Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google.com will not load in any browser.


  • Please log in to reply
9 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 02 February 2012 - 09:55 AM

I recently acquired a computer from a friend that, as she put it, had a virus. It was one of those virus's that looked like an antivirus and tried to get you to buy their software. It also blocked most sites that would help. Malware bytes anti malware had to be run in safe mode, which I did. It found 11 infections. The virus appeared to be gone but now, www.google.com still won't load in any browser. I'm not sure what else won't load, but that's all that I see so far. I am currently running Malwarebytes anti malware again but I don't think it will find anything else. Doesn't anyone have any ideas?

Also, the computer gets hung up on shutdown and I have to force it to end by pressing the power button.

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 PM

Posted 02 February 2012 - 11:17 AM

Run malwarebytes in normal mode and post the clean log

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 02 February 2012 - 11:18 AM.


#3 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 02 February 2012 - 10:06 PM

13:15:29.0638 1812 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
13:15:29.0929 1812 ============================================================
13:15:29.0929 1812 Current date / time: 2012/02/02 13:15:29.0929
13:15:29.0929 1812 SystemInfo:
13:15:29.0929 1812
13:15:29.0929 1812 OS Version: 5.1.2600 ServicePack: 3.0
13:15:29.0929 1812 Product type: Workstation
13:15:29.0929 1812 ComputerName: IBM-BB3D939A762
13:15:29.0929 1812 UserName: IBM USER
13:15:29.0929 1812 Windows directory: C:\WINDOWS
13:15:29.0929 1812 System windows directory: C:\WINDOWS
13:15:29.0929 1812 Processor architecture: Intel x86
13:15:29.0929 1812 Number of processors: 1
13:15:29.0929 1812 Page size: 0x1000
13:15:29.0929 1812 Boot type: Normal boot
13:15:29.0929 1812 ============================================================
13:15:38.0541 1812 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
13:15:38.0551 1812 \Device\Harddisk0\DR0:
13:15:38.0551 1812 MBR used
13:15:38.0551 1812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x41B2081
13:15:38.0601 1812 Initialize success
13:15:38.0601 1812 ============================================================
13:24:02.0356 1012 ============================================================
13:24:02.0356 1012 Scan started
13:24:02.0356 1012 Mode: Manual; TDLFS;
13:24:02.0356 1012 ============================================================
13:24:07.0122 1012 Abiosdsk - ok
13:24:07.0663 1012 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
13:24:07.0663 1012 abp480n5 - ok
13:24:08.0114 1012 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
13:24:08.0124 1012 ac97intc - ok
13:24:08.0584 1012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:24:08.0594 1012 ACPI - ok
13:24:09.0015 1012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:24:09.0035 1012 ACPIEC - ok
13:24:09.0546 1012 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
13:24:09.0546 1012 adpu160m - ok
13:24:09.0956 1012 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
13:24:09.0956 1012 aeaudio - ok
13:24:10.0517 1012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:24:10.0517 1012 aec - ok
13:24:11.0088 1012 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:24:11.0088 1012 AFD - ok
13:24:11.0599 1012 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
13:24:11.0599 1012 agp440 - ok
13:24:12.0009 1012 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
13:24:12.0009 1012 agpCPQ - ok
13:24:12.0500 1012 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
13:24:12.0500 1012 Aha154x - ok
13:24:13.0111 1012 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
13:24:13.0111 1012 aic78u2 - ok
13:24:13.0742 1012 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
13:24:13.0742 1012 aic78xx - ok
13:24:14.0323 1012 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
13:24:14.0323 1012 AliIde - ok
13:24:15.0104 1012 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
13:24:15.0114 1012 alim1541 - ok
13:24:15.0865 1012 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
13:24:15.0865 1012 amdagp - ok
13:24:16.0356 1012 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
13:24:16.0356 1012 amsint - ok
13:24:16.0977 1012 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
13:24:16.0977 1012 ANC - ok
13:24:17.0407 1012 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
13:24:17.0407 1012 asc - ok
13:24:18.0248 1012 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
13:24:18.0248 1012 asc3350p - ok
13:24:18.0699 1012 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
13:24:18.0699 1012 asc3550 - ok
13:24:19.0150 1012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:24:19.0150 1012 AsyncMac - ok
13:24:19.0660 1012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:24:19.0660 1012 atapi - ok
13:24:20.0081 1012 Atdisk - ok
13:24:20.0542 1012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:24:20.0542 1012 Atmarpc - ok
13:24:20.0982 1012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:24:20.0982 1012 audstub - ok
13:24:21.0443 1012 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:24:21.0453 1012 BCM43XX - ok
13:24:22.0184 1012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:24:22.0184 1012 Beep - ok
13:24:22.0805 1012 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
13:24:22.0815 1012 cbidf - ok
13:24:23.0276 1012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:24:23.0276 1012 cbidf2k - ok
13:24:23.0917 1012 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\system32\CBTNDIS5.SYS
13:24:23.0917 1012 CBTNDIS5 - ok
13:24:24.0427 1012 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
13:24:24.0427 1012 cd20xrnt - ok
13:24:25.0028 1012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:24:25.0028 1012 Cdaudio - ok
13:24:25.0579 1012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:24:25.0579 1012 Cdfs - ok
13:24:26.0070 1012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:24:26.0070 1012 Cdrom - ok
13:24:26.0500 1012 Changer - ok
13:24:27.0031 1012 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:24:27.0031 1012 CmBatt - ok
13:24:27.0642 1012 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
13:24:27.0642 1012 CmdIde - ok
13:24:28.0103 1012 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:24:28.0103 1012 Compbatt - ok
13:24:29.0044 1012 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
13:24:29.0054 1012 Cpqarray - ok
13:24:29.0765 1012 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
13:24:29.0765 1012 dac2w2k - ok
13:24:30.0226 1012 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
13:24:30.0226 1012 dac960nt - ok
13:24:30.0917 1012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:24:30.0917 1012 Disk - ok
13:24:31.0568 1012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:24:31.0598 1012 dmboot - ok
13:24:32.0068 1012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:24:32.0078 1012 dmio - ok
13:24:32.0669 1012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:24:32.0679 1012 dmload - ok
13:24:33.0340 1012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:24:33.0340 1012 DMusic - ok
13:24:33.0951 1012 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
13:24:33.0951 1012 dpti2o - ok
13:24:34.0462 1012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:24:34.0462 1012 drmkaud - ok
13:24:35.0193 1012 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
13:24:35.0203 1012 drvmcdb - ok
13:24:35.0784 1012 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
13:24:35.0784 1012 drvnddm - ok
13:24:36.0264 1012 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:24:36.0264 1012 E100B - ok
13:24:36.0755 1012 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
13:24:36.0755 1012 EGATHDRV - ok
13:24:37.0236 1012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:24:37.0246 1012 Fastfat - ok
13:24:37.0796 1012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:24:37.0796 1012 Fdc - ok
13:24:38.0277 1012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:24:38.0277 1012 Fips - ok
13:24:38.0948 1012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:24:38.0958 1012 Flpydisk - ok
13:24:39.0419 1012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:24:39.0419 1012 FltMgr - ok
13:24:40.0000 1012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:24:40.0000 1012 Fs_Rec - ok
13:24:40.0721 1012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:24:40.0751 1012 Ftdisk - ok
13:24:41.0231 1012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:24:41.0231 1012 GEARAspiWDM - ok
13:24:42.0053 1012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:24:42.0053 1012 Gpc - ok
13:24:42.0704 1012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:24:42.0704 1012 HidUsb - ok
13:24:43.0324 1012 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
13:24:43.0324 1012 hpn - ok
13:24:44.0216 1012 HSFHWICH (62003dbef083dc07e5399f44fb4e22bc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
13:24:44.0226 1012 HSFHWICH - ok
13:24:45.0117 1012 HSF_DP (f41cd40b94d91edf9443a527053ec549) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:24:45.0137 1012 HSF_DP - ok
13:24:45.0868 1012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:24:45.0878 1012 HTTP - ok
13:24:46.0489 1012 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:24:46.0489 1012 i2omgmt - ok
13:24:47.0200 1012 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
13:24:47.0210 1012 i2omp - ok
13:24:47.0961 1012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:24:47.0971 1012 i8042prt - ok
13:24:48.0522 1012 ialm (45a59e73868cc93fd74b5be4d6707762) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:24:48.0532 1012 ialm - ok
13:24:49.0243 1012 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
13:24:49.0243 1012 ibmfilter - ok
13:24:50.0104 1012 IBMPMDRV (b9ad9ebe354af205277fdbfce5c5daec) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
13:24:50.0104 1012 IBMPMDRV - ok
13:24:51.0186 1012 IBMTPCHK (df674a176eb71300c4e01720a4cbfc57) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
13:24:51.0206 1012 IBMTPCHK - ok
13:24:52.0077 1012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:24:52.0077 1012 Imapi - ok
13:24:52.0848 1012 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
13:24:52.0848 1012 ini910u - ok
13:24:53.0429 1012 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
13:24:53.0429 1012 IntelIde - ok
13:24:54.0420 1012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:24:54.0420 1012 intelppm - ok
13:24:55.0202 1012 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:24:55.0202 1012 ip6fw - ok
13:24:55.0993 1012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:24:56.0003 1012 IpFilterDriver - ok
13:24:56.0824 1012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:24:56.0824 1012 IpInIp - ok
13:24:57.0355 1012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:24:57.0365 1012 IpNat - ok
13:24:58.0026 1012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:24:58.0036 1012 IPSec - ok
13:24:58.0737 1012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:24:58.0757 1012 IRENUM - ok
13:24:59.0267 1012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:24:59.0277 1012 isapnp - ok
13:24:59.0898 1012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:24:59.0898 1012 Kbdclass - ok
13:25:00.0619 1012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:25:00.0649 1012 kmixer - ok
13:25:01.0531 1012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:25:01.0541 1012 KSecDD - ok
13:25:02.0162 1012 lbrtfdc - ok
13:25:02.0893 1012 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
13:25:02.0913 1012 ltmodem5 - ok
13:25:04.0956 1012 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:25:04.0956 1012 MBAMProtector - ok
13:25:05.0386 1012 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:25:05.0386 1012 MBAMSwissArmy - ok
13:25:06.0097 1012 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:25:06.0107 1012 mdmxsdk - ok
13:25:06.0678 1012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:25:06.0678 1012 mnmdd - ok
13:25:07.0159 1012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:25:07.0159 1012 Modem - ok
13:25:07.0950 1012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:25:07.0950 1012 Mouclass - ok
13:25:08.0821 1012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:25:08.0821 1012 mouhid - ok
13:25:09.0312 1012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:25:09.0312 1012 MountMgr - ok
13:25:10.0233 1012 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
13:25:10.0233 1012 mraid35x - ok
13:25:11.0054 1012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:25:11.0054 1012 MRxDAV - ok
13:25:11.0906 1012 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:25:11.0916 1012 MRxSmb - ok
13:25:12.0366 1012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:25:12.0366 1012 Msfs - ok
13:25:13.0117 1012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:25:13.0117 1012 MSKSSRV - ok
13:25:13.0989 1012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:25:13.0989 1012 MSPCLOCK - ok
13:25:14.0609 1012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:25:14.0609 1012 MSPQM - ok
13:25:15.0280 1012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:25:15.0280 1012 mssmbios - ok
13:25:17.0083 1012 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:25:17.0093 1012 Mup - ok
13:25:17.0894 1012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:25:17.0894 1012 NDIS - ok
13:25:18.0815 1012 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:25:18.0815 1012 NdisTapi - ok
13:25:19.0256 1012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:25:19.0256 1012 Ndisuio - ok
13:25:20.0177 1012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:25:20.0177 1012 NdisWan - ok
13:25:20.0878 1012 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
13:25:20.0878 1012 NDProxy - ok
13:25:21.0359 1012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:25:21.0359 1012 NetBIOS - ok
13:25:22.0060 1012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:25:22.0070 1012 NetBT - ok
13:25:22.0751 1012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:25:22.0751 1012 Npfs - ok
13:25:23.0272 1012 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
13:25:23.0272 1012 NSCIRDA - ok
13:25:24.0053 1012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:25:24.0073 1012 Ntfs - ok
13:25:24.0894 1012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:25:24.0894 1012 Null - ok
13:25:25.0405 1012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:25:25.0405 1012 NwlnkFlt - ok
13:25:26.0196 1012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:25:26.0196 1012 NwlnkFwd - ok
13:25:27.0017 1012 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
13:25:27.0037 1012 NwlnkIpx - ok
13:25:27.0798 1012 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
13:25:27.0808 1012 NwlnkNb - ok
13:25:28.0319 1012 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
13:25:28.0319 1012 NwlnkSpx - ok
13:25:29.0220 1012 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
13:25:29.0230 1012 NWRDR - ok
13:25:30.0082 1012 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
13:25:30.0092 1012 odysseyIM4 - ok
13:25:31.0033 1012 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
13:25:31.0033 1012 P3 - ok
13:25:31.0854 1012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:25:31.0854 1012 Parport - ok
13:25:33.0206 1012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:25:33.0206 1012 PartMgr - ok
13:25:34.0067 1012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:25:34.0087 1012 ParVdm - ok
13:25:34.0899 1012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:25:34.0899 1012 PCI - ok
13:25:35.0469 1012 PCIDump - ok
13:25:36.0241 1012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:25:36.0251 1012 PCIIde - ok
13:25:36.0911 1012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:25:36.0911 1012 Pcmcia - ok
13:25:37.0412 1012 PDCOMP - ok
13:25:38.0844 1012 PDFRAME - ok
13:25:39.0385 1012 PDRELI - ok
13:25:40.0286 1012 PDRFRAME - ok
13:25:41.0027 1012 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
13:25:41.0027 1012 perc2 - ok
13:25:41.0758 1012 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
13:25:41.0768 1012 perc2hib - ok
13:25:42.0990 1012 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
13:25:42.0990 1012 PMEM - ok
13:25:45.0294 1012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:25:45.0314 1012 PptpMiniport - ok
13:25:46.0245 1012 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:25:46.0245 1012 Processor - ok
13:25:46.0956 1012 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
13:25:46.0956 1012 psadd - ok
13:25:47.0467 1012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:25:47.0467 1012 PSched - ok
13:25:48.0318 1012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:25:48.0338 1012 Ptilink - ok
13:25:49.0109 1012 PxHelp20 (338a770f9ab04e5b2104d2d6e04cba2c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:25:49.0109 1012 PxHelp20 - ok
13:25:50.0100 1012 QCNDISIF (c854eb3a54aae73046d187a77f54efc5) C:\WINDOWS\system32\drivers\qcndisif.SYS
13:25:50.0110 1012 QCNDISIF - ok
13:25:50.0932 1012 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
13:25:50.0952 1012 ql1080 - ok
13:25:51.0623 1012 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
13:25:51.0623 1012 Ql10wnt - ok
13:25:52.0354 1012 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
13:25:52.0354 1012 ql12160 - ok
13:25:53.0255 1012 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
13:25:53.0255 1012 ql1240 - ok
13:25:54.0056 1012 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
13:25:54.0056 1012 ql1280 - ok
13:25:54.0467 1012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:25:54.0467 1012 RasAcd - ok
13:25:56.0109 1012 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
13:25:56.0109 1012 Rasirda - ok
13:25:56.0850 1012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:25:56.0850 1012 Rasl2tp - ok
13:25:57.0601 1012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:25:57.0731 1012 RasPppoe - ok
13:25:58.0292 1012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:25:58.0292 1012 Raspti - ok
13:25:58.0973 1012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:25:58.0973 1012 Rdbss - ok
13:25:59.0444 1012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:25:59.0444 1012 RDPCDD - ok
13:26:00.0215 1012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:26:00.0225 1012 rdpdr - ok
13:26:01.0026 1012 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:26:01.0036 1012 RDPWD - ok
13:26:01.0837 1012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:26:01.0837 1012 redbook - ok
13:26:02.0318 1012 s24trans - ok
13:26:04.0842 1012 S3SSavage (a94aa8161dd4711bc6f732f21d6407d6) C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
13:26:04.0852 1012 S3SSavage - ok
13:26:05.0292 1012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:26:05.0292 1012 Secdrv - ok
13:26:05.0953 1012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:26:05.0963 1012 serenum - ok
13:26:07.0055 1012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:26:07.0055 1012 Serial - ok
13:26:07.0996 1012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:26:08.0066 1012 Sfloppy - ok
13:26:08.0948 1012 Simbad - ok
13:26:09.0418 1012 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
13:26:09.0438 1012 sisagp - ok
13:26:10.0510 1012 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
13:26:10.0510 1012 Smapint - ok
13:26:11.0541 1012 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
13:26:11.0551 1012 smwdm - ok
13:26:12.0413 1012 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
13:26:12.0413 1012 Sparrow - ok
13:26:13.0174 1012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:26:13.0174 1012 splitter - ok
13:26:13.0985 1012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:26:13.0985 1012 sr - ok
13:26:14.0496 1012 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
13:26:14.0506 1012 Srv - ok
13:26:15.0567 1012 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
13:26:15.0577 1012 sscdbhk5 - ok
13:26:16.0288 1012 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
13:26:16.0298 1012 ssrtln - ok
13:26:17.0149 1012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:26:17.0149 1012 swenum - ok
13:26:18.0281 1012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:26:18.0281 1012 swmidi - ok
13:26:19.0042 1012 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
13:26:19.0042 1012 symc810 - ok
13:26:19.0583 1012 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
13:26:19.0593 1012 symc8xx - ok
13:26:20.0394 1012 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
13:26:20.0394 1012 sym_hi - ok
13:26:21.0315 1012 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
13:26:21.0315 1012 sym_u3 - ok
13:26:22.0187 1012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:26:22.0197 1012 sysaudio - ok
13:26:23.0148 1012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:26:23.0168 1012 Tcpip - ok
13:26:23.0839 1012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:26:23.0839 1012 TDPIPE - ok
13:26:24.0280 1012 TDSMAPI (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
13:26:24.0280 1012 TDSMAPI - ok
13:26:25.0031 1012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:26:25.0031 1012 TDTCP - ok
13:26:26.0363 1012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:26:26.0393 1012 TermDD - ok
13:26:27.0114 1012 tfsnboio (1797f3375b4bf20e81d69ac8b11445b5) C:\WINDOWS\system32\dla\tfsnboio.sys
13:26:27.0114 1012 tfsnboio - ok
13:26:27.0805 1012 tfsncofs (019ba601cb71a71143aed94f2db26250) C:\WINDOWS\system32\dla\tfsncofs.sys
13:26:27.0805 1012 tfsncofs - ok
13:26:28.0335 1012 tfsndrct (87269d7fa6df7ef84b83bf5b0d2e031c) C:\WINDOWS\system32\dla\tfsndrct.sys
13:26:28.0335 1012 tfsndrct - ok
13:26:29.0006 1012 tfsndres (c435768c370f35a5abf22bd6ca272014) C:\WINDOWS\system32\dla\tfsndres.sys
13:26:29.0016 1012 tfsndres - ok
13:26:29.0477 1012 tfsnifs (2a144ec7557efb9758d1c121688ebaf5) C:\WINDOWS\system32\dla\tfsnifs.sys
13:26:29.0477 1012 tfsnifs - ok
13:26:30.0058 1012 tfsnopio (1aa2c61a846efbc200703e8dc250297f) C:\WINDOWS\system32\dla\tfsnopio.sys
13:26:30.0058 1012 tfsnopio - ok
13:26:30.0789 1012 tfsnpool (b3b0b6616cae23ab1a4a5898ca6d5552) C:\WINDOWS\system32\dla\tfsnpool.sys
13:26:30.0789 1012 tfsnpool - ok
13:26:31.0210 1012 tfsnudf (1614a1e396f296138d3fb1728f385e0b) C:\WINDOWS\system32\dla\tfsnudf.sys
13:26:31.0210 1012 tfsnudf - ok
13:26:31.0820 1012 tfsnudfa (e5d5b8dde8c221fedc88680631294155) C:\WINDOWS\system32\dla\tfsnudfa.sys
13:26:31.0820 1012 tfsnudfa - ok
13:26:32.0291 1012 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
13:26:32.0291 1012 TosIde - ok
13:26:32.0852 1012 Tp4Track (eef2d6e4ec9f24be67572c60f3778f8d) C:\WINDOWS\system32\DRIVERS\tp4track.sys
13:26:32.0852 1012 Tp4Track - ok
13:26:33.0473 1012 TPHKDRV (a7c9656b3cac47a9f786aae88259d8b9) C:\WINDOWS\system32\drivers\TPHKDRV.sys
13:26:33.0473 1012 TPHKDRV - ok
13:26:33.0933 1012 TPPWR (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
13:26:33.0943 1012 TPPWR - ok
13:26:34.0414 1012 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
13:26:34.0414 1012 TSMAPIP - ok
13:26:37.0418 1012 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
13:26:37.0418 1012 TwoTrack - ok
13:26:38.0109 1012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:26:38.0109 1012 Udfs - ok
13:26:38.0780 1012 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
13:26:38.0790 1012 ultra - ok
13:26:39.0351 1012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:26:39.0361 1012 Update - ok
13:26:40.0192 1012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:26:40.0213 1012 usbccgp - ok
13:26:41.0034 1012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:26:41.0034 1012 usbehci - ok
13:26:41.0474 1012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:26:41.0484 1012 usbhub - ok
13:26:42.0255 1012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:26:42.0255 1012 usbprint - ok
13:26:42.0916 1012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:26:42.0916 1012 usbscan - ok
13:26:43.0467 1012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:26:43.0467 1012 USBSTOR - ok
13:26:44.0348 1012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:26:44.0348 1012 usbuhci - ok
13:26:45.0140 1012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:26:45.0150 1012 VgaSave - ok
13:26:46.0021 1012 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
13:26:46.0031 1012 viaagp - ok
13:26:46.0582 1012 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
13:26:46.0582 1012 ViaIde - ok
13:26:47.0293 1012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:26:47.0293 1012 VolSnap - ok
13:26:48.0575 1012 w22n51 (5bc494442773035da902ab30cdca11e7) C:\WINDOWS\system32\DRIVERS\w22n51.sys
13:26:49.0035 1012 w22n51 - ok
13:26:49.0967 1012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:26:49.0967 1012 Wanarp - ok
13:26:50.0447 1012 WDICA - ok
13:26:51.0188 1012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:26:51.0198 1012 wdmaud - ok
13:26:51.0939 1012 winachsf (542a5f528a6cfebb4487b09538596d78) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:26:51.0959 1012 winachsf - ok
13:26:52.0821 1012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:26:52.0831 1012 WudfPf - ok
13:26:53.0472 1012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:26:53.0482 1012 WudfRd - ok
13:26:53.0532 1012 MBR (0x1B8) (4074b098cdd49ec3b02a62467804fb02) \Device\Harddisk0\DR0
13:26:53.0532 1012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:26:53.0532 1012 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:26:53.0652 1012 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:26:53.0652 1012 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:26:53.0652 1012 Boot (0x1200) (9893cffa38a5e6d8113e2e9f9764fb36) \Device\Harddisk0\DR0\Partition0
13:26:53.0662 1012 \Device\Harddisk0\DR0\Partition0 - ok
13:26:53.0662 1012 ============================================================
13:26:53.0662 1012 Scan finished
13:26:53.0662 1012 ============================================================
13:26:53.0682 2232 Detected object count: 2
13:26:53.0682 2232 Actual detected object count: 2
13:27:17.0726 2232 \Device\Harddisk0\DR0\# - copied to quarantine
13:27:17.0726 2232 \Device\Harddisk0\DR0 - copied to quarantine
13:27:17.0756 2232 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:27:17.0756 2232 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:27:17.0767 2232 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:27:17.0767 2232 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:27:17.0767 2232 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
13:27:17.0777 2232 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:27:17.0777 2232 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:27:17.0777 2232 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:27:17.0787 2232 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:27:17.0787 2232 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:27:17.0787 2232 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:27:17.0797 2232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:27:17.0797 2232 \Device\Harddisk0\DR0 - ok
13:27:17.0797 2232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:27:17.0797 2232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:27:17.0797 2232 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#4 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 02 February 2012 - 10:08 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
IBM USER :: IBM-BB3D939A762 [administrator]

Protection: Disabled

2/2/2012 1:12:53 PM
mbam-log-2012-02-02 (13-12-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201227
Time elapsed: 44 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
h

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-02 21:19:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS424040M9AT00 rev.MA2IA75A
Running: divvmle6.exe; Driver: C:\DOCUME~1\IBMUSE~1\LOCALS~1\Temp\kfxdqkoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00C9CE46
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00C9D37A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00C9CD7A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00C9D296
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00C9D73A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00C9D807
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00C9C0A2
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 00C9D1AF
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 00C9CFED
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 00C9CC63
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 00C9CF12
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 00C9D0C8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WININET.dll!InternetCrackUrlW 3D9340C0 5 Bytes JMP 00C9DC16
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WININET.dll!InternetCrackUrlA 3D954928 5 Bytes JMP 00C9DACD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C9BBFA
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C9CBBC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C9C731
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C9C958
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C9BB39
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C9C7D6
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C9C884
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00C9BFC3
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2504] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00C9CA9C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat AE9FBD20
Device \FileSystem\Fastfat \Fat AEA028C1

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#5 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 02 February 2012 - 10:09 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-02 21:20:04
-----------------------------
21:20:04.415 OS Version: Windows 5.1.2600 Service Pack 3
21:20:04.415 Number of processors: 1 586 0xD06
21:20:04.415 ComputerName: IBM-BB3D939A762 UserName: IBM USER
21:20:05.357 Initialize success
21:25:17.976 AVAST engine defs: 12020202
21:25:53.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:25:53.878 Disk 0 Vendor: HTS424040M9AT00 MA2IA75A Size: 38154MB BusType: 3
21:25:54.038 Disk 0 MBR read successfully
21:25:54.038 Disk 0 MBR scan
21:25:54.088 Disk 0 unknown MBR code
21:25:54.148 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 33636 MB offset 63
21:25:54.168 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 4518 MB offset 68886720
21:25:54.229 Disk 0 scanning sectors +78140160
21:25:54.599 Disk 0 scanning C:\WINDOWS\system32\drivers
21:26:20.166 Service scanning
21:26:21.588 Modules scanning
21:26:48.246 Disk 0 trace - called modules:
21:26:48.266 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:26:48.587 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a719ab8]
21:26:48.587 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000081[0x8a6ddf18]
21:26:48.587 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a724d98]
21:26:49.057 AVAST engine scan C:\WINDOWS
21:27:36.225 AVAST engine scan C:\WINDOWS\system32
21:28:24.795 File: C:\WINDOWS\system32\igfxrhebh.dll **INFECTED** Win32:Diller-C [Trj]
21:31:32.204 AVAST engine scan C:\WINDOWS\system32\drivers
21:31:58.282 AVAST engine scan C:\Documents and Settings\IBM USER
21:33:33.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\MBR.dat"
21:33:33.359 The log file has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\aswMBR.txt"

#6 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 02 February 2012 - 10:11 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by IBM USER (administrator) on 02-02-2012 at 21:24:07
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
206.53.61.77 google.ae
206.53.61.77 google.as
206.53.61.77 google.at
206.53.61.77 google.az
206.53.61.77 google.ba
206.53.61.77 google.be
206.53.61.77 google.bg
206.53.61.77 google.bs
206.53.61.77 google.ca
206.53.61.77 google.cd
206.53.61.77 google.com.gh
206.53.61.77 google.com.hk
206.53.61.77 google.com.jm
206.53.61.77 google.com.mx
206.53.61.77 google.com.my
206.53.61.77 google.com.na
206.53.61.77 google.com.nf
206.53.61.77 google.com.ng
206.53.61.77 google.ch
206.53.61.77 google.com.np
206.53.61.77 google.com.pr
206.53.61.77 google.com.qa
206.53.61.77 google.com.sg
206.53.61.77 google.com.tj
206.53.61.77 google.com.tw
206.53.61.77 google.dj
206.53.61.77 google.de
206.53.61.77 google.dk
206.53.61.77 google.dm
206.53.61.77 google.ee
206.53.61.77 google.fi
206.53.61.77 google.fm
206.53.61.77 google.fr
206.53.61.77 google.ge
206.53.61.77 google.gg
206.53.61.77 google.gm
206.53.61.77 google.gr
206.53.61.77 google.ht
206.53.61.77 google.ie
206.53.61.77 google.im
206.53.61.77 google.in
206.53.61.77 google.it
206.53.61.77 google.ki
206.53.61.77 google.la
206.53.61.77 google.li
206.53.61.77 google.lv
206.53.61.77 google.ma
206.53.61.77 google.ms
206.53.61.77 google.mu
206.53.61.77 google.mw
206.53.61.77 google.nl
206.53.61.77 google.no
206.53.61.77 google.nr
206.53.61.77 google.nu
206.53.61.77 google.pl
206.53.61.77 google.pn
206.53.61.77 google.pt
206.53.61.77 google.ro
206.53.61.77 google.ru
206.53.61.77 google.rw
206.53.61.77 google.sc
206.53.61.77 google.se
206.53.61.77 google.sh
206.53.61.77 google.si
206.53.61.77 google.sm
206.53.61.77 google.sn
206.53.61.77 google.st
206.53.61.77 google.tl
206.53.61.77 google.tm
206.53.61.77 google.tt
206.53.61.77 google.us
206.53.61.77 google.vu
206.53.61.77 google.ws
206.53.61.77 google.co.ck
206.53.61.77 google.co.id
206.53.61.77 google.co.il
206.53.61.77 google.co.in
206.53.61.77 google.co.jp
206.53.61.77 google.co.kr
206.53.61.77 google.co.ls
206.53.61.77 google.co.ma
206.53.61.77 google.co.nz
206.53.61.77 google.co.tz
206.53.61.77 google.co.ug
206.53.61.77 google.co.uk
206.53.61.77 google.co.za
206.53.61.77 google.co.zm
206.53.61.77 google.com
206.53.61.77 google.com.af
206.53.61.77 google.com.ag
206.53.61.77 google.com.ar
206.53.61.77 google.com.au
206.53.61.77 google.com.bn
206.53.61.77 google.com.br
206.53.61.77 google.com.by
206.53.61.77 google.com.bz
206.53.61.77 google.com.cu
206.53.61.77 google.com.ec
206.53.61.77 google.com.fj
206.53.61.77 www.google.ae
206.53.61.77 www.google.as
206.53.61.77 www.google.at
206.53.61.77 www.google.az
206.53.61.77 www.google.ba
206.53.61.77 www.google.be
206.53.61.77 www.google.bg
206.53.61.77 www.google.bs
206.53.61.77 www.google.ca
206.53.61.77 www.google.cd
206.53.61.77 www.google.com.gh
206.53.61.77 www.google.com.hk
206.53.61.77 www.google.com.jm
206.53.61.77 www.google.com.mx
206.53.61.77 www.google.com.my
206.53.61.77 www.google.com.na
206.53.61.77 www.google.com.nf
206.53.61.77 www.google.com.ng
206.53.61.77 www.google.ch
206.53.61.77 www.google.com.np
206.53.61.77 www.google.com.pr
206.53.61.77 www.google.com.qa
206.53.61.77 www.google.com.sg
206.53.61.77 www.google.com.tj
206.53.61.77 www.google.com.tw
206.53.61.77 www.google.dj
206.53.61.77 www.google.de
206.53.61.77 www.google.dk
206.53.61.77 www.google.dm
206.53.61.77 www.google.ee
206.53.61.77 www.google.fi
206.53.61.77 www.google.fm
206.53.61.77 www.google.fr
206.53.61.77 www.google.ge
206.53.61.77 www.google.gg
206.53.61.77 www.google.gm
206.53.61.77 www.google.gr
206.53.61.77 www.google.ht
206.53.61.77 www.google.ie
206.53.61.77 www.google.im
206.53.61.77 www.google.in
206.53.61.77 www.google.it
206.53.61.77 www.google.ki
206.53.61.77 www.google.la
206.53.61.77 www.google.li
206.53.61.77 www.google.lv
206.53.61.77 www.google.ma
206.53.61.77 www.google.ms
206.53.61.77 www.google.mu
206.53.61.77 www.google.mw
206.53.61.77 www.google.nl
206.53.61.77 www.google.no
206.53.61.77 www.google.nr
206.53.61.77 www.google.nu
206.53.61.77 www.google.pl
206.53.61.77 www.google.pn
206.53.61.77 www.google.pt
206.53.61.77 www.google.ro
206.53.61.77 www.google.ru
206.53.61.77 www.google.rw
206.53.61.77 www.google.sc
206.53.61.77 www.google.se
206.53.61.77 www.google.sh
206.53.61.77 www.google.si
206.53.61.77 www.google.sm
206.53.61.77 www.google.sn
206.53.61.77 www.google.st
206.53.61.77 www.google.tl
206.53.61.77 www.google.tm
206.53.61.77 www.google.tt
206.53.61.77 www.google.us
206.53.61.77 www.google.vu
206.53.61.77 www.google.ws
206.53.61.77 www.google.co.ck
206.53.61.77 www.google.co.id
206.53.61.77 www.google.co.il
206.53.61.77 www.google.co.in
206.53.61.77 www.google.co.jp
206.53.61.77 www.google.co.kr
206.53.61.77 www.google.co.ls
206.53.61.77 www.google.co.ma
206.53.61.77 www.google.co.nz
206.53.61.77 www.google.co.tz
206.53.61.77 www.google.co.ug
206.53.61.77 www.google.co.uk
206.53.61.77 www.google.co.za
206.53.61.77 www.google.co.zm
206.53.61.77 www.google.com
206.53.61.77 www.google.com.af
206.53.61.77 www.google.com.ag
206.53.61.77 www.google.com.ar
206.53.61.77 www.google.com.au
206.53.61.77 www.google.com.bn
206.53.61.77 www.google.com.br
206.53.61.77 www.google.com.by
206.53.61.77 www.google.com.bz
206.53.61.77 www.google.com.cu
206.53.61.77 www.google.com.ec
206.53.61.77 www.google.com.fj
206.53.61.77 google.com
206.53.61.77 www.google.com
206.53.61.77 bing.com
206.53.61.77 www.bing.com
206.53.61.77 search.yahoo.com
206.53.61.77 www.search.yahoo.com
206.53.61.77 search.live.com
206.53.61.77 search.msn.com

127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com

There are 6529 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Disconnected)
Wireless-G Notebook Adapter WPC54G V3 = Wireless Network Connection 2 (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : IBM-BB3D939A762

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0A-E4-38-73-D1



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Wireless-G Notebook Adapter WPC54G V3

Physical Address. . . . . . . . . : 00-18-F8-C5-91-34

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.23

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, February 02, 2012 5:27:00 PM

Lease Expires . . . . . . . . . . : Friday, February 03, 2012 5:27:00 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.115.104, 74.125.115.105, 74.125.115.106, 74.125.115.147
74.125.115.99, 74.125.115.103



Pinging google.com [206.53.61.77] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 206.53.61.77:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=154ms TTL=48

Reply from 209.191.122.70: bytes=32 time=54ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 154ms, Average = 104ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0a e4 38 73 d1 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 18 f8 c5 91 34 ...... Wireless-G Notebook Adapter WPC54G V3 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.23 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.23 192.168.1.23 20
192.168.1.0 255.255.255.0 192.168.1.23 192.168.1.23 25
192.168.1.23 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.23 192.168.1.23 25
224.0.0.0 240.0.0.0 192.168.1.23 192.168.1.23 25
255.255.255.255 255.255.255.255 192.168.1.23 2 1
255.255.255.255 255.255.255.255 192.168.1.23 192.168.1.23 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/02/2012 02:04:49 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)

Error: (02/02/2012 02:03:57 PM) (Source: Application Error) (User: )
Description: Faulting application ccSvcHst.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (ccSvcHst.exe!ld!)

Error: (02/02/2012 01:40:45 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (02/01/2012 11:09:25 PM) (Source: Application Hang) (User: )
Description: Hanging application Safari.exe, version 5.33.21.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/21/2011 07:01:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/21/2011 07:01:29 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/21/2011 07:01:24 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/21/2011 07:01:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/19/2011 07:01:52 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/19/2011 07:01:50 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/02/2012 02:15:07 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/02/2012 02:13:38 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/02/2012 02:13:24 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/02/2012 02:03:32 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Error: (02/02/2012 02:03:02 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.

Error: (02/02/2012 02:02:32 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Error: (02/02/2012 02:02:02 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Error: (02/02/2012 02:01:32 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Error: (02/01/2012 11:38:38 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf8548ac, parameter3 ef5c5ac4, parameter4 00000000.

Error: (02/01/2012 10:56:13 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (02/02/2012 02:04:49 PM) (Source: Application Error)(User: )
Description: svchost.exe0.0.0.0unknown0.0.0.000000000

Error: (02/02/2012 02:03:57 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe0.0.0.0unknown0.0.0.000000000

Error: (02/02/2012 01:40:45 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (02/01/2012 11:09:25 PM) (Source: Application Hang)(User: )
Description: Safari.exe5.33.21.1hungapp0.0.0.000000000

Error: (12/21/2011 07:01:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/21/2011 07:01:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/21/2011 07:01:24 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/21/2011 07:01:19 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/19/2011 07:01:52 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/19/2011 07:01:50 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Access IBM (Version: 4.51)
Access IBM Message Center (Version: 2.100)
Adobe AIR (Version: 1.1.0.5790)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.0)
Adobe Reader 7.0.9 (Version: 7.0.9)
Adobe Shockwave Player (Version: 11)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.1.116)
Bonjour (Version: 2.0.5.0)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.1.0.20)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
FlipShare (Version: 5.0.5.52727)
Google Chrome (Version: 16.0.912.77)
Google Update Helper (Version: 1.3.21.99)
IBM 32-bit Runtime Environment for Java 2, v1.4.1 (Version: 1.4.1)
IBM Access Connections (Version: 3.30)
IBM DLA (Version: 4.95)
IBM Integrated 56K Modem (Version: 7.02.03)
IBM RecordNow! (Version: 7.22)
IBM Rescue and Recovery with Rapid Restore (Version: 1.00.0033.004)
IBM Themes (Version: 1.00.0000)
IBM ThinkPad Battery MaxiMiser and Power Management Features (Version: 1.37)
IBM ThinkPad Configuration (Version: 1.36)
IBM ThinkPad EasyEject Utility (Version: 2.04)
IBM ThinkPad Keyboard Customizer Utility (Version: 1.2.92.0)
IBM ThinkPad Power Management Driver (Version: 1.26)
IBM ThinkPad Presentation Director (Version: 2.31)
IBM ThinkVantage Technologies Welcome Message (Version: 1.00)
IBM TrackPoint Accessibility Features (Version: 1.06.0.0)
IBM TrackPoint Support (Version: 3.12.0.0)
IBM Update Connector (Version: 6.10)
IncrediMail Xe (Version: 5.2.5.2670)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.3879)
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD (Version: 5.0-B11.250)
iTunes (Version: 10.3.1.55)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers (Version: 10.0.6626.0)
Microsoft Picture It! Photo 7.0 (Version: 7.0.0.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MobileMe Control Panel (Version: 3.1.6.0)
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Odyssey Client (Version: )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PCFriendly
QuickTime (Version: 7.69.80.9)
Rhapsody Player Engine (Version: 1.0.2.636)
Royal Vegas Casino (Version: 16.2.0.5898)
Smilebox
Sonic Update Manager (Version: 2.9)
ThinkPad FullScreen Magnifier (Version: 1.10)
ThinkPad Software Installer (Version: 2.30.0481)
Ultimate Writing & Creativity Center
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Wallpapers (Version: 2.0)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Wireless-G Notebook Adapter
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 2038.42 MB
Available physical RAM: 1355.02 MB
Total Pagefile: 2645.07 MB
Available Pagefile: 2217.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.23 MB

========================= Partitions: =====================================

1 Drive c: (IBM_PRELOAD) (Fixed) (Total:32.85 GB) (Free:0.27 GB) NTFS

========================= Users: ========================================

User accounts for \\IBM-BB3D939A762

Administrator ASPNET Guest
HelpAssistant IBM USER SUPPORT_388945a0


**** End of log ****

It looks like aswMBR is still scanning so that result may not be accurate.

Thanks!

#7 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 02 February 2012 - 10:21 PM

Here is the most up to date aswMBR scan log



aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-02 21:20:04
-----------------------------
21:20:04.415 OS Version: Windows 5.1.2600 Service Pack 3
21:20:04.415 Number of processors: 1 586 0xD06
21:20:04.415 ComputerName: IBM-BB3D939A762 UserName: IBM USER
21:20:05.357 Initialize success
21:25:17.976 AVAST engine defs: 12020202
21:25:53.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:25:53.878 Disk 0 Vendor: HTS424040M9AT00 MA2IA75A Size: 38154MB BusType: 3
21:25:54.038 Disk 0 MBR read successfully
21:25:54.038 Disk 0 MBR scan
21:25:54.088 Disk 0 unknown MBR code
21:25:54.148 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 33636 MB offset 63
21:25:54.168 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 4518 MB offset 68886720
21:25:54.229 Disk 0 scanning sectors +78140160
21:25:54.599 Disk 0 scanning C:\WINDOWS\system32\drivers
21:26:20.166 Service scanning
21:26:21.588 Modules scanning
21:26:48.246 Disk 0 trace - called modules:
21:26:48.266 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:26:48.587 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a719ab8]
21:26:48.587 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000081[0x8a6ddf18]
21:26:48.587 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a724d98]
21:26:49.057 AVAST engine scan C:\WINDOWS
21:27:36.225 AVAST engine scan C:\WINDOWS\system32
21:28:24.795 File: C:\WINDOWS\system32\igfxrhebh.dll **INFECTED** Win32:Diller-C [Trj]
21:31:32.204 AVAST engine scan C:\WINDOWS\system32\drivers
21:31:58.282 AVAST engine scan C:\Documents and Settings\IBM USER
21:33:33.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\MBR.dat"
21:33:33.359 The log file has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-02 21:20:04
-----------------------------
21:20:04.415 OS Version: Windows 5.1.2600 Service Pack 3
21:20:04.415 Number of processors: 1 586 0xD06
21:20:04.415 ComputerName: IBM-BB3D939A762 UserName: IBM USER
21:20:05.357 Initialize success
21:25:17.976 AVAST engine defs: 12020202
21:25:53.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:25:53.878 Disk 0 Vendor: HTS424040M9AT00 MA2IA75A Size: 38154MB BusType: 3
21:25:54.038 Disk 0 MBR read successfully
21:25:54.038 Disk 0 MBR scan
21:25:54.088 Disk 0 unknown MBR code
21:25:54.148 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 33636 MB offset 63
21:25:54.168 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 4518 MB offset 68886720
21:25:54.229 Disk 0 scanning sectors +78140160
21:25:54.599 Disk 0 scanning C:\WINDOWS\system32\drivers
21:26:20.166 Service scanning
21:26:21.588 Modules scanning
21:26:48.246 Disk 0 trace - called modules:
21:26:48.266 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:26:48.587 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a719ab8]
21:26:48.587 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000081[0x8a6ddf18]
21:26:48.587 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a724d98]
21:26:49.057 AVAST engine scan C:\WINDOWS
21:27:36.225 AVAST engine scan C:\WINDOWS\system32
21:28:24.795 File: C:\WINDOWS\system32\igfxrhebh.dll **INFECTED** Win32:Diller-C [Trj]
21:31:32.204 AVAST engine scan C:\WINDOWS\system32\drivers
21:31:58.282 AVAST engine scan C:\Documents and Settings\IBM USER
21:33:33.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\MBR.dat"
21:33:33.359 The log file has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\aswMBR.txt"
21:40:05.713 AVAST engine scan C:\Documents and Settings\All Users
22:19:59.315 Scan finished successfully
22:20:10.230 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\MBR.dat"
22:20:10.230 The log file has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\aswMBR.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 PM

Posted 02 February 2012 - 11:31 PM

I want you to run TDSSkiller once and select DELETE option for TDSSfilesystem

Download

http://go.microsoft.com/?linkid=9668866

Run the fixit,restart the PC,run minitoolbox again,check HOSTS option alone and post the log

Navigate to C:\WINDOWS\system32\igfxrhebh.dll

Upload the file to

https://www.virustotal.com/

click on SCAN file and post the generated log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 02 February 2012 - 11:32 PM.


#9 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 285 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 13 February 2012 - 01:00 AM

Hey there,

I thank you for your responses, but I just ended up formatting the computer. It was the easiest thing to do and the person who owned it had nothing on it anyways.

Thanks again!!!!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 PM

Posted 13 February 2012 - 01:09 AM

No problem :thumbsup:

Thanks for letting us know :thumbup2:

safe surfing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users