also @ TechSpot: Intel confirms a smartwatch is in the pipeline

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

System Check virus removed but Internet not working

Discussion in 'Virus and Malware Removal' started by nautilus808, Feb 8, 2012.

Post New Reply

Page 2 of 5

Broni Malware Annihilator Posts: 40,051 +187

Post new Bootkit Remover log.

Broni, Feb 9, 2012

#21
nautilus808 Newcomer, in training Posts: 60

Recdisc will not run the program.

Please see below
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c3700000

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

nautilus808, Feb 9, 2012

#22
Broni Malware Annihilator Posts: 40,051 +187
Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Feb 9, 2012

#23
nautilus808 Newcomer, in training Posts: 60

The tdskiller needed to restart the computer, as the computer was restarting a blue screen poped up indicating the computer had to shut down. It appeared for a second so not sure what it said. The computer than restarted. Please se below for log from tdskiller:

Tds killer created about 2000 files on my c drive

nautilus808, Feb 10, 2012

#24
Broni Malware Annihilator Posts: 40,051 +187

Tds killer created about 2000 files on my c drive

Say again....

Broni, Feb 10, 2012

#25

nautilus808 Newcomer, in training Posts: 60

i think they are all the same :
21:32:57.0201 4004 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
21:32:57.0205 4004 ============================================================
21:32:57.0205 4004 Current date / time: 2012/02/09 21:32:57.0205
21:32:57.0205 4004 SystemInfo:
21:32:57.0205 4004
21:32:57.0205 4004 OS Version: 6.0.6002 ServicePack: 2.0
21:32:57.0205 4004 Product type: Workstation
21:32:57.0205 4004 ComputerName: PONDALEX-PC
21:32:57.0206 4004 UserName: Pondalex
21:32:57.0206 4004 Windows directory: C:\Windows
21:32:57.0206 4004 System windows directory: C:\Windows
21:32:57.0206 4004 Processor architecture: Intel x86
21:32:57.0206 4004 Number of processors: 4
21:32:57.0206 4004 Page size: 0x1000
21:32:57.0206 4004 Boot type: Normal boot
21:32:57.0206 4004 ============================================================
21:32:57.0872 4004 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:32:57.0874 4004 Drive \Device\Harddisk1\DR2 - Size: 0xEEBF8000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:32:57.0875 4004 \Device\Harddisk0\DR0:
21:32:57.0875 4004 MBR used
21:32:57.0875 4004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
21:32:57.0875 4004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x48A3C000
21:32:57.0875 4004 \Device\Harddisk1\DR2:
21:32:57.0876 4004 MBR used
21:32:57.0876 4004 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x775AC1
21:32:57.0938 4004 Initialize success
21:32:57.0938 4004 ============================================================
21:33:10.0035 6016 ============================================================
21:33:10.0035 6016 Scan started
21:33:10.0035 6016 Mode: Manual;
21:33:10.0035 6016 ============================================================
21:33:10.0396 6016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:33:10.0398 6016 ACPI - ok
21:33:10.0484 6016 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:33:10.0495 6016 adp94xx - ok
21:33:10.0522 6016 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:33:10.0530 6016 adpahci - ok
21:33:10.0574 6016 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:33:10.0578 6016 adpu160m - ok
21:33:10.0604 6016 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:33:10.0610 6016 adpu320 - ok
21:33:10.0657 6016 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:33:10.0791 6016 AFD - ok
21:33:10.0815 6016 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:33:10.0819 6016 agp440 - ok
21:33:10.0835 6016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:33:10.0840 6016 aic78xx - ok
21:33:10.0885 6016 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:33:10.0889 6016 aliide - ok
21:33:10.0947 6016 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:33:10.0950 6016 amdagp - ok
21:33:10.0964 6016 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:33:10.0969 6016 amdide - ok
21:33:10.0985 6016 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:33:10.0988 6016 AmdK7 - ok
21:33:10.0998 6016 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:33:11.0001 6016 AmdK8 - ok
21:33:11.0137 6016 amdkmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
21:33:11.0406 6016 amdkmdag - ok
21:33:11.0506 6016 amdkmdap (c9b705ff53b15dd71f6a4d4f45396edd) C:\Windows\system32\DRIVERS\atikmpag.sys
21:33:11.0636 6016 amdkmdap - ok
21:33:11.0702 6016 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:33:11.0706 6016 arc - ok
21:33:11.0732 6016 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:33:11.0737 6016 arcsas - ok
21:33:11.0764 6016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:11.0766 6016 AsyncMac - ok
21:33:11.0794 6016 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
21:33:11.0798 6016 atapi - ok
21:33:11.0863 6016 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
21:33:11.0997 6016 AtiHDAudioService - ok
21:33:12.0179 6016 atikmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
21:33:12.0216 6016 atikmdag - ok
21:33:12.0262 6016 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:33:12.0265 6016 BCM43XX - ok
21:33:12.0330 6016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:33:12.0332 6016 Beep - ok
21:33:12.0371 6016 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:33:12.0374 6016 blbdrive - ok
21:33:12.0427 6016 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:33:12.0471 6016 bowser - ok
21:33:12.0493 6016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:33:12.0498 6016 BrFiltLo - ok
21:33:12.0517 6016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:33:12.0522 6016 BrFiltUp - ok
21:33:12.0545 6016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:33:12.0551 6016 Brserid - ok
21:33:12.0587 6016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:33:12.0592 6016 BrSerWdm - ok
21:33:12.0610 6016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:33:12.0613 6016 BrUsbMdm - ok
21:33:12.0620 6016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:33:12.0625 6016 BrUsbSer - ok
21:33:12.0645 6016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:33:12.0649 6016 BTHMODEM - ok
21:33:12.0704 6016 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
21:33:12.0752 6016 BVRPMPR5 - ok
21:33:12.0850 6016 catchme - ok
21:33:12.0860 6016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:33:12.0864 6016 cdfs - ok
21:33:12.0910 6016 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\Windows\system32\drivers\cdrbsdrv.sys
21:33:12.0992 6016 cdrbsdrv - ok
21:33:13.0034 6016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:33:13.0040 6016 cdrom - ok
21:33:13.0092 6016 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
21:33:13.0137 6016 cfwids - ok
21:33:13.0162 6016 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:33:13.0167 6016 circlass - ok
21:33:13.0214 6016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:33:13.0220 6016 CLFS - ok
21:33:13.0248 6016 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:33:13.0252 6016 cmdide - ok
21:33:13.0291 6016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:33:13.0293 6016 Compbatt - ok
21:33:13.0329 6016 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
21:33:13.0440 6016 cpuz135 - ok
21:33:13.0486 6016 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:33:13.0489 6016 crcdisk - ok
21:33:13.0518 6016 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:33:13.0523 6016 Crusoe - ok
21:33:13.0566 6016 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:33:13.0609 6016 DfsC - ok
21:33:13.0622 6016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:33:13.0626 6016 disk - ok
21:33:13.0687 6016 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:33:13.0694 6016 Dot4 - ok
21:33:13.0732 6016 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:33:13.0734 6016 Dot4Print - ok
21:33:13.0772 6016 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:33:13.0776 6016 dot4usb - ok
21:33:13.0824 6016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:33:13.0830 6016 drmkaud - ok
21:33:13.0875 6016 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:33:13.0879 6016 DXGKrnl - ok
21:33:13.0901 6016 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
21:33:13.0911 6016 e1express - ok
21:33:13.0941 6016 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:33:13.0947 6016 E1G60 - ok
21:33:14.0003 6016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:33:14.0010 6016 Ecache - ok
21:33:14.0041 6016 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:33:14.0050 6016 elxstor - ok
21:33:14.0092 6016 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:33:14.0094 6016 ErrDev - ok
21:33:14.0164 6016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:33:14.0169 6016 exfat - ok
21:33:14.0205 6016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:33:14.0211 6016 fastfat - ok
21:33:14.0237 6016 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:33:14.0242 6016 fdc - ok
21:33:14.0282 6016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:33:14.0285 6016 FileInfo - ok
21:33:14.0330 6016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:33:14.0332 6016 Filetrace - ok
21:33:14.0367 6016 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:33:14.0371 6016 flpydisk - ok
21:33:14.0397 6016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:33:14.0400 6016 FltMgr - ok
21:33:14.0430 6016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:33:14.0435 6016 Fs_Rec - ok
21:33:14.0456 6016 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:33:14.0462 6016 gagp30kx - ok
21:33:14.0519 6016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:33:14.0562 6016 GEARAspiWDM - ok
21:33:14.0606 6016 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:33:14.0612 6016 HdAudAddService - ok
21:33:14.0673 6016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:33:14.0677 6016 HDAudBus - ok
21:33:14.0708 6016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:33:14.0711 6016 HidBth - ok
21:33:14.0730 6016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:33:14.0734 6016 HidIr - ok
21:33:14.0758 6016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:33:14.0762 6016 HidUsb - ok
21:33:14.0797 6016 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:33:14.0802 6016 HpCISSs - ok
21:33:14.0863 6016 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\Windows\system32\DRIVERS\HPZid412.sys
21:33:14.0871 6016 HPZid412 - ok
21:33:14.0890 6016 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\Windows\system32\DRIVERS\HPZipr12.sys
21:33:14.0943 6016 HPZipr12 - ok
21:33:14.0993 6016 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\Windows\system32\DRIVERS\HPZius12.sys
21:33:15.0028 6016 HPZius12 - ok
21:33:15.0069 6016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:33:15.0080 6016 HTTP - ok
21:33:15.0105 6016 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:33:15.0110 6016 i2omp - ok
21:33:15.0134 6016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:33:15.0139 6016 i8042prt - ok
21:33:15.0187 6016 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
21:33:15.0189 6016 iaStor - ok
21:33:15.0213 6016 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:33:15.0221 6016 iaStorV - ok
21:33:15.0239 6016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:33:15.0244 6016 iirsp - ok
21:33:15.0260 6016 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:33:15.0263 6016 intelide - ok
21:33:15.0289 6016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:33:15.0289 6016 intelppm - ok
21:33:15.0317 6016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:33:15.0321 6016 IpFilterDriver - ok
21:33:15.0328 6016 IpInIp - ok
21:33:15.0349 6016 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:33:15.0353 6016 IPMIDRV - ok
21:33:15.0369 6016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:33:15.0373 6016 IPNAT - ok
21:33:15.0392 6016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:33:15.0396 6016 IRENUM - ok
21:33:15.0416 6016 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:33:15.0419 6016 isapnp - ok
21:33:15.0455 6016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:33:15.0456 6016 iScsiPrt - ok
21:33:15.0482 6016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:33:15.0486 6016 iteatapi - ok
21:33:15.0540 6016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:33:15.0543 6016 iteraid - ok
21:33:15.0551 6016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:33:15.0553 6016 kbdclass - ok
21:33:15.0582 6016 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:33:15.0587 6016 kbdhid - ok
21:33:15.0656 6016 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:33:15.0725 6016 KSecDD - ok
21:33:15.0749 6016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:33:15.0754 6016 lltdio - ok
21:33:15.0788 6016 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:33:15.0793 6016 LSI_FC - ok
21:33:15.0817 6016 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:33:15.0821 6016 LSI_SAS - ok
21:33:15.0849 6016 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:33:15.0856 6016 LSI_SCSI - ok
21:33:15.0882 6016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:33:15.0885 6016 luafv - ok
21:33:15.0914 6016 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\Drivers\LVPr2Mon.sys
21:33:16.0028 6016 LVPr2Mon - ok
21:33:16.0066 6016 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys
21:33:16.0217 6016 LVRS - ok
21:33:16.0275 6016 lvselsus (9dd54f584758dbe8db56e218bd60874d) C:\Windows\system32\DRIVERS\lvselsus.sys
21:33:16.0359 6016 lvselsus - ok
21:33:16.0391 6016 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
21:33:16.0474 6016 LVUSBSta - ok
21:33:16.0570 6016 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\Windows\system32\DRIVERS\lvuvc.sys
21:33:16.0698 6016 LVUVC - ok
21:33:16.0718 6016 MCSTRM - ok
21:33:16.0749 6016 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:33:16.0752 6016 megasas - ok
21:33:16.0784 6016 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:33:16.0793 6016 MegaSR - ok
21:33:16.0834 6016 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
21:33:16.0880 6016 mfeapfk - ok
21:33:16.0939 6016 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
21:33:17.0020 6016 mfeavfk - ok
21:33:17.0027 6016 mfeavfk01 - ok
21:33:17.0072 6016 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
21:33:17.0117 6016 mfebopk - ok
21:33:17.0149 6016 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
21:33:17.0201 6016 mfefirek - ok
21:33:17.0274 6016 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
21:33:17.0401 6016 mfehidk - ok
21:33:17.0435 6016 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:33:17.0480 6016 mfenlfk - ok
21:33:17.0552 6016 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
21:33:17.0599 6016 mferkdet - ok
21:33:17.0645 6016 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
21:33:17.0693 6016 mferkdk - ok
21:33:17.0737 6016 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
21:33:17.0783 6016 mfesmfk - ok
21:33:17.0817 6016 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
21:33:17.0867 6016 mfewfpk - ok
21:33:17.0916 6016 MOBK755Filter (720f2e1759526ec6d6d95cb284cf62d9) C:\Windows\system32\DRIVERS\MOBK755.sys
21:33:17.0999 6016 MOBK755Filter - ok
21:33:18.0043 6016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:33:18.0048 6016 Modem - ok
21:33:18.0077 6016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:33:18.0077 6016 monitor - ok
21:33:18.0085 6016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:33:18.0088 6016 mouclass - ok
21:33:18.0099 6016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:33:18.0104 6016 mouhid - ok
21:33:18.0114 6016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:33:18.0116 6016 MountMgr - ok
21:33:18.0142 6016 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:33:18.0147 6016 mpio - ok
21:33:18.0168 6016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:33:18.0173 6016 mpsdrv - ok
21:33:18.0195 6016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:33:18.0200 6016 Mraid35x - ok
21:33:18.0239 6016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:33:18.0244 6016 MRxDAV - ok
21:33:18.0295 6016 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:33:18.0378 6016 mrxsmb - ok
21:33:18.0429 6016 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:33:18.0514 6016 mrxsmb10 - ok
21:33:18.0522 6016 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:33:18.0605 6016 mrxsmb20 - ok
21:33:18.0650 6016 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:33:18.0654 6016 msahci - ok
21:33:18.0675 6016 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:33:18.0680 6016 msdsm - ok
21:33:18.0707 6016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:33:18.0712 6016 Msfs - ok
21:33:18.0719 6016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:33:18.0721 6016 msisadrv - ok
21:33:18.0756 6016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:33:18.0761 6016 MSKSSRV - ok
21:33:18.0783 6016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:33:18.0785 6016 MSPCLOCK - ok
21:33:18.0796 6016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:33:18.0799 6016 MSPQM - ok
21:33:18.0833 6016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:33:18.0839 6016 MsRPC - ok
21:33:18.0849 6016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:33:18.0849 6016 mssmbios - ok
21:33:18.0914 6016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:33:18.0918 6016 MSTEE - ok
21:33:18.0948 6016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:33:18.0951 6016 Mup - ok
21:33:19.0011 6016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:33:19.0016 6016 NativeWifiP - ok
21:33:19.0053 6016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:33:19.0057 6016 NDIS - ok
21:33:19.0073 6016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:33:19.0075 6016 NdisTapi - ok
21:33:19.0086 6016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:33:19.0092 6016 Ndisuio - ok
21:33:19.0110 6016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:33:19.0116 6016 NdisWan - ok
21:33:19.0128 6016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:33:19.0131 6016 NDProxy - ok
21:33:19.0149 6016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:33:19.0154 6016 NetBIOS - ok
21:33:19.0180 6016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:33:19.0185 6016 netbt - ok
21:33:19.0216 6016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:33:19.0221 6016 nfrd960 - ok
21:33:19.0263 6016 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
21:33:19.0349 6016 NPF - ok
21:33:19.0385 6016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:33:19.0388 6016 Npfs - ok
21:33:19.0396 6016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:33:19.0398 6016 nsiproxy - ok
21:33:19.0432 6016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:33:19.0459 6016 Ntfs - ok
21:33:19.0483 6016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:33:19.0487 6016 ntrigdigi - ok
21:33:19.0513 6016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:33:19.0517 6016 Null - ok
21:33:19.0543 6016 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:33:19.0548 6016 nvraid - ok
21:33:19.0567 6016 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:33:19.0570 6016 nvstor - ok
21:33:19.0591 6016 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:33:19.0597 6016 nv_agp - ok
21:33:19.0604 6016 NwlnkFlt - ok
21:33:19.0611 6016 NwlnkFwd - ok
21:33:19.0653 6016 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:33:19.0653 6016 ohci1394 - ok
21:33:19.0680 6016 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS
21:33:19.0749 6016 OMCI - ok
21:33:19.0778 6016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:33:19.0782 6016 Parport - ok
21:33:19.0812 6016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:33:19.0816 6016 partmgr - ok
21:33:19.0850 6016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:33:19.0854 6016 Parvdm - ok
21:33:19.0907 6016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:33:19.0908 6016 pci - ok
21:33:19.0949 6016 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:33:19.0952 6016 pciide - ok
21:33:19.0976 6016 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:33:19.0981 6016 pcmcia - ok
21:33:20.0030 6016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:33:20.0052 6016 PEAUTH - ok
21:33:20.0094 6016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:33:20.0099 6016 PptpMiniport - ok
21:33:20.0125 6016 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:33:20.0129 6016 Processor - ok
21:33:20.0179 6016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:33:20.0183 6016 PSched - ok
21:33:20.0208 6016 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
21:33:20.0287 6016 PxHelp20 - ok
21:33:20.0340 6016 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:33:20.0384 6016 ql2300 - ok
21:33:20.0403 6016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:33:20.0406 6016 ql40xx - ok
21:33:20.0430 6016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:33:20.0433 6016 QWAVEdrv - ok
21:33:20.0578 6016 R300 (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
21:33:20.0616 6016 R300 - ok
21:33:20.0632 6016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:33:20.0636 6016 RasAcd - ok
21:33:20.0648 6016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:33:20.0653 6016 Rasl2tp - ok
21:33:20.0684 6016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:33:20.0688 6016 RasPppoe - ok
21:33:20.0717 6016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:33:20.0722 6016 RasSstp - ok
21:33:20.0746 6016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:33:20.0754 6016 rdbss - ok
21:33:20.0805 6016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:33:20.0807 6016 RDPCDD - ok
21:33:20.0861 6016 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:33:20.0868 6016 rdpdr - ok
21:33:20.0902 6016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:33:20.0906 6016 RDPENCDD - ok
21:33:20.0940 6016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:33:20.0958 6016 RDPWD - ok
21:33:21.0017 6016 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
21:33:21.0102 6016 RimUsb - ok
21:33:21.0141 6016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:33:21.0145 6016 rspndr - ok
21:33:21.0176 6016 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys
21:33:21.0180 6016 sbp2port - ok
21:33:21.0198 6016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:33:21.0201 6016 secdrv - ok
21:33:21.0227 6016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:33:21.0231 6016 Serenum - ok
21:33:21.0256 6016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:33:21.0263 6016 Serial - ok
21:33:21.0289 6016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:33:21.0292 6016 sermouse - ok
21:33:21.0324 6016 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:33:21.0327 6016 sffdisk - ok
21:33:21.0345 6016 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:33:21.0347 6016 sffp_mmc - ok
21:33:21.0365 6016 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:33:21.0374 6016 sffp_sd - ok
21:33:21.0382 6016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:33:21.0386 6016 sfloppy - ok
21:33:21.0434 6016 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:33:21.0437 6016 sisagp - ok
21:33:21.0476 6016 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:33:21.0481 6016 SiSRaid2 - ok
21:33:21.0502 6016 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:33:21.0505 6016 SiSRaid4 - ok
21:33:21.0547 6016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:33:21.0550 6016 Smb - ok
21:33:21.0607 6016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:33:21.0611 6016 spldr - ok
21:33:21.0687 6016 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:33:21.0773 6016 srv - ok
21:33:21.0830 6016 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:33:21.0935 6016 srv2 - ok
21:33:21.0971 6016 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:33:22.0016 6016 srvnet - ok
21:33:22.0056 6016 STHDA - ok
21:33:22.0097 6016 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
21:33:22.0100 6016 StillCam - ok
21:33:22.0127 6016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:33:22.0130 6016 swenum - ok
21:33:22.0155 6016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:33:22.0159 6016 Symc8xx - ok
21:33:22.0170 6016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:33:22.0174 6016 Sym_hi - ok
21:33:22.0190 6016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:33:22.0193 6016 Sym_u3 - ok
21:33:22.0271 6016 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:33:22.0327 6016 Tcpip - ok
21:33:22.0354 6016 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:33:22.0360 6016 Tcpip6 - ok
21:33:22.0383 6016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:33:22.0388 6016 tcpipreg - ok
21:33:22.0420 6016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:33:22.0424 6016 TDPIPE - ok
21:33:22.0447 6016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:33:22.0452 6016 TDTCP - ok
21:33:22.0513 6016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:33:22.0518 6016 tdx - ok
21:33:22.0546 6016 tenCapture (4333a34011814af753004419f42797aa) C:\Windows\system32\DRIVERS\tenCapture.sys
21:33:22.0589 6016 tenCapture - ok
21:33:22.0620 6016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:33:22.0626 6016 TermDD - ok
21:33:22.0675 6016 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
21:33:22.0797 6016 TrojanKillerDriver - ok
21:33:22.0847 6016 truecrypt (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys
21:33:22.0895 6016 truecrypt - ok
21:33:22.0946 6016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:33:22.0951 6016 tssecsrv - ok
21:33:22.0974 6016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:33:22.0978 6016 tunmp - ok
21:33:23.0007 6016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:33:23.0012 6016 tunnel - ok
21:33:23.0040 6016 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:33:23.0045 6016 uagp35 - ok
21:33:23.0096 6016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:33:23.0104 6016 udfs - ok
21:33:23.0121 6016 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:33:23.0125 6016 uliagpkx - ok
21:33:23.0144 6016 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:33:23.0151 6016 uliahci - ok
21:33:23.0192 6016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:33:23.0198 6016 UlSata - ok
21:33:23.0213 6016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:33:23.0218 6016 ulsata2 - ok
21:33:23.0265 6016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:33:23.0269 6016 umbus - ok
21:33:23.0314 6016 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:33:23.0395 6016 USBAAPL - ok
21:33:23.0429 6016 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:33:23.0433 6016 usbaudio - ok
21:33:23.0463 6016 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
21:33:23.0508 6016 usbbus - ok
21:33:23.0556 6016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:33:23.0561 6016 usbccgp - ok
21:33:23.0586 6016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:33:23.0591 6016 usbcir - ok
21:33:23.0637 6016 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
21:33:23.0714 6016 UsbDiag - ok
21:33:23.0745 6016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:33:23.0749 6016 usbehci - ok
21:33:23.0776 6016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:33:23.0781 6016 usbhub - ok
21:33:23.0816 6016 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
21:33:23.0864 6016 USBModem - ok
21:33:23.0901 6016 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:33:23.0904 6016 usbohci - ok
21:33:23.0943 6016 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:33:23.0948 6016 usbprint - ok
21:33:23.0982 6016 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:33:23.0986 6016 usbscan - ok
21:33:24.0020 6016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:33:24.0023 6016 USBSTOR - ok
21:33:24.0037 6016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:33:24.0041 6016 usbuhci - ok
21:33:24.0076 6016 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:33:24.0082 6016 usbvideo - ok
21:33:24.0106 6016 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:33:24.0109 6016 vga - ok
21:33:24.0139 6016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:33:24.0145 6016 VgaSave - ok
21:33:24.0173 6016 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:33:24.0178 6016 viaagp - ok
21:33:24.0200 6016 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:33:24.0203 6016 ViaC7 - ok
21:33:24.0225 6016 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:33:24.0228 6016 viaide - ok
21:33:24.0236 6016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:33:24.0241 6016 volmgr - ok
21:33:24.0284 6016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:33:24.0290 6016 volmgrx - ok
21:33:24.0340 6016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:33:24.0344 6016 volsnap - ok
21:33:24.0372 6016 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:33:24.0376 6016 vsmraid - ok
21:33:24.0406 6016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:33:24.0408 6016 WacomPen - ok
21:33:24.0435 6016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:33:24.0441 6016 Wanarp - ok
21:33:24.0443 6016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:33:24.0444 6016 Wanarpv6 - ok
21:33:24.0481 6016 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:33:24.0483 6016 Wd - ok
21:33:24.0518 6016 Wdf01000 (a1bd4ad37b361199dc326cccc9c179de) C:\Windows\system32\drivers\Wdf01000.sys
21:33:24.0529 6016 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: a1bd4ad37b361199dc326cccc9c179de, Fake md5: b6f0a7ad6d4bd325fbcd8bac96cd8d96
21:33:24.0530 6016 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
21:33:24.0530 6016 Wdf01000 - detected Virus.Win32.Rloader.a (0)
21:33:24.0576 6016 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
21:33:24.0579 6016 WinUsb - ok
21:33:24.0617 6016 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:33:24.0621 6016 WmiAcpi - ok
21:33:24.0674 6016 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:33:24.0676 6016 WpdUsb - ok
21:33:24.0707 6016 WPRO_40_1340 - ok
21:33:24.0741 6016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:33:24.0744 6016 ws2ifsl - ok
21:33:24.0773 6016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:33:24.0779 6016 WUDFRd - ok
21:33:24.0803 6016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:33:24.0835 6016 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:33:24.0835 6016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:33:24.0840 6016 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
21:33:24.0843 6016 \Device\Harddisk1\DR2 - ok
21:33:24.0873 6016 Boot (0x1200) (a438bc4003d97eebffe169bc38275383) \Device\Harddisk0\DR0\Partition0
21:33:24.0874 6016 \Device\Harddisk0\DR0\Partition0 - ok
21:33:24.0886 6016 Boot (0x1200) (f68e6ccd177415f807a3da52aee8e297) \Device\Harddisk0\DR0\Partition1
21:33:24.0887 6016 \Device\Harddisk0\DR0\Partition1 - ok
21:33:24.0890 6016 Boot (0x1200) (21b0ad21697a028123440288b18134c3) \Device\Harddisk1\DR2\Partition0
21:33:24.0891 6016 \Device\Harddisk1\DR2\Partition0 - ok
21:33:24.0891 6016 ============================================================
21:33:24.0891 6016 Scan finished
21:33:24.0891 6016 ============================================================
21:33:24.0901 5240 Detected object count: 2
21:33:24.0901 5240 Actual detected object count: 2
21:33:54.0294 5240 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
21:34:00.0776 5240 Backup copy not found, trying to cure infected file..
21:34:00.0779 5240 Cure success, using it..
21:34:00.0789 5240 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
21:34:00.0789 5240 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
21:34:00.0910 5240 \Device\Harddisk0\DR0\# - copied to quarantine
21:34:00.0911 5240 \Device\Harddisk0\DR0 - copied to quarantine
21:34:00.0972 5240 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:34:00.0975 5240 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
21:34:00.0979 5240 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:34:00.0982 5240 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:34:00.0985 5240 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:34:01.0031 5240 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:34:01.0035 5240 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:34:01.0038 5240 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:34:01.0041 5240 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:34:01.0093 5240 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:34:01.0101 5240 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:34:01.0104 5240 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:34:01.0108 5240 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:34:01.0111 5240 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:34:01.0115 5240 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:34:01.0118 5240 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:34:01.0123 5240 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:34:01.0123 5240 \Device\Harddisk0\DR0 - ok
21:34:01.0243 5240 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:34:26.0285 2516 Deinitialize success

nautilus808, Feb 10, 2012

#26

Broni Malware Annihilator Posts: 40,051 +187

Very well.

Post new Bootkit Remover log.

See if aswMBR will run now.

Broni, Feb 10, 2012

#27
nautilus808 Newcomer, in training Posts: 60

Some more info.....
TDSkiller found and cured to viruses.
TDSkiller created about 2000 duplicate logs that look like the one i posted....tdskiller
It made countless folders as well. 2 noteworthy folders appear to be contained in a folder called "tdsskiller_quarantine" are mbr0000 and rtkt000.

nautilus808, Feb 10, 2012

#28
nautilus808 Newcomer, in training Posts: 60

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c3700000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

nautilus808, Feb 10, 2012

#29
nautilus808 Newcomer, in training Posts: 60

aswMBR was not able to update itself since the infected computer does not have internet connection.

aswMBR was able to scan.
Please see below

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 22:27:35
-----------------------------
22:27:35.859 OS Version: Windows 6.0.6002 Service Pack 2
22:27:35.859 Number of processors: 4 586 0xF0B
22:27:35.860 ComputerName: PONDALEX-PC UserName: Pondalex
22:27:37.108 Initialize success
22:27:50.789 AVAST engine download error: 0
22:27:57.270 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:27:57.272 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
22:27:57.281 Disk 0 MBR read successfully
22:27:57.283 Disk 0 MBR scan
22:27:57.285 Disk 0 Windows VISTA default MBR code
22:27:57.287 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
22:27:57.293 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
22:27:57.306 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595064 MB offset 31569920
22:27:57.310 Disk 0 scanning sectors +1250260992
22:27:57.382 Disk 0 scanning C:\Windows\system32\drivers
22:28:08.280 Service scanning
22:28:10.453 Modules scanning
22:28:21.247 Disk 0 trace - called modules:
22:28:21.279 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:28:21.283 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a83eac8]
22:28:21.287 3 CLASSPNP.SYS[8e9c28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89b44028]
22:28:21.291 Scan finished successfully
22:29:49.958 Disk 0 MBR has been saved successfully to "C:\Users\Pondalex\Desktop\MBR.dat"
22:29:49.967 The log file has been saved successfully to "C:\Users\Pondalex\Desktop\aswMBR log.txt"

nautilus808, Feb 10, 2012

#30
Broni Malware Annihilator Posts: 40,051 +187
All those logs look good now.

We'll see about your internet connection.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Feb 10, 2012

#31
nautilus808 Newcomer, in training Posts: 60

i have McAfee, how do i disable it?

nautilus808, Feb 10, 2012

#32
Broni Malware Annihilator Posts: 40,051 +187

It's included in Combofix instruction if you read them carefully as you should:

Click on this link to see a list of programs that should be disabled.

Broni, Feb 10, 2012

#33
nautilus808 Newcomer, in training Posts: 60

i unistalled mcafee but combofix stilll indicates that it is running

nautilus808, Feb 10, 2012

#34
nautilus808 Newcomer, in training Posts: 60

I got a message from ms windows indicating that "freeware implemenation of XCACLS" has stopped working"

Combofix ran all night. It was a ble screen that said ' scanning for infected files.........this takes 10 minutes, however may take longer with badly infected machines......."

All programs shut down b4 running combofix. Mcaffe unistalled but when combofix start up it says that mcaffee anitvieus and antispyware is running?

nautilus808, Feb 10, 2012

#35
nautilus808 Newcomer, in training Posts: 60

Tried to ru combofix second time. Got a message saying recyclebin is corrupted, do u want to delete these files? i said yes....

nautilus808, Feb 10, 2012

#36
Broni Malware Annihilator Posts: 40,051 +187

Mcaffe unistalled but when combofix start up it says that mcaffee anitvieus and antispyware is running?

Don't worry about it.

Got a message saying recyclebin is corrupted, do u want to delete these files? i said yes....

Good.

Broni, Feb 10, 2012

#37
nautilus808 Newcomer, in training Posts: 60

combofix wont get passed "however this scan times take a long time for badly infected machines may easily double....."

nautilus808, Feb 10, 2012

#38
Broni Malware Annihilator Posts: 40,051 +187

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

...

Broni, Feb 10, 2012

#39
nautilus808 Newcomer, in training Posts: 60

Also the computer beeps 2 times when i initiate combofix..
It also repeats the message " recycle bin i corrupted. do u want to empty.....

nautilus808, Feb 10, 2012

#40

Page 2 of 5

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.