscap.sys
17:57:55.0548 3924 NdisCap - ok
17:57:55.0816 3924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) B:\Windows\system32\DRIVERS\ndistapi.sys
17:57:55.0911 3924 NdisTapi - ok
17:57:56.0183 3924 Ndisuio (136185f9fb2cc61e573e676aa5402356) B:\Windows\system32\DRIVERS\ndisuio.sys
17:57:56.0190 3924 Ndisuio - ok
17:57:56.0442 3924 NdisWan (53f7305169863f0a2bddc49e116c2e11) B:\Windows\system32\DRIVERS\ndiswan.sys
17:57:56.0451 3924 NdisWan - ok
17:57:56.0646 3924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) B:\Windows\system32\drivers\NDProxy.sys
17:57:56.0678 3924 NDProxy - ok
17:57:57.0320 3924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) B:\Windows\system32\DRIVERS\netbios.sys
17:57:57.0358 3924 NetBIOS - ok
17:57:57.0749 3924 NetBT (09594d1089c523423b32a4229263f068) B:\Windows\system32\DRIVERS\netbt.sys
17:57:57.0768 3924 NetBT - ok
17:57:58.0071 3924 nfrd960 (77889813be4d166cdab78ddba990da92) B:\Windows\system32\DRIVERS\nfrd960.sys
17:57:58.0073 3924 nfrd960 - ok
17:57:58.0243 3924 NPF (3ceee0be85d24d911b9c02714817774c) B:\Windows\system32\drivers\npf.sys
17:57:58.0244 3924 NPF - ok
17:57:58.0293 3924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) B:\Windows\system32\drivers\Npfs.sys
17:57:58.0295 3924 Npfs - ok
17:57:58.0377 3924 NPPTNT2 - ok
17:57:58.0723 3924 nsiproxy (e7f5ae18af4168178a642a9247c63001) B:\Windows\system32\drivers\nsiproxy.sys
17:57:58.0737 3924 nsiproxy - ok
17:57:59.0267 3924 Ntfs (a2f74975097f52a00745f9637451fdd8) B:\Windows\system32\drivers\Ntfs.sys
17:57:59.0328 3924 Ntfs - ok
17:57:59.0540 3924 Null (9899284589f75fa8724ff3d16aed75c1) B:\Windows\system32\drivers\Null.sys
17:57:59.0551 3924 Null - ok
17:58:02.0292 3924 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) B:\Windows\system32\DRIVERS\nvlddmkm.sys
17:58:02.0584 3924 nvlddmkm - ok
17:58:03.0191 3924 nvraid (0a92cb65770442ed0dc44834632f66ad) B:\Windows\system32\drivers\nvraid.sys
17:58:03.0217 3924 nvraid - ok
17:58:03.0467 3924 nvstor (dab0e87525c10052bf65f06152f37e4a) B:\Windows\system32\drivers\nvstor.sys
17:58:03.0477 3924 nvstor - ok
17:58:03.0876 3924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) B:\Windows\system32\drivers\nv_agp.sys
17:58:03.0889 3924 nv_agp - ok
17:58:04.0212 3924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) B:\Windows\system32\drivers\ohci1394.sys
17:58:04.0221 3924 ohci1394 - ok
17:58:04.0813 3924 Parport (0086431c29c35be1dbc43f52cc273887) B:\Windows\system32\DRIVERS\parport.sys
17:58:04.0822 3924 Parport - ok
17:58:05.0125 3924 partmgr (871eadac56b0a4c6512bbe32753ccf79) B:\Windows\system32\drivers\partmgr.sys
17:58:05.0134 3924 partmgr - ok
17:58:05.0490 3924 pci (94575c0571d1462a0f70bde6bd6ee6b3) B:\Windows\system32\drivers\pci.sys
17:58:05.0516 3924 pci - ok
17:58:05.0849 3924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) B:\Windows\system32\drivers\pciide.sys
17:58:05.0858 3924 pciide - ok
17:58:06.0205 3924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) B:\Windows\system32\DRIVERS\pcmcia.sys
17:58:06.0226 3924 pcmcia - ok
17:58:06.0552 3924 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) B:\Windows\system32\Drivers\pcouffin.sys
17:58:06.0574 3924 pcouffin - ok
17:58:06.0938 3924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) B:\Windows\system32\drivers\pcw.sys
17:58:06.0952 3924 pcw - ok
17:58:07.0328 3924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) B:\Windows\system32\drivers\peauth.sys
17:58:07.0363 3924 PEAUTH - ok
17:58:07.0679 3924 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) B:\Windows\system32\DRIVERS\pnetmdm64.sys
17:58:07.0681 3924 pnetmdm - ok
17:58:08.0011 3924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) B:\Windows\system32\DRIVERS\raspptp.sys
17:58:08.0016 3924 PptpMiniport - ok
17:58:08.0315 3924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) B:\Windows\system32\DRIVERS\processr.sys
17:58:08.0328 3924 Processor - ok
17:58:08.0604 3924 Psched (0557cf5a2556bd58e26384169d72438d) B:\Windows\system32\DRIVERS\pacer.sys
17:58:08.0610 3924 Psched - ok
17:58:08.0981 3924 PsSdk41 (86154f3a156fa2a5429c2940c69f426f) B:\Windows\system32\Drivers\pssdk41.sys
17:58:09.0001 3924 PsSdk41 - ok
17:58:09.0386 3924 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) B:\Windows\system32\Drivers\PxHlpa64.sys
17:58:09.0397 3924 PxHlpa64 - ok
17:58:10.0009 3924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) B:\Windows\system32\DRIVERS\ql2300.sys
17:58:10.0059 3924 ql2300 - ok
17:58:10.0367 3924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) B:\Windows\system32\DRIVERS\ql40xx.sys
17:58:10.0388 3924 ql40xx - ok
17:58:10.0591 3924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) B:\Windows\system32\drivers\qwavedrv.sys
17:58:10.0605 3924 QWAVEdrv - ok
17:58:10.0948 3924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) B:\Windows\system32\DRIVERS\rasacd.sys
17:58:10.0962 3924 RasAcd - ok
17:58:11.0320 3924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) B:\Windows\system32\DRIVERS\AgileVpn.sys
17:58:11.0334 3924 RasAgileVpn - ok
17:58:11.0633 3924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) B:\Windows\system32\DRIVERS\rasl2tp.sys
17:58:11.0643 3924 Rasl2tp - ok
17:58:11.0930 3924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) B:\Windows\system32\DRIVERS\raspppoe.sys
17:58:11.0949 3924 RasPppoe - ok
17:58:12.0245 3924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) B:\Windows\system32\DRIVERS\rassstp.sys
17:58:12.0257 3924 RasSstp - ok
17:58:12.0580 3924 rdbss (77f665941019a1594d887a74f301fa2f) B:\Windows\system32\DRIVERS\rdbss.sys
17:58:12.0614 3924 rdbss - ok
17:58:12.0930 3924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) B:\Windows\system32\DRIVERS\rdpbus.sys
17:58:12.0940 3924 rdpbus - ok
17:58:13.0270 3924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) B:\Windows\system32\DRIVERS\RDPCDD.sys
17:58:13.0287 3924 RDPCDD - ok
17:58:13.0572 3924 RDPDR (1b6163c503398b23ff8b939c67747683) B:\Windows\system32\drivers\rdpdr.sys
17:58:13.0593 3924 RDPDR - ok
17:58:13.0919 3924 RDPENCDD (bb5971a4f00659529a5c44831af22365) B:\Windows\system32\drivers\rdpencdd.sys
17:58:13.0930 3924 RDPENCDD - ok
17:58:14.0110 3924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) B:\Windows\system32\drivers\rdprefmp.sys
17:58:14.0119 3924 RDPREFMP - ok
17:58:14.0486 3924 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) B:\Windows\system32\drivers\rdpvideominiport.sys
17:58:14.0488 3924 RdpVideoMiniport - ok
17:58:14.0832 3924 RDPWD (15b66c206b5cb095bab980553f38ed23) B:\Windows\system32\drivers\RDPWD.sys
17:58:14.0865 3924 RDPWD - ok
17:58:15.0315 3924 rdyboost (34ed295fa0121c241bfef24764fc4520) B:\Windows\system32\drivers\rdyboost.sys
17:58:15.0332 3924 rdyboost - ok
17:58:15.0607 3924 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) B:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
17:58:15.0621 3924 RivaTuner64 - ok
17:58:15.0953 3924 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) B:\Windows\system32\Drivers\RootMdm.sys
17:58:15.0965 3924 ROOTMODEM - ok
17:58:16.0295 3924 rspndr (ddc86e4f8e7456261e637e3552e804ff) B:\Windows\system32\DRIVERS\rspndr.sys
17:58:16.0308 3924 rspndr - ok
17:58:16.0579 3924 RTL8167 (3372196f61af48503656ef6aa3e92d1b) B:\Windows\system32\DRIVERS\Rt64win7.sys
17:58:16.0594 3924 RTL8167 - ok
17:58:16.0810 3924 s3cap (e60c0a09f997826c7627b244195ab581) B:\Windows\system32\drivers\vms3cap.sys
17:58:16.0811 3924 s3cap - ok
17:58:16.0958 3924 sbp2port (ac03af3329579fffb455aa2daabbe22b) B:\Windows\system32\drivers\sbp2port.sys
17:58:16.0967 3924 sbp2port - ok
17:58:17.0339 3924 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) B:\Windows\system32\drivers\SCDEmu.sys
17:58:17.0360 3924 SCDEmu - ok
17:58:17.0603 3924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) B:\Windows\system32\DRIVERS\scfilter.sys
17:58:17.0623 3924 scfilter - ok
17:58:17.0845 3924 secdrv (3ea8a16169c26afbeb544e0e48421186) B:\Windows\system32\drivers\secdrv.sys
17:58:17.0848 3924 secdrv - ok
17:58:17.0982 3924 Serenum (cb624c0035412af0debec78c41f5ca1b) B:\Windows\system32\DRIVERS\serenum.sys
17:58:17.0999 3924 Serenum - ok
17:58:18.0207 3924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) B:\Windows\system32\DRIVERS\serial.sys
17:58:18.0217 3924 Serial - ok
17:58:18.0389 3924 sermouse (1c545a7d0691cc4a027396535691c3e3) B:\Windows\system32\DRIVERS\sermouse.sys
17:58:18.0413 3924 sermouse - ok
17:58:18.0584 3924 sffdisk (a554811bcd09279536440c964ae35bbf) B:\Windows\system32\drivers\sffdisk.sys
17:58:18.0595 3924 sffdisk - ok
17:58:18.0820 3924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) B:\Windows\system32\drivers\sffp_mmc.sys
17:58:18.0843 3924 sffp_mmc - ok
17:58:19.0003 3924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) B:\Windows\system32\drivers\sffp_sd.sys
17:58:19.0012 3924 sffp_sd - ok
17:58:19.0172 3924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) B:\Windows\system32\DRIVERS\sfloppy.sys
17:58:19.0183 3924 sfloppy - ok
17:58:19.0511 3924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) B:\Windows\system32\DRIVERS\SiSRaid2.sys
17:58:19.0527 3924 SiSRaid2 - ok
17:58:19.0727 3924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) B:\Windows\system32\DRIVERS\sisraid4.sys
17:58:19.0740 3924 SiSRaid4 - ok
17:58:20.0082 3924 skfiltv (01acb9228c303de1fff82b807d28b2b0) B:\Windows\system32\drivers\skfiltv.sys
17:58:20.0094 3924 skfiltv - ok
17:58:20.0390 3924 Smb (548260a7b8654e024dc30bf8a7c5baa4) B:\Windows\system32\DRIVERS\smb.sys
17:58:20.0399 3924 Smb - ok
17:58:20.0444 3924 speedfan - ok
17:58:20.0742 3924 spldr (b9e31e5cacdfe584f34f730a677803f9) B:\Windows\system32\drivers\spldr.sys
17:58:20.0764 3924 spldr - ok
17:58:21.0147 3924 srv (441fba48bff01fdb9d5969ebc1838f0b) B:\Windows\system32\DRIVERS\srv.sys
17:58:21.0214 3924 srv - ok
17:58:21.0540 3924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) B:\Windows\system32\DRIVERS\srv2.sys
17:58:21.0564 3924 srv2 - ok
17:58:21.0910 3924 srvnet (27e461f0be5bff5fc737328f749538c3) B:\Windows\system32\DRIVERS\srvnet.sys
17:58:21.0923 3924 srvnet - ok
17:58:22.0229 3924 stexstor (f3817967ed533d08327dc73bc4d5542a) B:\Windows\system32\DRIVERS\stexstor.sys
17:58:22.0254 3924 stexstor - ok
17:58:22.0561 3924 storflt (7785dc213270d2fc066538daf94087e7) B:\Windows\system32\drivers\vmstorfl.sys
17:58:22.0588 3924 storflt - ok
17:58:22.0838 3924 storvsc (d34e4943d5ac096c8edeebfd80d76e23) B:\Windows\system32\drivers\storvsc.sys
17:58:22.0856 3924 storvsc - ok
17:58:23.0066 3924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) B:\Windows\system32\drivers\swenum.sys
17:58:23.0076 3924 swenum - ok
17:58:23.0436 3924 Synth3dVsc - ok
17:58:23.0650 3924 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) B:\Windows\system32\DRIVERS\tap0901.sys
17:58:23.0680 3924 tap0901 - ok
17:58:24.0267 3924 Tcpip (fc62769e7bff2896035aeed399108162) B:\Windows\system32\drivers\tcpip.sys
17:58:24.0280 3924 Tcpip - ok
17:58:24.0972 3924 TCPIP6 (fc62769e7bff2896035aeed399108162) B:\Windows\system32\DRIVERS\tcpip.sys
17:58:24.0985 3924 TCPIP6 - ok
17:58:25.0267 3924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) B:\Windows\system32\drivers\tcpipreg.sys
17:58:25.0289 3924 tcpipreg - ok
17:58:25.0510 3924 TDPIPE (3371d21011695b16333a3934340c4e7c) B:\Windows\system32\drivers\tdpipe.sys
17:58:25.0518 3924 TDPIPE - ok
17:58:25.0692 3924 TDTCP (e4245bda3190a582d55ed09e137401a9) B:\Windows\system32\drivers\tdtcp.sys
17:58:25.0695 3924 TDTCP - ok
17:58:25.0921 3924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) B:\Windows\system32\DRIVERS\tdx.sys
17:58:25.0944 3924 tdx - ok
17:58:26.0171 3924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) B:\Windows\system32\drivers\termdd.sys
17:58:26.0201 3924 TermDD - ok
17:58:26.0478 3924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) B:\Windows\system32\DRIVERS\tssecsrv.sys
17:58:26.0488 3924 tssecsrv - ok
17:58:26.0805 3924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) B:\Windows\system32\drivers\tsusbflt.sys
17:58:26.0829 3924 TsUsbFlt - ok
17:58:27.0039 3924 tsusbhub - ok
17:58:27.0355 3924 tunnel (3566a8daafa27af944f5d705eaa64894) B:\Windows\system32\DRIVERS\tunnel.sys
17:58:27.0378 3924 tunnel - ok
17:58:27.0596 3924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) B:\Windows\system32\DRIVERS\uagp35.sys
17:58:27.0725 3924 uagp35 - ok
17:58:27.0840 3924 udfs (ff4232a1a64012baa1fd97c7b67df593) B:\Windows\system32\DRIVERS\udfs.sys
17:58:27.0847 3924 udfs - ok
17:58:27.0930 3924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) B:\Windows\system32\drivers\uliagpkx.sys
17:58:27.0945 3924 uliagpkx - ok
17:58:28.0060 3924 umbus (dc54a574663a895c8763af0fa1ff7561) B:\Windows\system32\drivers\umbus.sys
17:58:28.0070 3924 umbus - ok
17:58:28.0178 3924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) B:\Windows\system32\DRIVERS\umpass.sys
17:58:28.0188 3924 UmPass - ok
17:58:28.0275 3924 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) B:\Windows\system32\Drivers\usbaapl64.sys
17:58:28.0285 3924 USBAAPL64 - ok
17:58:28.0386 3924 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) B:\Windows\system32\drivers\usbaudio.sys
17:58:28.0394 3924 usbaudio - ok
17:58:28.0452 3924 usbccgp (6f1a3157a1c89435352ceb543cdb359c) B:\Windows\system32\DRIVERS\usbccgp.sys
17:58:28.0464 3924 usbccgp - ok
17:58:28.0527 3924 usbcir (af0892a803fdda7492f595368e3b68e7) B:\Windows\system32\drivers\usbcir.sys
17:58:28.0537 3924 usbcir - ok
17:58:28.0797 3924 usbehci (c025055fe7b87701eb042095df1a2d7b) B:\Windows\system32\DRIVERS\usbehci.sys
17:58:28.0811 3924 usbehci - ok
17:58:28.0876 3924 usbhub (287c6c9410b111b68b52ca298f7b8c24) B:\Windows\system32\DRIVERS\usbhub.sys
17:58:28.0895 3924 usbhub - ok
17:58:28.0974 3924 usbohci (9840fc418b4cbd632d3d0a667a725c31) B:\Windows\system32\DRIVERS\usbohci.sys
17:58:28.0976 3924 usbohci - ok
17:58:29.0061 3924 usbprint (73188f58fb384e75c4063d29413cee3d) B:\Windows\system32\DRIVERS\usbprint.sys
17:58:29.0062 3924 usbprint - ok
17:58:29.0096 3924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) B:\Windows\system32\DRIVERS\USBSTOR.SYS
17:58:29.0119 3924 USBSTOR - ok
17:58:29.0246 3924 usbuhci (81fb2216d3a60d1284455d511797db3d) B:\Windows\system32\DRIVERS\usbuhci.sys
17:58:29.0256 3924 usbuhci - ok
17:58:29.0336 3924 usb_rndisx (70d05ee263568a742d14e1876df80532) B:\Windows\system32\DRIVERS\usb8023x.sys
17:58:29.0337 3924 usb_rndisx - ok
17:58:29.0447 3924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) B:\Windows\system32\drivers\vdrvroot.sys
17:58:29.0461 3924 vdrvroot - ok
17:58:29.0560 3924 vga (da4da3f5e02943c2dc8c6ed875de68dd) B:\Windows\system32\DRIVERS\vgapnp.sys
17:58:29.0571 3924 vga - ok
17:58:29.0620 3924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) B:\Windows\System32\drivers\vga.sys
17:58:29.0632 3924 VgaSave - ok
17:58:29.0700 3924 VGPU - ok
17:58:29.0823 3924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) B:\Windows\system32\drivers\vhdmp.sys
17:58:29.0834 3924 vhdmp - ok
17:58:29.0898 3924 viaide (e5689d93ffe4e5d66c0178761240dd54) B:\Windows\system32\drivers\viaide.sys
17:58:29.0906 3924 viaide - ok
17:58:29.0993 3924 vmbus (86ea3e79ae350fea5331a1303054005f) B:\Windows\system32\drivers\vmbus.sys
17:58:29.0997 3924 vmbus - ok
17:58:30.0044 3924 VMBusHID (7de90b48f210d29649380545db45a187) B:\Windows\system32\drivers\VMBusHID.sys
17:58:30.0049 3924 VMBusHID - ok
17:58:30.0103 3924 volmgr (d2aafd421940f640b407aefaaebd91b0) B:\Windows\system32\drivers\volmgr.sys
17:58:30.0120 3924 volmgr - ok
17:58:30.0261 3924 volmgrx (a255814907c89be58b79ef2f189b843b) B:\Windows\system32\drivers\volmgrx.sys
17:58:30.0275 3924 volmgrx - ok
17:58:30.0399 3924 volsnap (0d08d2f3b3ff84e433346669b5e0f639) B:\Windows\system32\drivers\volsnap.sys
17:58:30.0408 3924 volsnap - ok
17:58:30.0489 3924 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) B:\Windows\system32\DRIVERS\vpchbus.sys
17:58:30.0514 3924 vpcbus - ok
17:58:30.0554 3924 vpcnfltr (e675fb2b48c54f09895482e2253b289c) B:\Windows\system32\DRIVERS\vpcnfltr.sys
17:58:30.0556 3924 vpcnfltr - ok
17:58:30.0577 3924 vpcusb (5fb42082b0d19a0268705f1dd343df20) B:\Windows\system32\DRIVERS\vpcusb.sys
17:58:30.0580 3924 vpcusb - ok
17:58:30.0668 3924 vpcvmm (207b6539799cc1c112661a9b620dd233) B:\Windows\system32\drivers\vpcvmm.sys
17:58:30.0701 3924 vpcvmm - ok
17:58:30.0789 3924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) B:\Windows\system32\DRIVERS\vsmraid.sys
17:58:30.0793 3924 vsmraid - ok
17:58:30.0833 3924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) B:\Windows\System32\drivers\vwifibus.sys
17:58:30.0834 3924 vwifibus - ok
17:58:30.0936 3924 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) B:\Windows\system32\DRIVERS\wacmoumonitor.sys
17:58:30.0946 3924 wacmoumonitor - ok
17:58:31.0001 3924 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) B:\Windows\system32\DRIVERS\wacommousefilter.sys
17:58:31.0017 3924 wacommousefilter - ok
17:58:31.0072 3924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) B:\Windows\system32\DRIVERS\wacompen.sys
17:58:31.0073 3924 WacomPen - ok
17:58:31.0154 3924 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) B:\Windows\system32\DRIVERS\wacomvhid.sys
17:58:31.0156 3924 wacomvhid - ok
17:58:31.0539 3924 WANARP (356afd78a6ed4457169241ac3965230c) B:\Windows\system32\DRIVERS\wanarp.sys
17:58:31.0553 3924 WANARP - ok
17:58:31.0559 3924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) B:\Windows\system32\DRIVERS\wanarp.sys
17:58:31.0560 3924 Wanarpv6 - ok
17:58:31.0754 3924 Wd (72889e16ff12ba0f235467d6091b17dc) B:\Windows\system32\DRIVERS\wd.sys
17:58:31.0763 3924 Wd - ok
17:58:31.0855 3924 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) B:\Windows\system32\DRIVERS\wdcsam64.sys
17:58:31.0866 3924 WDC_SAM - ok
17:58:31.0967 3924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) B:\Windows\system32\drivers\Wdf01000.sys
17:58:31.0985 3924 Wdf01000 - ok
17:58:32.0203 3924 WfpLwf (611b23304bf067451a9fdee01fbdd725) B:\Windows\system32\DRIVERS\wfplwf.sys
17:58:32.0216 3924 WfpLwf - ok
17:58:32.0303 3924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) B:\Windows\system32\drivers\wimmount.sys
17:58:32.0315 3924 WIMMount - ok
17:58:32.0766 3924 WinUSB (fe88b288356e7b47b74b13372add906d) B:\Windows\system32\DRIVERS\WinUSB.sys
17:58:32.0768 3924 WinUSB - ok
17:58:32.0979 3924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) B:\Windows\system32\drivers\wmiacpi.sys
17:58:32.0989 3924 WmiAcpi - ok
17:58:33.0106 3924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) B:\Windows\system32\drivers\ws2ifsl.sys
17:58:33.0116 3924 ws2ifsl - ok
17:58:33.0487 3924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) B:\Windows\system32\drivers\WudfPf.sys
17:58:33.0501 3924 WudfPf - ok
17:58:33.0825 3924 WUDFRd (cf8d590be3373029d57af80914190682) B:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:33.0839 3924 WUDFRd - ok
17:58:34.0016 3924 X6va003 - ok
17:58:34.0119 3924 X6va005 - ok
17:58:34.0433 3924 xusb21 (9176c0822faa649e45121875be32f5d2) B:\Windows\system32\DRIVERS\xusb21.sys
17:58:34.0437 3924 xusb21 - ok
17:58:34.0487 3924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
17:58:35.0152 3924 \Device\Harddisk3\DR3 - ok
17:58:35.0169 3924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:58:35.0232 3924 \Device\Harddisk0\DR0 - ok
17:58:35.0236 3924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:58:35.0307 3924 \Device\Harddisk1\DR1 - ok
17:58:35.0311 3924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
17:58:35.0726 3924 \Device\Harddisk2\DR2 - ok
17:58:35.0760 3924 Boot (0x1200) (090f5d50ef01eeaeb8f731e80fc5e747) \Device\Harddisk3\DR3\Partition0
17:58:35.0760 3924 \Device\Harddisk3\DR3\Partition0 - ok
17:58:35.0784 3924 Boot (0x1200) (6bacabb39dc2a01f34358a4fb6c1cd0a) \Device\Harddisk3\DR3\Partition1
17:58:35.0785 3924 \Device\Harddisk3\DR3\Partition1 - ok
17:58:35.0789 3924 Boot (0x1200) (8d1acab2705afd31e3129d225d508608) \Device\Harddisk0\DR0\Partition0
17:58:35.0790 3924 \Device\Harddisk0\DR0\Partition0 - ok
17:58:35.0797 3924 Boot (0x1200) (91f4f2cbeb72ceda59953fff6d3f57da) \Device\Harddisk1\DR1\Partition0
17:58:35.0798 3924 \Device\Harddisk1\DR1\Partition0 - ok
17:58:35.0805 3924 Boot (0x1200) (5fad27bcf507cdd67a79c2dccfe5f655) \Device\Harddisk2\DR2\Partition0
17:58:35.0806 3924 \Device\Harddisk2\DR2\Partition0 - ok
17:58:35.0808 3924 ============================================================
17:58:35.0808 3924 Scan finished
17:58:35.0808 3924 ============================================================
17:58:35.0829 1584 Detected object count: 0
17:58:35.0829 1584 Actual detected object count: 0
18:05:38.0572 4980 Deinitialize success

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 18:11:28
-----------------------------
18:11:28.304 OS Version: Windows x64 6.1.7601 Service Pack 1
18:11:28.304 Number of processors: 2 586 0x4303
18:11:28.306 ComputerName: CASEY-PC UserName: Grie
18:11:32.553 Initialize success
18:12:35.258 AVAST engine defs: 12021901
18:13:06.087 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:13:06.090 Disk 0 Vendor: WDC_WD6400AAKS-00A7B2 01.03B01 Size: 610480MB BusType: 3
18:13:06.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
18:13:06.096 Disk 1 Vendor: WDC_WD10EADS-11M2B2 80.00A80 Size: 953869MB BusType: 3
18:13:06.099 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-7
18:13:06.102 Disk 2 Vendor: SAMSUNG_HN-M101MBB 2AR10001 Size: 953869MB BusType: 3
18:13:06.105 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP0T0L0-0
18:13:06.110 Disk 3 Vendor: ST3300620A 3.AAC Size: 286168MB BusType: 3
18:13:06.128 Disk 3 MBR read successfully
18:13:06.132 Disk 3 MBR scan
18:13:06.150 Disk 3 Windows 7 default MBR code
18:13:06.169 Disk 3 Partition 1 80 (A) 07 HPFS/NTFS NTFS 135230 MB offset 63
18:13:06.176 Disk 3 Partition - 00 0F Extended LBA 150934 MB offset 276953040
18:13:06.202 Disk 3 Partition 2 00 07 HPFS/NTFS NTFS 150934 MB offset 276953103
18:13:06.210 Service scanning
18:13:34.876 Modules scanning
18:13:34.882 Disk 3 trace - called modules:
18:13:34.895 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:13:34.901 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa80055d5590]
18:13:34.907 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80049211c0]
18:13:34.913 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052df060]
18:13:38.822 AVAST engine scan B:\Windows
18:13:41.776 AVAST engine scan B:\Windows\system32
18:13:55.601 File: B:\Windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
18:16:11.970 File: B:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:16:15.525 File: B:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
18:17:34.239 AVAST engine scan B:\Windows\system32\drivers
18:17:52.425 AVAST engine scan B:\Users\Grie.Casey-PC
18:34:10.476 File: B:\Users\Grie.Casey-PC\Downloads\Runtime_GetDataBack_for_NTFS_and_FAT_4_22_keygen.exe **INFECTED** Win32:MalOb-HU [Cryp]
18:36:19.047 AVAST engine scan B:\ProgramData
18:40:03.471 Scan finished successfully
18:51:14.297 Disk 3 MBR has been saved successfully to "B:\MBR.dat"
18:51:14.303 The log file has been saved successfully to "B:\aswMBR.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:53 PM

Posted 19 February 2012 - 09:57 PM

You're infected by 64 BIT zero access rootkit.We need advanced tools to remove it

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here with required logs

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#6 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 19 February 2012 - 10:01 PM

Wow that is not good. But thanks so much for helping me figure out what is wrong! I'll get working on posting those logs.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:53 PM

Posted 19 February 2012 - 10:08 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users