Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • Please log in to reply
10 replies to this topic

#1 mattbenedetti

mattbenedetti

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 08 October 2011 - 05:20 PM

Hello masters of the techno-verse...

I posted in this section a couple of days ago about a google redirect virus infection, but I think i may have been a little vaugue and have yet to hear a response. I hope that this isn't violating any ettiquette. I know you are all very busy helping other people, and I am being patient... but I am getting worried that this virus is going to attack my browser, in which case i wont be able to communicate with your volunteers, so I thought I would post again with a little more description, because this virus is getting worse, and attacking more programs.

The virus first revealed itself by sending about a half dozen pop ups from windows security center that were telling me that programs like 'real player' and 'wrcon.exe' and other microsoft programs were questionable, and asking if i should block them or allow them. I just left the windows open, because i wasnt sure what to do. The next time i used my web browser, google would redirect me to ad sites. I went and downloaded malwarebytes to run a scan, and malware would open for a moment, and then close before the scan began, and then the icon changed from the 'M' to an unknown file type icon. In the past 2 days, more programs have stopped running. I am unable to run video files, or any malware scan software, and I'm sure there are other programs that have been infected that i have not tried to open yet.

I apologize for the double post, but I am worried that once my browser is infected and rendered inoperable, that i won't be able to communicate with you and will be up that proverbial creek without a paddle, because this is my only computer.

I understand that there is going to be a wait, but if someone could just tell me if i should shut down my computer so the virus doesn't spread, that would be great, because i work from my computer and have been using it, and i don't know if this is opening me up for further damage.

Thanks so much everyone!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 08 October 2011 - 10:13 PM

Ok,I'l close that in case someone decides to reply there.

try running this then MBAm again.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer




Use Inherit.exe to fix inappropriate permissions.
Use this fix, when you see a box that states “Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item”.

Download This File
Save it next to mbam.exe (this file is located in the Malwarebytes Anti-malware home folder). Once done, drag and drop mbam.exe into Inherit.exe. Click OK and attempt to run Malwarebytes Anti-malware once again.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

[color="#008000"] Note:
When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mattbenedetti

mattbenedetti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 08 October 2011 - 10:52 PM

TDSKILLER

20:46:29.0119 5424 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
20:46:29.0493 5424 ============================================================
20:46:29.0493 5424 Current date / time: 2011/10/08 20:46:29.0493
20:46:29.0493 5424 SystemInfo:
20:46:29.0493 5424
20:46:29.0493 5424 OS Version: 6.0.6001 ServicePack: 1.0
20:46:29.0493 5424 Product type: Workstation
20:46:29.0493 5424 ComputerName: DUSTIN-PC
20:46:29.0493 5424 UserName: Dustin
20:46:29.0493 5424 Windows directory: C:\Windows
20:46:29.0493 5424 System windows directory: C:\Windows
20:46:29.0493 5424 Processor architecture: Intel x86
20:46:29.0493 5424 Number of processors: 2
20:46:29.0493 5424 Page size: 0x1000
20:46:29.0493 5424 Boot type: Normal boot
20:46:29.0493 5424 ============================================================
20:46:30.0429 5424 Initialize success
20:46:58.0447 3416 ============================================================
20:46:58.0447 3416 Scan started
20:46:58.0447 3416 Mode: Manual;
20:46:58.0447 3416 ============================================================
20:46:59.0180 3416 49e51e7e (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\2115953993:3055214977.exe
20:46:59.0180 3416 Suspicious file (Hidden): C:\Windows\2115953993:3055214977.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
20:46:59.0180 3416 49e51e7e ( HiddenFile.Multi.Generic ) - warning
20:46:59.0180 3416 49e51e7e - detected HiddenFile.Multi.Generic (1)
20:46:59.0289 3416 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:46:59.0305 3416 ACPI - ok
20:46:59.0352 3416 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:46:59.0352 3416 adp94xx - ok
20:46:59.0383 3416 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:46:59.0383 3416 adpahci - ok
20:46:59.0398 3416 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:46:59.0398 3416 adpu160m - ok
20:46:59.0461 3416 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:46:59.0461 3416 adpu320 - ok
20:46:59.0554 3416 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
20:46:59.0554 3416 AFD - ok
20:46:59.0586 3416 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:46:59.0586 3416 agp440 - ok
20:46:59.0664 3416 ahcix86s (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
20:46:59.0664 3416 ahcix86s - ok
20:46:59.0695 3416 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:46:59.0695 3416 aic78xx - ok
20:46:59.0726 3416 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:46:59.0726 3416 aliide - ok
20:46:59.0757 3416 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:46:59.0757 3416 amdagp - ok
20:46:59.0773 3416 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:46:59.0773 3416 amdide - ok
20:46:59.0788 3416 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:46:59.0788 3416 AmdK7 - ok
20:46:59.0820 3416 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
20:46:59.0820 3416 AmdK8 - ok
20:46:59.0882 3416 ApfiltrService (0ed1a5b7a8ae5939a92ea1ec39e16d21) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:46:59.0882 3416 ApfiltrService - ok
20:46:59.0944 3416 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:46:59.0944 3416 arc - ok
20:46:59.0991 3416 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:46:59.0991 3416 arcsas - ok
20:47:00.0022 3416 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:00.0022 3416 AsyncMac - ok
20:47:00.0038 3416 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:47:00.0038 3416 atapi - ok
20:47:00.0100 3416 athr (99d78248bfd454bfa9b5bec37350fade) C:\Windows\system32\DRIVERS\athr.sys
20:47:00.0116 3416 athr - ok
20:47:00.0272 3416 atikmdag (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
20:47:00.0319 3416 atikmdag - ok
20:47:00.0334 3416 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:47:00.0334 3416 AtiPcie - ok
20:47:00.0412 3416 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:47:00.0412 3416 AVGIDSEH - ok
20:47:00.0537 3416 BCM43XX (e22abcaa7b6ff580feb0d49545dc4263) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:47:00.0553 3416 BCM43XX - ok
20:47:00.0615 3416 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:47:00.0615 3416 Beep - ok
20:47:00.0646 3416 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:47:00.0646 3416 blbdrive - ok
20:47:00.0756 3416 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
20:47:00.0756 3416 bowser - ok
20:47:00.0787 3416 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:47:00.0787 3416 BrFiltLo - ok
20:47:00.0818 3416 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:47:00.0818 3416 BrFiltUp - ok
20:47:00.0834 3416 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:47:00.0834 3416 Brserid - ok
20:47:00.0849 3416 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:47:00.0849 3416 BrSerWdm - ok
20:47:00.0880 3416 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:47:00.0880 3416 BrUsbMdm - ok
20:47:00.0896 3416 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:47:00.0896 3416 BrUsbSer - ok
20:47:00.0912 3416 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:47:00.0912 3416 BTHMODEM - ok
20:47:00.0958 3416 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:47:00.0958 3416 cdfs - ok
20:47:00.0974 3416 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:47:00.0974 3416 cdrom - ok
20:47:01.0005 3416 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:47:01.0005 3416 circlass - ok
20:47:01.0052 3416 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:47:01.0052 3416 CLFS - ok
20:47:01.0146 3416 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:01.0146 3416 CmBatt - ok
20:47:01.0177 3416 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:47:01.0177 3416 cmdide - ok
20:47:01.0208 3416 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:47:01.0208 3416 Compbatt - ok
20:47:01.0224 3416 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:47:01.0224 3416 crcdisk - ok
20:47:01.0239 3416 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:47:01.0239 3416 Crusoe - ok
20:47:01.0333 3416 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
20:47:01.0333 3416 DfsC - ok
20:47:01.0380 3416 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:47:01.0380 3416 disk - ok
20:47:01.0411 3416 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:47:01.0411 3416 DKbFltr - ok
20:47:01.0473 3416 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:47:01.0473 3416 Dot4 - ok
20:47:01.0536 3416 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:47:01.0536 3416 Dot4Print - ok
20:47:01.0598 3416 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:47:01.0598 3416 dot4usb - ok
20:47:01.0692 3416 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys
20:47:01.0692 3416 DritekPortIO - ok
20:47:01.0801 3416 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:47:01.0801 3416 drmkaud - ok
20:47:01.0879 3416 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:47:01.0879 3416 dtsoftbus01 - ok
20:47:01.0910 3416 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:47:01.0910 3416 DXGKrnl - ok
20:47:01.0957 3416 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:47:01.0957 3416 E1G60 - ok
20:47:02.0004 3416 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:47:02.0004 3416 Ecache - ok
20:47:02.0050 3416 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:47:02.0050 3416 elxstor - ok
20:47:02.0097 3416 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:47:02.0097 3416 ErrDev - ok
20:47:02.0144 3416 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:47:02.0160 3416 exfat - ok
20:47:02.0175 3416 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:47:02.0175 3416 fastfat - ok
20:47:02.0222 3416 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:47:02.0238 3416 fdc - ok
20:47:02.0269 3416 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:47:02.0269 3416 FileInfo - ok
20:47:02.0284 3416 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:47:02.0284 3416 Filetrace - ok
20:47:02.0300 3416 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:02.0300 3416 flpydisk - ok
20:47:02.0331 3416 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:47:02.0331 3416 FltMgr - ok
20:47:02.0362 3416 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:47:02.0362 3416 Fs_Rec - ok
20:47:02.0378 3416 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:47:02.0378 3416 gagp30kx - ok
20:47:02.0409 3416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:47:02.0409 3416 GEARAspiWDM - ok
20:47:02.0596 3416 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:47:02.0596 3416 HdAudAddService - ok
20:47:02.0674 3416 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:47:02.0674 3416 HDAudBus - ok
20:47:02.0690 3416 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:47:02.0690 3416 HidBth - ok
20:47:02.0721 3416 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:47:02.0721 3416 HidIr - ok
20:47:02.0752 3416 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:47:02.0752 3416 HidUsb - ok
20:47:02.0784 3416 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:47:02.0784 3416 HpCISSs - ok
20:47:02.0862 3416 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
20:47:02.0877 3416 HTTP - ok
20:47:02.0893 3416 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:47:02.0893 3416 i2omp - ok
20:47:02.0924 3416 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:47:02.0924 3416 i8042prt - ok
20:47:02.0955 3416 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:47:02.0971 3416 iaStorV - ok
20:47:02.0986 3416 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:47:02.0986 3416 iirsp - ok
20:47:03.0111 3416 IntcAzAudAddService (33a8c13c71698218be432020cc668d5c) C:\Windows\system32\drivers\RTKVHDA.sys
20:47:03.0142 3416 IntcAzAudAddService - ok
20:47:03.0205 3416 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:47:03.0205 3416 intelide - ok
20:47:03.0236 3416 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:47:03.0252 3416 intelppm - ok
20:47:03.0267 3416 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:03.0267 3416 IpFilterDriver - ok
20:47:03.0298 3416 IpInIp - ok
20:47:03.0314 3416 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:47:03.0314 3416 IPMIDRV - ok
20:47:03.0345 3416 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:47:03.0345 3416 IPNAT - ok
20:47:03.0376 3416 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:47:03.0376 3416 IRENUM - ok
20:47:03.0408 3416 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:47:03.0408 3416 isapnp - ok
20:47:03.0423 3416 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:47:03.0423 3416 iScsiPrt - ok
20:47:03.0439 3416 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:47:03.0454 3416 iteatapi - ok
20:47:03.0486 3416 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:47:03.0486 3416 iteraid - ok
20:47:03.0517 3416 kbdclass (1e9ba92f2b971f07b0772b9f805f5a0c) C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:03.0517 3416 Suspicious file (Forged): C:\Windows\system32\DRIVERS\kbdclass.sys. Real md5: 1e9ba92f2b971f07b0772b9f805f5a0c, Fake md5: 37605e0a8cf00cbba538e753e4344c6e
20:47:03.0517 3416 kbdclass ( Rootkit.Win32.ZAccess.e ) - infected
20:47:03.0517 3416 kbdclass - detected Rootkit.Win32.ZAccess.e (0)
20:47:03.0532 3416 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:03.0532 3416 kbdhid - ok
20:47:03.0610 3416 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
20:47:03.0626 3416 KSecDD - ok
20:47:03.0673 3416 L1C - ok
20:47:03.0720 3416 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:47:03.0720 3416 lltdio - ok
20:47:03.0782 3416 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:47:03.0798 3416 LSI_FC - ok
20:47:03.0813 3416 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:47:03.0813 3416 LSI_SAS - ok
20:47:03.0844 3416 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:47:03.0844 3416 LSI_SCSI - ok
20:47:03.0860 3416 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:47:03.0860 3416 luafv - ok
20:47:03.0907 3416 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:47:03.0907 3416 megasas - ok
20:47:03.0954 3416 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:47:03.0954 3416 MegaSR - ok
20:47:03.0985 3416 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:47:03.0985 3416 Modem - ok
20:47:04.0016 3416 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:47:04.0016 3416 monitor - ok
20:47:04.0047 3416 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:47:04.0047 3416 mouclass - ok
20:47:04.0047 3416 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:47:04.0047 3416 mouhid - ok
20:47:04.0078 3416 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:47:04.0078 3416 MountMgr - ok
20:47:04.0094 3416 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:47:04.0094 3416 mpio - ok
20:47:04.0125 3416 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:47:04.0125 3416 mpsdrv - ok
20:47:04.0156 3416 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:47:04.0156 3416 Mraid35x - ok
20:47:04.0266 3416 MREMP50 - ok
20:47:04.0281 3416 MRESP50 - ok
20:47:04.0297 3416 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:47:04.0297 3416 MRxDAV - ok
20:47:04.0359 3416 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:04.0375 3416 mrxsmb - ok
20:47:04.0406 3416 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:04.0422 3416 mrxsmb10 - ok
20:47:04.0437 3416 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:04.0437 3416 mrxsmb20 - ok
20:47:04.0468 3416 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:47:04.0468 3416 msahci - ok
20:47:04.0515 3416 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:47:04.0515 3416 msdsm - ok
20:47:04.0546 3416 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:47:04.0546 3416 Msfs - ok
20:47:04.0609 3416 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:47:04.0609 3416 msisadrv - ok
20:47:04.0687 3416 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:47:04.0687 3416 MSKSSRV - ok
20:47:04.0687 3416 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:04.0687 3416 MSPCLOCK - ok
20:47:04.0718 3416 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:47:04.0718 3416 MSPQM - ok
20:47:04.0749 3416 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:47:04.0749 3416 MsRPC - ok
20:47:04.0780 3416 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:47:04.0780 3416 mssmbios - ok
20:47:04.0796 3416 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:47:04.0796 3416 MSTEE - ok
20:47:04.0812 3416 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:47:04.0827 3416 Mup - ok
20:47:04.0858 3416 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:47:04.0858 3416 mwlPSDFilter - ok
20:47:04.0905 3416 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:47:04.0905 3416 mwlPSDNServ - ok
20:47:04.0921 3416 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:47:04.0921 3416 mwlPSDVDisk - ok
20:47:04.0999 3416 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:47:04.0999 3416 NativeWifiP - ok
20:47:05.0030 3416 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:47:05.0061 3416 NDIS - ok
20:47:05.0092 3416 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:05.0092 3416 NdisTapi - ok
20:47:05.0108 3416 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:05.0108 3416 Ndisuio - ok
20:47:05.0139 3416 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:05.0139 3416 NdisWan - ok
20:47:05.0155 3416 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:47:05.0155 3416 NDProxy - ok
20:47:05.0186 3416 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:47:05.0186 3416 NetBIOS - ok
20:47:05.0202 3416 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:47:05.0202 3416 netbt - ok
20:47:05.0233 3416 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:47:05.0248 3416 nfrd960 - ok
20:47:05.0264 3416 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:47:05.0264 3416 Npfs - ok
20:47:05.0295 3416 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:47:05.0295 3416 nsiproxy - ok
20:47:05.0342 3416 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:47:05.0373 3416 Ntfs - ok
20:47:05.0420 3416 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\Drivers\NTIDrvr.sys
20:47:05.0420 3416 NTIDrvr - ok
20:47:05.0451 3416 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:47:05.0451 3416 ntrigdigi - ok
20:47:05.0467 3416 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:47:05.0467 3416 Null - ok
20:47:05.0529 3416 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:47:05.0529 3416 nvraid - ok
20:47:05.0545 3416 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:47:05.0545 3416 nvstor - ok
20:47:05.0607 3416 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:47:05.0607 3416 nv_agp - ok
20:47:05.0623 3416 NwlnkFlt - ok
20:47:05.0638 3416 NwlnkFwd - ok
20:47:05.0685 3416 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:47:05.0701 3416 ohci1394 - ok
20:47:05.0732 3416 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:47:05.0732 3416 Parport - ok
20:47:05.0748 3416 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:47:05.0748 3416 partmgr - ok
20:47:05.0763 3416 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:47:05.0763 3416 Parvdm - ok
20:47:05.0810 3416 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
20:47:05.0810 3416 PCASp50 - ok
20:47:05.0841 3416 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:47:05.0841 3416 pci - ok
20:47:05.0872 3416 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:47:05.0872 3416 pciide - ok
20:47:05.0904 3416 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:47:05.0904 3416 pcmcia - ok
20:47:05.0950 3416 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\Windows\system32\PCTINDIS5.SYS
20:47:05.0950 3416 PCTINDIS5 - ok
20:47:05.0997 3416 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:47:06.0028 3416 PEAUTH - ok
20:47:06.0106 3416 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:47:06.0106 3416 PptpMiniport - ok
20:47:06.0122 3416 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:47:06.0122 3416 Processor - ok
20:47:06.0153 3416 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:47:06.0153 3416 PSched - ok
20:47:06.0216 3416 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:47:06.0247 3416 ql2300 - ok
20:47:06.0278 3416 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:47:06.0294 3416 ql40xx - ok
20:47:06.0309 3416 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:47:06.0309 3416 QWAVEdrv - ok
20:47:06.0325 3416 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:47:06.0325 3416 RasAcd - ok
20:47:06.0356 3416 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:06.0356 3416 Rasl2tp - ok
20:47:06.0372 3416 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:06.0372 3416 RasPppoe - ok
20:47:06.0403 3416 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:47:06.0403 3416 RasSstp - ok
20:47:06.0434 3416 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:47:06.0434 3416 rdbss - ok
20:47:06.0450 3416 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:06.0450 3416 RDPCDD - ok
20:47:06.0496 3416 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:47:06.0496 3416 rdpdr - ok
20:47:06.0512 3416 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:47:06.0512 3416 RDPENCDD - ok
20:47:06.0574 3416 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:47:06.0574 3416 RDPWD - ok
20:47:06.0684 3416 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
20:47:06.0684 3416 RimVSerPort - ok
20:47:06.0699 3416 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
20:47:06.0699 3416 ROOTMODEM - ok
20:47:06.0746 3416 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:47:06.0746 3416 rspndr - ok
20:47:06.0808 3416 RTSTOR (6ffd4476cd7ba3b402458fda3fb62e87) C:\Windows\system32\drivers\RTSTOR.SYS
20:47:06.0808 3416 RTSTOR - ok
20:47:06.0824 3416 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:47:06.0824 3416 sbp2port - ok
20:47:06.0871 3416 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:47:06.0871 3416 secdrv - ok
20:47:06.0902 3416 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:47:06.0902 3416 Serenum - ok
20:47:06.0933 3416 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:47:06.0933 3416 Serial - ok
20:47:06.0949 3416 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:47:06.0949 3416 sermouse - ok
20:47:06.0996 3416 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:47:06.0996 3416 sffdisk - ok
20:47:07.0011 3416 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:47:07.0027 3416 sffp_mmc - ok
20:47:07.0027 3416 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:47:07.0042 3416 sffp_sd - ok
20:47:07.0042 3416 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:47:07.0058 3416 sfloppy - ok
20:47:07.0089 3416 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:47:07.0089 3416 sisagp - ok
20:47:07.0105 3416 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:47:07.0105 3416 SiSRaid2 - ok
20:47:07.0136 3416 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:47:07.0136 3416 SiSRaid4 - ok
20:47:07.0183 3416 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:47:07.0183 3416 Smb - ok
20:47:07.0214 3416 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:47:07.0214 3416 spldr - ok
20:47:07.0292 3416 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
20:47:07.0292 3416 srv - ok
20:47:07.0339 3416 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
20:47:07.0339 3416 srv2 - ok
20:47:07.0386 3416 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
20:47:07.0386 3416 srvnet - ok
20:47:07.0464 3416 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:47:07.0464 3416 swenum - ok
20:47:07.0510 3416 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\Windows\System32\drivers\swmsflt.sys
20:47:07.0510 3416 swmsflt - ok
20:47:07.0557 3416 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\Windows\system32\DRIVERS\swnc8u56.sys
20:47:07.0557 3416 SWNC8U56 - ok
20:47:07.0620 3416 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\Windows\system32\DRIVERS\swumx56.sys
20:47:07.0620 3416 SWUMX56 - ok
20:47:07.0698 3416 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:47:07.0698 3416 Symc8xx - ok
20:47:07.0729 3416 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:47:07.0729 3416 Sym_hi - ok
20:47:07.0744 3416 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:47:07.0744 3416 Sym_u3 - ok
20:47:07.0854 3416 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
20:47:07.0869 3416 Tcpip - ok
20:47:07.0900 3416 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
20:47:07.0916 3416 Tcpip6 - ok
20:47:07.0932 3416 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:47:07.0932 3416 tcpipreg - ok
20:47:07.0947 3416 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:47:07.0947 3416 TDPIPE - ok
20:47:07.0963 3416 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:47:07.0978 3416 TDTCP - ok
20:47:07.0994 3416 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:47:08.0010 3416 tdx - ok
20:47:08.0025 3416 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:47:08.0025 3416 TermDD - ok
20:47:08.0088 3416 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:08.0088 3416 tssecsrv - ok
20:47:08.0103 3416 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:47:08.0103 3416 tunmp - ok
20:47:08.0166 3416 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
20:47:08.0181 3416 tunnel - ok
20:47:08.0197 3416 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:47:08.0197 3416 uagp35 - ok
20:47:08.0228 3416 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
20:47:08.0228 3416 UBHelper - ok
20:47:08.0259 3416 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:47:08.0259 3416 udfs - ok
20:47:08.0322 3416 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:47:08.0322 3416 uliagpkx - ok
20:47:08.0353 3416 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:47:08.0353 3416 uliahci - ok
20:47:08.0384 3416 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:47:08.0384 3416 UlSata - ok
20:47:08.0415 3416 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:47:08.0415 3416 ulsata2 - ok
20:47:08.0431 3416 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:47:08.0431 3416 umbus - ok
20:47:08.0493 3416 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
20:47:08.0493 3416 USBAAPL - ok
20:47:08.0509 3416 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:47:08.0524 3416 usbccgp - ok
20:47:08.0571 3416 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:47:08.0571 3416 usbcir - ok
20:47:08.0602 3416 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
20:47:08.0602 3416 usbehci - ok
20:47:08.0665 3416 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
20:47:08.0665 3416 usbhub - ok
20:47:08.0680 3416 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
20:47:08.0696 3416 usbohci - ok
20:47:08.0727 3416 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:47:08.0727 3416 usbprint - ok
20:47:08.0774 3416 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:47:08.0790 3416 usbscan - ok
20:47:08.0821 3416 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:08.0836 3416 USBSTOR - ok
20:47:08.0868 3416 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:47:08.0868 3416 usbuhci - ok
20:47:08.0899 3416 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:47:08.0899 3416 usbvideo - ok
20:47:08.0930 3416 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:47:08.0930 3416 vga - ok
20:47:08.0946 3416 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:47:08.0946 3416 VgaSave - ok
20:47:08.0977 3416 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:47:08.0977 3416 viaagp - ok
20:47:08.0992 3416 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:47:08.0992 3416 ViaC7 - ok
20:47:09.0008 3416 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:47:09.0024 3416 viaide - ok
20:47:09.0024 3416 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:47:09.0039 3416 volmgr - ok
20:47:09.0070 3416 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:47:09.0070 3416 volmgrx - ok
20:47:09.0086 3416 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:47:09.0086 3416 volsnap - ok
20:47:09.0117 3416 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:47:09.0117 3416 vsmraid - ok
20:47:09.0148 3416 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:47:09.0148 3416 WacomPen - ok
20:47:09.0164 3416 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:47:09.0180 3416 Wanarp - ok
20:47:09.0180 3416 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:47:09.0180 3416 Wanarpv6 - ok
20:47:09.0211 3416 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:47:09.0211 3416 Wd - ok
20:47:09.0273 3416 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
20:47:09.0273 3416 WDC_SAM - ok
20:47:09.0304 3416 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:47:09.0320 3416 Wdf01000 - ok
20:47:09.0414 3416 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:47:09.0414 3416 WmiAcpi - ok
20:47:09.0507 3416 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
20:47:09.0507 3416 WpdUsb - ok
20:47:09.0538 3416 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:47:09.0538 3416 ws2ifsl - ok
20:47:09.0616 3416 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:47:09.0616 3416 WUDFRd - ok
20:47:09.0694 3416 ztemtusbser (20f4f87625edddb97b48da66ace7dc8d) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
20:47:09.0710 3416 ztemtusbser - ok
20:47:09.0788 3416 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:47:09.0819 3416 \Device\Harddisk0\DR0 - ok
20:47:09.0819 3416 Boot (0x1200) (fbb5ea6d4dadbac4e423a1481d3aa9c8) \Device\Harddisk0\DR0\Partition0
20:47:09.0819 3416 \Device\Harddisk0\DR0\Partition0 - ok
20:47:09.0819 3416 ============================================================
20:47:09.0819 3416 Scan finished
20:47:09.0819 3416 ============================================================
20:47:09.0850 4292 Detected object count: 2
20:47:09.0850 4292 Actual detected object count: 2
20:47:22.0408 4292 HKLM\SYSTEM\ControlSet001\services\49e51e7e - will be deleted on reboot
20:47:22.0486 4292 HKLM\SYSTEM\ControlSet002\services\49e51e7e - will be deleted on reboot
20:47:22.0518 4292 C:\Windows\2115953993:3055214977.exe - will be deleted on reboot
20:47:22.0518 4292 49e51e7e ( HiddenFile.Multi.Generic ) - User select action: Delete
20:47:28.0789 4292 Backup copy not found, trying to cure infected file..
20:47:28.0789 4292 Cure success, using it..
20:47:28.0789 4292 C:\Windows\system32\DRIVERS\kbdclass.sys - will be cured on reboot
20:47:28.0789 4292 kbdclass ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

Inherit

MiniToolBox by Farbar
Ran by Dustin (administrator) on 08-10-2011 at 20:45:02
Windows Vista ™ Home Basic Service Pack 1 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dustin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : att.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : att.net
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-25-56-64-82-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6cff:2f16:f710:f18c%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : October-08-11 8:34:18 PM
Lease Expires . . . . . . . . . . : October-09-11 8:34:18 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : att.net
Description . . . . . . . . . . . : isatap.att.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c7f:2c9d:93b4:8db9(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c7f:2c9d:93b4:8db9%74(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 29:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 31:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 33:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 34:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 35:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 36:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 39:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 40:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 41:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 43:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 44:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 45:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 47:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 48:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 49:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 50:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 51:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 52:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 53:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 54:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 55:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 56:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 57:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 58:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 59:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 60:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 61:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 63:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 64:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 65:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 66:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 67:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 68:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 69:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 70:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 71:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.224.51] with 32 bytes of data:

Reply from 74.125.224.51: bytes=32 time=19ms TTL=53

Reply from 74.125.224.51: bytes=32 time=19ms TTL=53



Ping statistics for 74.125.224.51:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 19ms, Average = 19ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=54ms TTL=54

Reply from 209.191.122.70: bytes=32 time=54ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 54ms, Average = 54ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 25 56 64 82 f0 ...... Broadcom 802.11g Network Adapter
1 ........................... Software Loopback Interface 1
75 ...00 00 00 00 00 00 00 e0 isatap.att.net
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
74 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
15 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
16 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
17 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
20 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
21 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
22 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
24 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
25 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
26 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
27 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
29 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
30 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
32 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
34 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
35 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
36 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
37 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
40 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
41 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
42 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
45 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
46 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
47 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
49 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
50 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
51 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
52 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
53 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
54 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
55 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
56 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
57 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
58 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
60 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
59 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
71 ...00 00 00 00 00 00 00 e0 isatap.{80308937-6715-49EB-AA69-A3A2619AD3C4}
61 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
62 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
64 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
65 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
66 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
67 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
68 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
69 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
70 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
73 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
72 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 281
192.168.1.65 255.255.255.255 On-link 192.168.1.65 281
192.168.1.255 255.255.255.255 On-link 192.168.1.65 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.65 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.65 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
74 18 ::/0 On-link
1 306 ::1/128 On-link
74 18 2001::/32 On-link
74 266 2001:0:4137:9e76:3c7f:2c9d:93b4:8db9/128
On-link
10 281 fe80::/64 On-link
74 266 fe80::/64 On-link
74 266 fe80::3c7f:2c9d:93b4:8db9/128
On-link
10 281 fe80::6cff:2f16:f710:f18c/128
On-link
1 306 ff00::/8 On-link
74 266 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/08/2011 08:45:07 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x1088, application start time 0xnslookup.exe0.

Error: (10/08/2011 08:45:04 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x1274, application start time 0xnslookup.exe0.

Error: (10/08/2011 08:43:07 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x12d0, application start time 0xnslookup.exe0.

Error: (10/08/2011 08:42:51 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x128c, application start time 0xnslookup.exe0.

Error: (10/08/2011 08:37:08 PM) (Source: Application Error) (User: )
Description: Faulting application iPodService.exe, version 10.0.1.22, time stamp 0x4c9c6091, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0043850e,
process id 0x15a4, application start time 0xiPodService.exe0.

Error: (10/08/2011 08:37:03 PM) (Source: Application Error) (User: )
Description: Faulting application IScheduleSvc.exe, version 1.0.0.26, time stamp 0x499a8206, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x004055f0,
process id 0x13e4, application start time 0xIScheduleSvc.exe0.

Error: (10/08/2011 08:35:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/08/2011 08:35:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/08/2011 08:35:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/08/2011 08:35:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/03/2011 04:13:48 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:01:04 AM on 03/07/2011 was unexpected.

Error: (07/02/2011 10:43:54 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/02/2011 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: Wmi%%2

Error: (07/02/2011 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: WmdmPmSp%%2

Error: (07/02/2011 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: uploadmgr%%2

Error: (07/02/2011 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: SRService%%2

Error: (07/02/2011 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: PCAudit%%2

Error: (07/02/2011 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: Nwsapagent%%2

Error: (07/02/2011 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: NWCWorkstation%%2

Error: (07/02/2011 10:43:47 PM) (Source: Service Control Manager) (User: )
Description: Ntmssvc%%2


Microsoft Office Sessions:
=========================
Error: (01/03/2011 06:06:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40300 seconds with 720 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
Acer Arcade Deluxe (Version: 2.5.6311)
Acer Backup Manager (Version: 1.0.0.26)
Acer ePower Management (Version: 4.00.3006)
Acer eRecovery Management (Version: 4.00.3006)
Acer GridVista (Version: 2.75.825)
Acer Registration
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 9 (Version: 9.0.0)
ALPS Touch Pad Driver (Version: Version 7.2.2002.202)
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.3.127)
AT&T Communication Manager (Version: 6.8.16.0)
ATI Catalyst Install Manager (Version: 3.0.704.0)
µTorrent (Version: 2.0.3)
Backup Manager Basic (Version: 1.0.0.26)
Baseball Mogul 2012 (Version: 14.00)
Bing Bar (Version: 7.0.822.0)
Bonjour (Version: 2.0.3.0)
BufferChm (Version: 100.0.170.000)
Carbonite Online Backup Setup (Version: 3.7.0)
Catalyst Control Center Core Implementation (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full Existing (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full New (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Light (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Previews Vista (Version: 2008.1210.1623.29379)
Catalyst Control Center InstallProxy (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Standard (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Czech (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Danish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Dutch (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Finnish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization French (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization German (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Greek (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Hungarian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Italian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Japanese (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Korean (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Norwegian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Polish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Portuguese (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Russian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Spanish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Swedish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Thai (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Turkish (Version: 2008.1210.1623.29379)
ccc-core-static (Version: 2008.1210.1623.29379)
ccc-utility (Version: 2008.1210.1623.29379)
CCC Help Chinese Standard (Version: 2008.1210.1622.29379)
CCC Help Chinese Traditional (Version: 2008.1210.1622.29379)
CCC Help Czech (Version: 2008.1210.1622.29379)
CCC Help Danish (Version: 2008.1210.1622.29379)
CCC Help Dutch (Version: 2008.1210.1622.29379)
CCC Help English (Version: 2008.1210.1622.29379)
CCC Help Finnish (Version: 2008.1210.1622.29379)
CCC Help French (Version: 2008.1210.1622.29379)
CCC Help German (Version: 2008.1210.1622.29379)
CCC Help Greek (Version: 2008.1210.1622.29379)
CCC Help Hungarian (Version: 2008.1210.1622.29379)
CCC Help Italian (Version: 2008.1210.1622.29379)
CCC Help Japanese (Version: 2008.1210.1622.29379)
CCC Help Korean (Version: 2008.1210.1622.29379)
CCC Help Norwegian (Version: 2008.1210.1622.29379)
CCC Help Polish (Version: 2008.1210.1622.29379)
CCC Help Portuguese (Version: 2008.1210.1622.29379)
CCC Help Russian (Version: 2008.1210.1622.29379)
CCC Help Spanish (Version: 2008.1210.1622.29379)
CCC Help Swedish (Version: 2008.1210.1622.29379)
CCC Help Thai (Version: 2008.1210.1622.29379)
CCC Help Turkish (Version: 2008.1210.1622.29379)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Copy (Version: 100.0.170.000)
CustomerResearchQFolder (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.41.3.0173)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F4200_Software (Version: 100.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000)
Driver Installer (Version: 2.2.0.536)
eSupportQFolder (Version: 1.00.0000)
F4200 (Version: 100.0.206.000)
F4200_Help (Version: 100.0.206.000)
Free Video to iPhone Converter version 3.3.0.712
Google Chrome (Version: 14.0.835.202)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.0.3.2197)
Google Talk Plugin (Version: 2.3.2.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.69)
GPBaseService (Version: 100.0.187.000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 4.000.007.003)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
iTunes (Version: 10.0.1.22)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Jing (Version: 2.4.10231)
Junk Mail filter update (Version: 14.0.8089.726)
Launch Manager (Version: 0.0.01)
Maia Mechanics Imaging (Version: 2.6.7)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.6.0)
Modem AC2726i UI
Motorola Driver Installation (Version: 2.8.0)
Mozilla Firefox (3.6.23) (Version: 3.6.23 (en-GB))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyWinLocker (Version: 3.1.36.0)
Nokia Connectivity Adapter Cable DKU-5
NTI Backup Now 5 (Version: 5.1.2.616)
NTI Backup Now Standard (Version: 5.1.2.616)
NTI Media Maker 8 (Version: 8.0.12.6509)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.68.75.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5776)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20118)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 10.0.0.0)
Shop for HP Supplies (Version: 10.0)
Skins (Version: 2008.1210.1623.29379)
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 100.0.175.000)
Status (Version: 100.0.175.000)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
UnloadSupport (Version: 10.0.0)
VideoToolkit01 (Version: 100.0.128.000)
VLC media player 1.1.9 (Version: 1.1.9)
Vyzex MPD26 (Version: Vyzex MPD26 v1.00)
Warcraft III Reign of Chaos & The Frozen Throne
WebReg (Version: 100.0.170.000)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Xilisoft Video Converter Ultimate 6 (Version: 6.6.0.0623)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 2813.38 MB
Available physical RAM: 1728.23 MB
Total Pagefile: 5837.31 MB
Available Pagefile: 4614.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.9 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:222.88 GB) (Free:61.51 GB) NTFS

========================= Users: ========================================

User accounts for \\DUSTIN-PC

Administrator Beau Dustin
Guest

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini010811-01.dmp
C:\Windows\Minidump\Mini010811-02.dmp
C:\Windows\Minidump\Mini010811-03.dmp
C:\Windows\Minidump\Mini032311-01.dmp
C:\Windows\Minidump\Mini032311-02.dmp
C:\Windows\Minidump\Mini032411-01.dmp
C:\Windows\Minidump\Mini040311-01.dmp
C:\Windows\Minidump\Mini050511-01.dmp
C:\Windows\Minidump\Mini052411-01.dmp
C:\Windows\Minidump\Mini062111-01.dmp
C:\Windows\Minidump\Mini062311-01.dmp
C:\Windows\Minidump\Mini062411-01.dmp
C:\Windows\Minidump\Mini062911-01.dmp
C:\Windows\Minidump\Mini070211-01.dmp
C:\Windows\Minidump\Mini070211-02.dmp
C:\Windows\Minidump\Mini070311-01.dmp
C:\Windows\Minidump\Mini070411-01.dmp
C:\Windows\Minidump\Mini070611-01.dmp
C:\Windows\Minidump\Mini070911-01.dmp
C:\Windows\Minidump\Mini070911-02.dmp
C:\Windows\Minidump\Mini071111-01.dmp
C:\Windows\Minidump\Mini081710-01.dmp
C:\Windows\Minidump\Mini100711-01.dmp
C:\Windows\Minidump\Mini100811-01.dmp
C:\Windows\Minidump\Mini100811-02.dmp
C:\Windows\Minidump\Mini100811-03.dmp
C:\Windows\Minidump\Mini102409-01.dmp
C:\Windows\Minidump\Mini102509-01.dmp
C:\Windows\Minidump\Mini102609-01.dmp
C:\Windows\Minidump\Mini102709-01.dmp
C:\Windows\Minidump\Mini111810-01.dmp
C:\Windows\Minidump\Mini121810-01.dmp
C:\Windows\Minidump\Mini122610-01.dmp

**** End of log ****

note**

i ran TDSKILLER twice, because i didnt save the log... one of the threates was a hidden file, which i selected to delete. after selecting 'cure' and 'delete', rebooting, and then running tdskiller again, they were both still there.

...

should i run a full scan on malwarebytes now?

#4 mattbenedetti

mattbenedetti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 08 October 2011 - 10:59 PM

I went ahead and tried Malwarebytes, and the program was killed/crashed 3 seconds into its scan.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 09 October 2011 - 06:17 PM

Hell, looks like a ZeroAcces rookit is buried in here.

Webroot's AntiZeroAccess tool

Only for 32 bit systems.

Please download Webroot's AntiZeroAccess tool to your desktop.
Double-click antizeroaccess.exe and run the tool.
NOTE: Vista and Win7 right-click and select Run as administrator.
Type Y and press ENTER to run the scan.
When finished a log entitled AntiZeroAccess_Log.txt will be created on your desktop.
Please copy and paste that log in your next reply.


Run TDSS hiller again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 mattbenedetti

mattbenedetti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 09 October 2011 - 09:11 PM

my computer forced me to revert it to an earlier date. malwarebytes was then able to run. a full scan detected 137 infected objects. Here is the log.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7910

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

09/10/2011 5:46:41 PM
mbam-log-2011-10-09 (17-45-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 351506
Time elapsed: 1 hour(s), 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 81
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 24
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Video Library (Trojan.Agent) -> Value: Video Library -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790773B2765A573FAE91 (Malware.Trace) -> Value: SRS_IT_E8790773B2765A573FAE91 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> No action taken.
c:\Users\Dustin\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\Users\Dustin\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0 (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> No action taken.
c:\program files\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64} (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults\preferences (Adware.ScanQuery) -> No action taken.

Files Infected:
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\clickpotatolitesahook.dll (Adware.HotBar.Gen) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\launchhelp.dll (Adware.Seekmo) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken.
c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken.
c:\Users\Dustin\AppData\Local\49e51e7e\U\80000000.@ (Spyware.Agent) -> No action taken.
c:\Users\Dustin\downloads\VLCSetup.exe (Adware.Hotbar) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf_update.dat (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\launchhelp.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome.manifest (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\install.rdf (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome\scanquery.jar (Adware.ScanQuery) -> No action taken.
c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> No action taken.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 09 October 2011 - 09:21 PM

OK, that was good,
In that log No action taken. did you copy te log before hitting the Remove Selected button?
Otherwise you need to rerun it.




Next run ATF and SAS:

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 mattbenedetti

mattbenedetti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 10 October 2011 - 10:03 AM

Since my last post, the virus completely locked up my computer. Most programs were rendered inoperable and my browser has disappeared. In order to log back on, I was forced to to a full system restore, which i did using the internal software (i dont have the disc) by pressing alt+F10 and following the prompts.

Drive C was reformatted, and all of my data was lost.

As soon as I was back online, I reinstalled Malwarebytes, and rescanned. I then followed the instructions you gave in the last post, however, ATF was not available (i think because I am using Windows Vista, but you may want to check that link)... so as of now, I have run Malwarebytes, AntiZeroAccess, TDSSkiller, and Superantispyware on my fresh system.

it looks like rookit and some spyware threats were still present... here are the logs.

MALWAREBYTES

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7912

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

10/10/2011 1:03:37 AM
mbam-log-2011-10-10 (01-03-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 227849
Time elapsed: 1 hour(s), 20 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------------------------

ANTIZEROACCESS

Webroot AntiZeroAccess 0.8 Log File
Execution time: 10/10/2011 - 06:55
Host operation System: Windows Vista X86 version 6.0.6001 Service Pack 1
06:55:15 - CheckSystem - Begin to check system...
06:55:15 - OpenRootDrive - Opening system root volume and physical drive....
06:55:15 - C Root Drive: Disk number: 0 Start sector: 0x01402800 Partition Size: 0x1BDC2800 sectors.
06:55:16 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
06:55:16 - InstallAndStartDriver - Main driver was installed and now is running.
06:55:16 - CheckSystem - Disk class driver state is OK.
06:55:21 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
06:55:21 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
06:55:21 - Execution Ended!


Webroot AntiZeroAccess 0.8 Log File
Execution time: 10/10/2011 - 06:56
Host operation System: Windows Vista X86 version 6.0.6001 Service Pack 1
06:56:04 - CheckSystem - Begin to check system...
06:56:04 - OpenRootDrive - Opening system root volume and physical drive....
06:56:04 - C Root Drive: Disk number: 0 Start sector: 0x01402800 Partition Size: 0x1BDC2800 sectors.
06:56:04 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
06:56:05 - InstallAndStartDriver - Main driver was installed and now is running.
06:56:05 - CheckSystem - Disk class driver state is OK.
06:56:07 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
06:56:07 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
06:56:07 - Execution Ended!


-------------------------------------------------------------------------------


TDSSKILLER

06:57:59.0574 4084 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
06:58:00.0448 4084 ============================================================
06:58:00.0448 4084 Current date / time: 2011/10/10 06:58:00.0448
06:58:00.0448 4084 SystemInfo:
06:58:00.0448 4084
06:58:00.0448 4084 OS Version: 6.0.6001 ServicePack: 1.0
06:58:00.0448 4084 Product type: Workstation
06:58:00.0448 4084 ComputerName: RAPTICUS-PC
06:58:00.0448 4084 UserName: Rapticus
06:58:00.0448 4084 Windows directory: C:\Windows
06:58:00.0448 4084 System windows directory: C:\Windows
06:58:00.0448 4084 Processor architecture: Intel x86
06:58:00.0448 4084 Number of processors: 2
06:58:00.0448 4084 Page size: 0x1000
06:58:00.0448 4084 Boot type: Normal boot
06:58:00.0448 4084 ============================================================
06:58:01.0961 4084 Initialize success
06:58:11.0664 5504 ============================================================
06:58:11.0664 5504 Scan started
06:58:11.0664 5504 Mode: Manual;
06:58:11.0664 5504 ============================================================
06:58:14.0020 5504 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
06:58:14.0035 5504 ACPI - ok
06:58:14.0581 5504 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
06:58:14.0597 5504 adp94xx - ok
06:58:15.0065 5504 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
06:58:15.0080 5504 adpahci - ok
06:58:15.0548 5504 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
06:58:15.0548 5504 adpu160m - ok
06:58:16.0032 5504 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
06:58:16.0032 5504 adpu320 - ok
06:58:16.0562 5504 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
06:58:16.0578 5504 AFD - ok
06:58:17.0077 5504 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
06:58:17.0077 5504 agp440 - ok
06:58:17.0530 5504 ahcix86s (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
06:58:17.0530 5504 ahcix86s - ok
06:58:17.0998 5504 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
06:58:17.0998 5504 aic78xx - ok
06:58:18.0497 5504 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
06:58:18.0497 5504 aliide - ok
06:58:19.0012 5504 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
06:58:19.0012 5504 amdagp - ok
06:58:19.0480 5504 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
06:58:19.0480 5504 amdide - ok
06:58:19.0963 5504 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
06:58:19.0963 5504 AmdK7 - ok
06:58:20.0431 5504 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
06:58:20.0431 5504 AmdK8 - ok
06:58:20.0899 5504 ApfiltrService (0ed1a5b7a8ae5939a92ea1ec39e16d21) C:\Windows\system32\DRIVERS\Apfiltr.sys
06:58:20.0915 5504 ApfiltrService - ok
06:58:21.0414 5504 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
06:58:21.0430 5504 arc - ok
06:58:21.0913 5504 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
06:58:21.0913 5504 arcsas - ok
06:58:22.0397 5504 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
06:58:22.0397 5504 AsyncMac - ok
06:58:22.0865 5504 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
06:58:22.0865 5504 atapi - ok
06:58:23.0364 5504 athr (99d78248bfd454bfa9b5bec37350fade) C:\Windows\system32\DRIVERS\athr.sys
06:58:23.0442 5504 athr - ok
06:58:24.0113 5504 atikmdag (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
06:58:24.0238 5504 atikmdag - ok
06:58:24.0721 5504 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
06:58:24.0721 5504 AtiPcie - ok
06:58:25.0345 5504 BCM43XX (e22abcaa7b6ff580feb0d49545dc4263) C:\Windows\system32\DRIVERS\bcmwl6.sys
06:58:25.0361 5504 BCM43XX - ok
06:58:25.0860 5504 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
06:58:25.0860 5504 Beep - ok
06:58:26.0375 5504 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
06:58:26.0375 5504 blbdrive - ok
06:58:26.0858 5504 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
06:58:26.0858 5504 bowser - ok
06:58:27.0326 5504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
06:58:27.0326 5504 BrFiltLo - ok
06:58:27.0779 5504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
06:58:27.0794 5504 BrFiltUp - ok
06:58:28.0278 5504 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
06:58:28.0278 5504 Brserid - ok
06:58:28.0730 5504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
06:58:28.0730 5504 BrSerWdm - ok
06:58:29.0214 5504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
06:58:29.0214 5504 BrUsbMdm - ok
06:58:29.0713 5504 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
06:58:29.0713 5504 BrUsbSer - ok
06:58:30.0166 5504 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
06:58:30.0166 5504 BTHMODEM - ok
06:58:30.0665 5504 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
06:58:30.0665 5504 cdfs - ok
06:58:31.0180 5504 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
06:58:31.0195 5504 cdrom - ok
06:58:31.0663 5504 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
06:58:31.0663 5504 circlass - ok
06:58:32.0022 5504 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
06:58:32.0069 5504 CLFS - ok
06:58:32.0662 5504 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
06:58:32.0677 5504 CmBatt - ok
06:58:33.0130 5504 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
06:58:33.0130 5504 cmdide - ok
06:58:33.0613 5504 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
06:58:33.0613 5504 Compbatt - ok
06:58:34.0112 5504 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
06:58:34.0112 5504 crcdisk - ok
06:58:34.0596 5504 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
06:58:34.0596 5504 Crusoe - ok
06:58:35.0142 5504 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
06:58:35.0142 5504 DfsC - ok
06:58:35.0688 5504 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
06:58:35.0688 5504 disk - ok
06:58:36.0140 5504 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
06:58:36.0140 5504 DKbFltr - ok
06:58:36.0390 5504 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys
06:58:36.0546 5504 DritekPortIO - ok
06:58:37.0061 5504 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
06:58:37.0061 5504 drmkaud - ok
06:58:37.0576 5504 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
06:58:37.0591 5504 DXGKrnl - ok
06:58:38.0075 5504 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
06:58:38.0075 5504 E1G60 - ok
06:58:38.0621 5504 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
06:58:38.0636 5504 Ecache - ok
06:58:39.0120 5504 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
06:58:39.0136 5504 elxstor - ok
06:58:39.0666 5504 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
06:58:39.0666 5504 ErrDev - ok
06:58:40.0212 5504 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
06:58:40.0212 5504 exfat - ok
06:58:40.0680 5504 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
06:58:40.0696 5504 fastfat - ok
06:58:41.0164 5504 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
06:58:41.0164 5504 fdc - ok
06:58:41.0710 5504 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
06:58:41.0710 5504 FileInfo - ok
06:58:42.0162 5504 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
06:58:42.0162 5504 Filetrace - ok
06:58:42.0614 5504 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
06:58:42.0630 5504 flpydisk - ok
06:58:43.0082 5504 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
06:58:43.0098 5504 FltMgr - ok
06:58:43.0566 5504 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
06:58:43.0566 5504 Fs_Rec - ok
06:58:44.0018 5504 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
06:58:44.0034 5504 gagp30kx - ok
06:58:44.0642 5504 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
06:58:44.0642 5504 HdAudAddService - ok
06:58:45.0142 5504 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:58:45.0142 5504 HDAudBus - ok
06:58:45.0625 5504 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
06:58:45.0625 5504 HidBth - ok
06:58:46.0093 5504 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
06:58:46.0093 5504 HidIr - ok
06:58:46.0608 5504 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
06:58:46.0608 5504 HidUsb - ok
06:58:47.0076 5504 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
06:58:47.0076 5504 HpCISSs - ok
06:58:47.0544 5504 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
06:58:47.0560 5504 HTTP - ok
06:58:48.0028 5504 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
06:58:48.0028 5504 i2omp - ok
06:58:48.0511 5504 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
06:58:48.0527 5504 i8042prt - ok
06:58:48.0995 5504 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
06:58:49.0010 5504 iaStorV - ok
06:58:49.0478 5504 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
06:58:49.0494 5504 iirsp - ok
06:58:50.0149 5504 IntcAzAudAddService (33a8c13c71698218be432020cc668d5c) C:\Windows\system32\drivers\RTKVHDA.sys
06:58:50.0227 5504 IntcAzAudAddService - ok
06:58:50.0711 5504 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
06:58:50.0711 5504 intelide - ok
06:58:51.0194 5504 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
06:58:51.0194 5504 intelppm - ok
06:58:51.0709 5504 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:58:51.0709 5504 IpFilterDriver - ok
06:58:52.0162 5504 IpInIp - ok
06:58:52.0630 5504 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
06:58:52.0630 5504 IPMIDRV - ok
06:58:53.0113 5504 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
06:58:53.0113 5504 IPNAT - ok
06:58:53.0566 5504 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
06:58:53.0581 5504 IRENUM - ok
06:58:54.0034 5504 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
06:58:54.0034 5504 isapnp - ok
06:58:54.0486 5504 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
06:58:54.0486 5504 iScsiPrt - ok
06:58:54.0970 5504 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
06:58:54.0970 5504 iteatapi - ok
06:58:55.0453 5504 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
06:58:55.0453 5504 iteraid - ok
06:58:55.0906 5504 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
06:58:55.0906 5504 kbdclass - ok
06:58:56.0405 5504 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
06:58:56.0405 5504 kbdhid - ok
06:58:56.0888 5504 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
06:58:56.0904 5504 KSecDD - ok
06:58:57.0419 5504 L1C (e7ec4dc9192166e7adb76c9fe3f10709) C:\Windows\system32\DRIVERS\L1C60x86.sys
06:58:57.0419 5504 L1C - ok
06:58:57.0902 5504 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
06:58:57.0918 5504 lltdio - ok
06:58:58.0433 5504 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
06:58:58.0433 5504 LSI_FC - ok
06:58:58.0901 5504 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
06:58:58.0916 5504 LSI_SAS - ok
06:58:59.0369 5504 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
06:58:59.0369 5504 LSI_SCSI - ok
06:58:59.0852 5504 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
06:58:59.0852 5504 luafv - ok
06:59:00.0476 5504 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
06:59:00.0476 5504 megasas - ok
06:59:00.0976 5504 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
06:59:00.0991 5504 MegaSR - ok
06:59:01.0459 5504 mfeavfk (e51dfed88ed3af86f595b630fa7653d8) C:\Windows\system32\drivers\mfeavfk.sys
06:59:01.0459 5504 mfeavfk - ok
06:59:01.0927 5504 mfebopk (2003f08e300e749bc913635260f6803d) C:\Windows\system32\drivers\mfebopk.sys
06:59:01.0927 5504 mfebopk - ok
06:59:02.0395 5504 mfehidk (b1e3de373f83335c298c212d5e042064) C:\Windows\system32\drivers\mfehidk.sys
06:59:02.0411 5504 mfehidk - ok
06:59:02.0848 5504 mfehidk01 - ok
06:59:03.0300 5504 mferkdk (c2ec40b1fd35cae0aa749ed318ecc571) C:\Windows\system32\drivers\mferkdk.sys
06:59:03.0316 5504 mferkdk - ok
06:59:03.0752 5504 mfesmfk (257f236a8d97fb109790b31e6c94d39b) C:\Windows\system32\drivers\mfesmfk.sys
06:59:03.0752 5504 mfesmfk - ok
06:59:04.0220 5504 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
06:59:04.0236 5504 Modem - ok
06:59:04.0720 5504 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
06:59:04.0720 5504 monitor - ok
06:59:05.0188 5504 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
06:59:05.0188 5504 mouclass - ok
06:59:05.0640 5504 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
06:59:05.0656 5504 mouhid - ok
06:59:06.0108 5504 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
06:59:06.0124 5504 MountMgr - ok
06:59:06.0592 5504 MPFP (4fc96dab9d75c1f544ba45ccbafcae7e) C:\Windows\system32\Drivers\Mpfp.sys
06:59:06.0592 5504 MPFP - ok
06:59:07.0122 5504 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
06:59:07.0122 5504 mpio - ok
06:59:07.0590 5504 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
06:59:07.0590 5504 mpsdrv - ok
06:59:08.0120 5504 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
06:59:08.0120 5504 Mraid35x - ok
06:59:08.0588 5504 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
06:59:08.0588 5504 MRxDAV - ok
06:59:09.0056 5504 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:59:09.0056 5504 mrxsmb - ok
06:59:09.0540 5504 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:59:09.0540 5504 mrxsmb10 - ok
06:59:10.0024 5504 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:59:10.0024 5504 mrxsmb20 - ok
06:59:10.0554 5504 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
06:59:10.0570 5504 msahci - ok
06:59:11.0022 5504 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
06:59:11.0022 5504 msdsm - ok
06:59:11.0490 5504 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
06:59:11.0490 5504 Msfs - ok
06:59:11.0974 5504 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
06:59:11.0974 5504 msisadrv - ok
06:59:12.0473 5504 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
06:59:12.0488 5504 MSKSSRV - ok
06:59:12.0925 5504 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
06:59:12.0941 5504 MSPCLOCK - ok
06:59:13.0409 5504 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
06:59:13.0409 5504 MSPQM - ok
06:59:13.0861 5504 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
06:59:13.0861 5504 MsRPC - ok
06:59:14.0345 5504 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
06:59:14.0360 5504 mssmbios - ok
06:59:14.0860 5504 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
06:59:14.0860 5504 MSTEE - ok
06:59:15.0328 5504 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
06:59:15.0328 5504 Mup - ok
06:59:15.0811 5504 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
06:59:15.0811 5504 mwlPSDFilter - ok
06:59:16.0295 5504 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
06:59:16.0295 5504 mwlPSDNServ - ok
06:59:16.0763 5504 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
06:59:16.0763 5504 mwlPSDVDisk - ok
06:59:17.0324 5504 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
06:59:17.0324 5504 NativeWifiP - ok
06:59:17.0824 5504 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
06:59:17.0839 5504 NDIS - ok
06:59:18.0370 5504 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
06:59:18.0370 5504 NdisTapi - ok
06:59:18.0822 5504 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
06:59:18.0838 5504 Ndisuio - ok
06:59:19.0306 5504 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
06:59:19.0306 5504 NdisWan - ok
06:59:19.0774 5504 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
06:59:19.0774 5504 NDProxy - ok
06:59:20.0257 5504 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
06:59:20.0257 5504 NetBIOS - ok
06:59:20.0756 5504 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
06:59:20.0756 5504 netbt - ok
06:59:21.0271 5504 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
06:59:21.0271 5504 nfrd960 - ok
06:59:21.0755 5504 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
06:59:21.0755 5504 Npfs - ok
06:59:22.0238 5504 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
06:59:22.0238 5504 nsiproxy - ok
06:59:22.0753 5504 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
06:59:22.0784 5504 Ntfs - ok
06:59:23.0284 5504 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\Drivers\NTIDrvr.sys
06:59:23.0284 5504 NTIDrvr - ok
06:59:23.0783 5504 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
06:59:23.0798 5504 ntrigdigi - ok
06:59:24.0266 5504 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
06:59:24.0266 5504 Null - ok
06:59:24.0719 5504 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
06:59:24.0719 5504 nvraid - ok
06:59:25.0187 5504 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
06:59:25.0187 5504 nvstor - ok
06:59:25.0639 5504 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
06:59:25.0639 5504 nv_agp - ok
06:59:26.0060 5504 NwlnkFlt - ok
06:59:26.0497 5504 NwlnkFwd - ok
06:59:27.0012 5504 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
06:59:27.0012 5504 ohci1394 - ok
06:59:27.0558 5504 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
06:59:27.0574 5504 Parport - ok
06:59:28.0042 5504 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
06:59:28.0042 5504 partmgr - ok
06:59:28.0525 5504 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
06:59:28.0525 5504 Parvdm - ok
06:59:29.0009 5504 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
06:59:29.0009 5504 pci - ok
06:59:29.0508 5504 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
06:59:29.0508 5504 pciide - ok
06:59:30.0023 5504 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
06:59:30.0038 5504 pcmcia - ok
06:59:30.0569 5504 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
06:59:30.0584 5504 PEAUTH - ok
06:59:31.0208 5504 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
06:59:31.0208 5504 PptpMiniport - ok
06:59:31.0676 5504 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
06:59:31.0676 5504 Processor - ok
06:59:32.0191 5504 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
06:59:32.0207 5504 PSched - ok
06:59:32.0784 5504 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
06:59:32.0800 5504 ql2300 - ok
06:59:33.0299 5504 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
06:59:33.0299 5504 ql40xx - ok
06:59:33.0829 5504 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
06:59:33.0829 5504 QWAVEdrv - ok
06:59:34.0297 5504 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
06:59:34.0313 5504 RasAcd - ok
06:59:34.0781 5504 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:59:34.0781 5504 Rasl2tp - ok
06:59:35.0264 5504 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
06:59:35.0264 5504 RasPppoe - ok
06:59:35.0748 5504 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
06:59:35.0748 5504 RasSstp - ok
06:59:36.0232 5504 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
06:59:36.0232 5504 rdbss - ok
06:59:36.0731 5504 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:59:36.0731 5504 RDPCDD - ok
06:59:37.0464 5504 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
06:59:37.0464 5504 rdpdr - ok
06:59:37.0932 5504 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
06:59:37.0932 5504 RDPENCDD - ok
06:59:38.0431 5504 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
06:59:38.0431 5504 RDPWD - ok
06:59:39.0008 5504 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
06:59:39.0008 5504 rspndr - ok
06:59:39.0508 5504 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
06:59:39.0508 5504 sbp2port - ok
06:59:40.0007 5504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
06:59:40.0007 5504 secdrv - ok
06:59:40.0506 5504 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
06:59:40.0506 5504 Serenum - ok
06:59:40.0974 5504 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
06:59:40.0974 5504 Serial - ok
06:59:41.0442 5504 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
06:59:41.0442 5504 sermouse - ok
06:59:41.0941 5504 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
06:59:41.0941 5504 sffdisk - ok
06:59:42.0456 5504 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
06:59:42.0456 5504 sffp_mmc - ok
06:59:42.0924 5504 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
06:59:42.0924 5504 sffp_sd - ok
06:59:43.0423 5504 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
06:59:43.0423 5504 sfloppy - ok
06:59:43.0907 5504 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
06:59:43.0907 5504 sisagp - ok
06:59:44.0406 5504 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
06:59:44.0406 5504 SiSRaid2 - ok
06:59:44.0890 5504 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
06:59:44.0890 5504 SiSRaid4 - ok
06:59:45.0389 5504 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
06:59:45.0389 5504 Smb - ok
06:59:45.0888 5504 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
06:59:45.0888 5504 spldr - ok
06:59:46.0387 5504 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
06:59:46.0387 5504 srv - ok
06:59:46.0855 5504 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
06:59:46.0871 5504 srv2 - ok
06:59:47.0354 5504 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
06:59:47.0354 5504 srvnet - ok
06:59:47.0885 5504 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
06:59:47.0885 5504 swenum - ok
06:59:48.0353 5504 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
06:59:48.0353 5504 Symc8xx - ok
06:59:48.0852 5504 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
06:59:48.0852 5504 Sym_hi - ok
06:59:49.0320 5504 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
06:59:49.0320 5504 Sym_u3 - ok
06:59:49.0850 5504 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
06:59:49.0866 5504 Tcpip - ok
06:59:50.0381 5504 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
06:59:50.0396 5504 Tcpip6 - ok
06:59:50.0864 5504 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
06:59:50.0864 5504 tcpipreg - ok
06:59:51.0332 5504 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
06:59:51.0332 5504 TDPIPE - ok
06:59:51.0832 5504 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
06:59:51.0832 5504 TDTCP - ok
06:59:52.0300 5504 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
06:59:52.0315 5504 tdx - ok
06:59:52.0799 5504 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
06:59:52.0799 5504 TermDD - ok
06:59:53.0360 5504 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:59:53.0360 5504 tssecsrv - ok
06:59:53.0860 5504 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
06:59:53.0860 5504 tunmp - ok
06:59:54.0359 5504 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
06:59:54.0359 5504 tunnel - ok
06:59:54.0842 5504 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
06:59:54.0842 5504 uagp35 - ok
06:59:55.0310 5504 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
06:59:55.0310 5504 UBHelper - ok
06:59:55.0794 5504 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
06:59:55.0794 5504 udfs - ok
06:59:56.0309 5504 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
06:59:56.0324 5504 uliagpkx - ok
06:59:56.0824 5504 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
06:59:56.0824 5504 uliahci - ok
06:59:57.0292 5504 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
06:59:57.0307 5504 UlSata - ok
06:59:57.0791 5504 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
06:59:57.0806 5504 ulsata2 - ok
06:59:58.0259 5504 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
06:59:58.0259 5504 umbus - ok
06:59:58.0774 5504 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
06:59:58.0774 5504 usbccgp - ok
06:59:59.0226 5504 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
06:59:59.0226 5504 usbcir - ok
06:59:59.0725 5504 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
06:59:59.0741 5504 usbehci - ok
07:00:00.0209 5504 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
07:00:00.0209 5504 usbhub - ok
07:00:00.0677 5504 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
07:00:00.0677 5504 usbohci - ok
07:00:01.0145 5504 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
07:00:01.0145 5504 usbprint - ok
07:00:01.0582 5504 USBSTOR - ok
07:00:02.0034 5504 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:00:02.0034 5504 usbuhci - ok
07:00:02.0533 5504 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
07:00:02.0533 5504 usbvideo - ok
07:00:03.0001 5504 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
07:00:03.0001 5504 vga - ok
07:00:03.0469 5504 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:00:03.0485 5504 VgaSave - ok
07:00:03.0953 5504 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
07:00:03.0953 5504 viaagp - ok
07:00:04.0421 5504 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
07:00:04.0421 5504 ViaC7 - ok
07:00:04.0920 5504 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
07:00:04.0920 5504 viaide - ok
07:00:05.0404 5504 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:00:05.0404 5504 volmgr - ok
07:00:05.0887 5504 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
07:00:05.0887 5504 volmgrx - ok
07:00:06.0371 5504 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
07:00:06.0371 5504 volsnap - ok
07:00:06.0854 5504 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
07:00:06.0854 5504 vsmraid - ok
07:00:07.0369 5504 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:00:07.0369 5504 WacomPen - ok
07:00:07.0853 5504 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:00:07.0868 5504 Wanarp - ok
07:00:07.0884 5504 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:00:07.0884 5504 Wanarpv6 - ok
07:00:08.0680 5504 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
07:00:08.0680 5504 Wd - ok
07:00:09.0163 5504 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:00:09.0179 5504 Wdf01000 - ok
07:00:09.0740 5504 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:00:09.0740 5504 WmiAcpi - ok
07:00:10.0286 5504 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:00:10.0286 5504 ws2ifsl - ok
07:00:10.0427 5504 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
07:00:10.0427 5504 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
07:00:10.0427 5504 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
07:00:10.0442 5504 Boot (0x1200) (a1e8746d2c20f6ea46968e5ef6792bcf) \Device\Harddisk0\DR0\Partition0
07:00:10.0442 5504 \Device\Harddisk0\DR0\Partition0 - ok
07:00:10.0442 5504 ============================================================
07:00:10.0442 5504 Scan finished
07:00:10.0442 5504 ============================================================
07:00:10.0458 5124 Detected object count: 1
07:00:10.0458 5124 Actual detected object count: 1
07:03:19.0344 5124 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
07:03:19.0344 5124 \Device\Harddisk0\DR0 - ok
07:03:19.0359 5124 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure


-------------------------------------------------------------------------------------

SUPERANTISPYWARE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/10/2011 at 07:40 AM

Application Version : 5.0.1128

Core Rules Database Version : 7773
Trace Rules Database Version: 5585

Scan type : Quick Scan
Total Scan Time : 00:03:27

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned : 805
Memory threats detected : 0
Registry items scanned : 29938
Registry threats detected : 0
File items scanned : 7118
File threats detected : 88

Adware.Tracking Cookie
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@2o7[1].txt [ /2o7 ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@accounts.google[2].txt [ /accounts.google ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@adbrite[2].txt [ /adbrite ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@admarketplace[1].txt [ /admarketplace ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@ads.bridgetrack[1].txt [ /ads.bridgetrack ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@ads.pointroll[2].txt [ /ads.pointroll ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@adserver.adtechus[1].txt [ /adserver.adtechus ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@advertise[2].txt [ /advertise ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@advertising[1].txt [ /advertising ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@adxpose[1].txt [ /adxpose ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@apmebf[1].txt [ /apmebf ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@atdmt[2].txt [ /atdmt ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@bridge1.admarketplace[1].txt [ /bridge1.admarketplace ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@burstnet[1].txt [ /burstnet ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@casalemedia[2].txt [ /casalemedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@cdn.jemamedia[1].txt [ /cdn.jemamedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@collective-media[1].txt [ /collective-media ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@dc.tremormedia[2].txt [ /dc.tremormedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@dc.tremormedia[3].txt [ /dc.tremormedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@doubleclick[2].txt [ /doubleclick ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@fastclick[2].txt [ /fastclick ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@insightexpressai[2].txt [ /insightexpressai ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@interclick[1].txt [ /interclick ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@intermundomedia[1].txt [ /intermundomedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@invitemedia[2].txt [ /invitemedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@kaspersky.122.2o7[1].txt [ /kaspersky.122.2o7 ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@lucidmedia[2].txt [ /lucidmedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@media6degrees[1].txt [ /media6degrees ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@mediabrandsww[2].txt [ /mediabrandsww ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@mediaplex[1].txt [ /mediaplex ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@network.realmedia[2].txt [ /network.realmedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@pointroll[2].txt [ /pointroll ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@pro-market[1].txt [ /pro-market ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@questionmarket[1].txt [ /questionmarket ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@r1-ads.ace.advertising[1].txt [ /r1-ads.ace.advertising ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@realmedia[2].txt [ /realmedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@revsci[1].txt [ /revsci ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@ru4[1].txt [ /ru4 ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@search.clicksare[1].txt [ /search.clicksare ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@serving-sys[1].txt [ /serving-sys ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@solvemedia[2].txt [ /solvemedia ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@t.pointroll[1].txt [ /t.pointroll ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@tribalfusion[1].txt [ /tribalfusion ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@www.burstnet[2].txt [ /www.burstnet ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@www.findsearchengineresults[1].txt [ /www.findsearchengineresults ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@yieldmanager[1].txt [ /yieldmanager ]
C:\Users\Rapticus\AppData\Roaming\Microsoft\Windows\Cookies\rapticus@zedo[1].txt [ /zedo ]
C:\USERS\RAPTICUS\Cookies\rapticus@content.yieldmanager[2].txt [ Cookie:rapticus@content.yieldmanager.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@realmedia[2].txt [ Cookie:rapticus@realmedia.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@mediabrandsww[2].txt [ Cookie:rapticus@mediabrandsww.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@adbrite[2].txt [ Cookie:rapticus@adbrite.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@t.pointroll[1].txt [ Cookie:rapticus@t.pointroll.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@doubleclick[2].txt [ Cookie:rapticus@doubleclick.net/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@lucidmedia[2].txt [ Cookie:rapticus@lucidmedia.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@bridge1.admarketplace[1].txt [ Cookie:rapticus@bridge1.admarketplace.net/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@zedo[1].txt [ Cookie:rapticus@zedo.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@revsci[1].txt [ Cookie:rapticus@revsci.net/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@r1-ads.ace.advertising[1].txt [ Cookie:rapticus@r1-ads.ace.advertising.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@dc.tremormedia[3].txt [ Cookie:rapticus@dc.tremormedia.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@yieldmanager[1].txt [ Cookie:rapticus@yieldmanager.net/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@tribalfusion[1].txt [ Cookie:rapticus@tribalfusion.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@pro-market[1].txt [ Cookie:rapticus@pro-market.net/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@questionmarket[1].txt [ Cookie:rapticus@questionmarket.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@adserver.adtechus[1].txt [ Cookie:rapticus@adserver.adtechus.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@serving-sys[1].txt [ Cookie:rapticus@serving-sys.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@search.clicksare[1].txt [ Cookie:rapticus@search.clicksare.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@www.findsearchengineresults[1].txt [ Cookie:rapticus@www.findsearchengineresults.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@mediaplex[1].txt [ Cookie:rapticus@mediaplex.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@atdmt[2].txt [ Cookie:rapticus@atdmt.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@ru4[1].txt [ Cookie:rapticus@ru4.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@collective-media[1].txt [ Cookie:rapticus@collective-media.net/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@admarketplace[1].txt [ Cookie:rapticus@admarketplace.net/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@advertise[2].txt [ Cookie:rapticus@advertise.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@advertising[1].txt [ Cookie:rapticus@advertising.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@ad.yieldmanager[1].txt [ Cookie:rapticus@ad.yieldmanager.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@pointroll[2].txt [ Cookie:rapticus@pointroll.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@cdn.jemamedia[1].txt [ Cookie:rapticus@cdn.jemamedia.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@content.yieldmanager[3].txt [ Cookie:rapticus@content.yieldmanager.com/ak/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@intermundomedia[1].txt [ Cookie:rapticus@intermundomedia.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@network.realmedia[2].txt [ Cookie:rapticus@network.realmedia.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@adxpose[1].txt [ Cookie:rapticus@adxpose.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@casalemedia[2].txt [ Cookie:rapticus@casalemedia.com/ ]
C:\USERS\RAPTICUS\Cookies\rapticus@imrworldwide[2].txt [ Cookie:rapticus@imrworldwide.com/cgi-bin ]
C:\USERS\RAPTICUS\Cookies\rapticus@insightexpressai[2].txt [ Cookie:rapticus@insightexpressai.com/ ]

------------------------------------------------------------------------------

Tell me somethin' good Doc!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 10 October 2011 - 10:40 AM

Ok looks good. You had a bootsector virus and it looks repaired,if you rebooted after the TDSS scan.

But let's check for and confirm the MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 mattbenedetti

mattbenedetti
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 10 October 2011 - 12:27 PM

i double clicked to get this started... not sure if thats pertinent... heres the log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD25 rev.11.0 -> Harddisk0\DR0 -> \Device\0000005f

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
error: Read Insufficient system resources exist to complete the requested service.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 10 October 2011 - 03:52 PM

Let's try one more.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users