Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mal/TDSSConf-A keeps attacking my system


  • This topic is locked This topic is locked
13 replies to this topic

#1 DeathReanimated

DeathReanimated

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 17 October 2011 - 09:24 PM

So this is my first time posting here and I just have to start off with much amazement and appreciation that there even is a place like this offering help for people near pancic (aka me) about their comp dilemas.

The problem started yesterday. I was browsing some new sites looking for pics of celebrities on the internet that I'd never been to before and then I was suddently hit with some massive pop-ups telling me I had hard disk errors and I needed to purchase software to fix it (sorry I don't remember exactly what the error boxes said). After some google-fu I figured out it was a System Restore Virus though. So to fix that I used rkill and then downloaded the free verision of Malwarebytes. I ran a scan and deleted the malicious files and thought I was done, but after I rebooted my comp I couldn't find all the files the System Restore Virus had hidden. So then I used system restore to restore the setting on my comp back to a previous functioning point. After that finished I was able to view a few more files but it was only after I used unhide.exe that I got everything back (yay for small victories).

So at that point everything seemed fine, but I decided to run another scan with Webroot (Antivirus with Spy Sweeper) just to make sure nothing bad came up, but something did!

It reported the following 'Troj/TdlMbr-C' in '\\. \physicaldrive0' and removed the problem, but right at that point Webroot Security notification windows started popping up saying that a threat was being auto-quarantined. That threat was Mal/TDSSConf-A and no matter how many times I deleted it, it always comes back.

I tried to google Mal/TDSSConf-A and got a lot of mixed results on how to deal with it. The only thing I've tried so far was downloading TDSSkiller but it didn't detect anything and I'm not completely sure if I did it right.

At this point I have no idea what to do.

Does anyone have any advice?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 PM

Posted 17 October 2011 - 09:34 PM

Hello, we'll it it again.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 17 October 2011 - 10:31 PM

Okay I followed your instructions and I'm not sure if there is away for me to attach the .txt files to this post so I'll just post them in quotation boxes instead to give some order to the chaos...

MiniToolBox by Farbar
Ran by owner (administrator) on 17-10-2011 at 21:51:41
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=?,$ subinterface=ethernet_9 mtu=1477
set subinterface interface=?,$ subinterface=ethernet_12 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : owner-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : C4-46-19-B4-B8-70
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
Physical Address. . . . . . . . . : 64-D4-DA-04-63-AE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 00-23-15-35-64-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::68d1:955e:a96a:9caa%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, October 17, 2011 9:35:08 PM
Lease Expires . . . . . . . . . . : Friday, November 24, 2147 4:20:02 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 352330517
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0D-FA-39-54-42-49-71-DF-7B
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 54-42-49-71-DF-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FA8B80E0-2B2D-46E2-A35D-E4169B239D26}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C2BADE8D-2584-48AB-ABC5-13CFA32D555E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c25:d19:b740:cc40(Preferred)
Link-local IPv6 Address . . . . . : fe80::c25:d19:b740:cc40%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.73.105
74.125.73.106
74.125.73.147
74.125.73.99
74.125.73.103
74.125.73.104


Pinging google.com [74.125.73.147] with 32 bytes of data:
Reply from 74.125.73.147: bytes=32 time=28ms TTL=50
Reply from 74.125.73.147: bytes=32 time=25ms TTL=50

Ping statistics for 74.125.73.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 28ms, Average = 26ms
Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=63ms TTL=51
Reply from 98.137.149.56: bytes=32 time=126ms TTL=51

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 126ms, Average = 94ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...c4 46 19 b4 b8 70 ......Bluetooth Device (Personal Area Network)
12...64 d4 da 04 63 ae ......Intel® Centrino® WiMAX 6250
11...00 23 15 35 64 d4 ......Intel® Centrino® Advanced-N 6250 AGN
10...54 42 49 71 df 7b ......Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 281
192.168.2.3 255.255.255.255 On-link 192.168.2.3 281
192.168.2.255 255.255.255.255 On-link 192.168.2.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:c25:d19:b740:cc40/128
On-link
11 281 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::c25:d19:b740:cc40/128
On-link
11 281 fe80::68d1:955e:a96a:9caa/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/17/2011 09:44:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000002893114
Faulting process id: 0x810
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/17/2011 09:43:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: IEFRAME.dll, version: 9.0.8112.16437, time stamp: 0x4e5eeecc
Exception code: 0xc0000005
Fault offset: 0x0000e487
Faulting process id: 0x1758
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/17/2011 04:38:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000002e33114
Faulting process id: 0x5d8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/17/2011 01:02:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x000000000008ac12
Faulting process id: 0x10b4
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (10/17/2011 00:59:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x000000000008ac12
Faulting process id: 0x1c7c
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (10/17/2011 00:56:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x000000000008ac12
Faulting process id: 0x180c
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (10/17/2011 00:54:22 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (10/17/2011 00:53:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x000000000008ac12
Faulting process id: 0xe5c
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (10/17/2011 00:50:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x000000000008ac12
Faulting process id: 0x1e4c
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (10/17/2011 00:46:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x000000000008ac12
Faulting process id: 0x478
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3


System errors:
=============
Error: (10/17/2011 09:43:45 PM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (10/17/2011 09:33:58 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (10/17/2011 04:38:24 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (10/17/2011 04:38:24 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (10/17/2011 04:38:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service hung on starting.

Error: (10/17/2011 04:36:07 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Care Performance Service service hung on starting.

Error: (10/17/2011 03:45:29 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (10/17/2011 03:45:29 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (10/17/2011 03:41:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VcmIAlzMgr service.

Error: (10/17/2011 03:39:37 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/17/2011 09:44:25 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c0000005000000000289311481001cc8d3e8bfcc2cdC:\Windows\Explorer.EXEunknown17222bf0-f933-11e0-ba38-c44619b4b870

Error: (10/17/2011 09:43:05 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dIEFRAME.dll9.0.8112.164374e5eeeccc00000050000e487175801cc8d3ea8e345c2C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dlle745bb38-f932-11e0-ba38-c44619b4b870

Error: (10/17/2011 04:38:24 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000002e331145d801cc8d13c22f9b55C:\Windows\Explorer.EXEunknown56d0876e-f908-11e0-853b-c44619b4b870

Error: (10/17/2011 01:02:06 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.175144ce7c8f9c0000005000000000008ac1210b401cc8cf678952b5bC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll1f3cb9d4-f8ea-11e0-81d3-c44619b4b870

Error: (10/17/2011 00:59:08 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.175144ce7c8f9c0000005000000000008ac121c7c01cc8cf60e7d1665C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllb526727b-f8e9-11e0-81d3-c44619b4b870

Error: (10/17/2011 00:56:06 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.175144ce7c8f9c0000005000000000008ac12180c01cc8cf5a20267ccC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll48a83a7e-f8e9-11e0-81d3-c44619b4b870

Error: (10/17/2011 00:54:22 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (10/17/2011 00:53:04 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.175144ce7c8f9c0000005000000000008ac12e5c01cc8cf532a91b39C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlldc2d8be5-f8e8-11e0-81d3-c44619b4b870

Error: (10/17/2011 00:50:01 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.175144ce7c8f9c0000005000000000008ac121e4c01cc8cf4c6b03fe4C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll6f842d02-f8e8-11e0-81d3-c44619b4b870

Error: (10/17/2011 00:46:52 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.175144ce7c8f9c0000005000000000008ac1247801cc8cf4496ad3a9C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllfe8d0eb9-f8e7-11e0-81d3-c44619b4b870


=========================== Installed Programs ============================

(Version: 1.0.0.05280)
(Version: 1.1.0.02250)
(Version: 2.2.0.05310)
(Version: 3.0.0.05310)
(Version: 4.3.0.05310)
(Version: 5.2.0.06210)
(Version: 5.3.0.05310)
(Version: 5.3.0.07231)
µTorrent (Version: 2.2.0)
Adobe Flash Player 10 Plugin (Version: 10.1.53.64)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader 9.4.4 (Version: 9.4.4)
AIM 7
Alps Pointing-device for VAIO
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft WebCam Companion 3 (Version: 3.0.21.390)
Audacity 1.2.6
Belkin Setup and Router Monitor
Best Buy pc app (Version: 3.0.0.0)
Bonjour (Version: 3.0.0.10)
CDisplay 1.8
Corel WinDVD (Version: 10.0.5.804)
D3DX10 (Version: 15.4.2368.0902)
Download Updater (AOL LLC)
Free YouTube Download version 3.0.13.815
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® Turbo Boost Technology Driver (Version: 01.01.01.1007)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 7.1.0 (Full) (Version: 7.1.0)
LAME v3.98.3 for Audacity
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Media Gallery (Version: 1.3.0)
Media Gallery (Version: 1.3.0.06230)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox (3.6.16) (Version: 3.6.16 (en-US))
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NVIDIA Control Panel 266.72 (Version: 266.72)
NVIDIA Graphics Driver 266.72 (Version: 266.72)
NVIDIA HD Audio Driver 1.1.13.1 (Version: 1.1.13.1)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
Oasis2Service 1.0 (Version: 1.0.0)
OOBE (Version: 3.10.0630)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (Version: 5.3.00.06040)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.6098)
Remote Keyboard (Version: 1.1.1.07060)
Remote Play with PlayStation 3 (Version: 1.1.0.15070)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.1)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
VAIO - Media Gallery (Version: 1.3.0.06230)
VAIO - PMB VAIO Edition Guide (Version: 1.3.00.06040)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00.06180)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (Version: 1.3.00.06110)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00.06180)
VAIO - Remote Keyboard (Version: 1.1.0.07060)
VAIO - Remote Play with PlayStation®3 (Version: 1.1.0.15070)
VAIO Care (Version: 6.4.1.05290)
VAIO Control Center (Version: 4.3.0.05310)
VAIO Data Restore Tool (Version: 1.4.0.05240)
VAIO DVD Menu Data (Version: 2.2.00.05120)
VAIO Gate (Version: 2.4.0.06210)
VAIO Gate Default (Version: 2.2.0.07020)
VAIO Hardware Diagnostics (Version: 4.0.0.06230)
VAIO Help and Support (Version: 12.00.0622)
VAIO Manual (Version: 1.1.0.05280)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (Version: 2.1.0.18210)
VAIO Media plus Opening Movie (Version: 2.1.0.14080)
VAIO Messenger (Version: 2.0.291.0)
VAIO Movie Story Template Data (Version: 2.3.00.06040)
VAIO Sample Contents (Version: 1.2.0.16080)
VAIO Smart Network (Version: 3.3.0.06080)
VAIO Survey (Version: 6.00.1028)
VAIO Transfer Support (Version: 1.2.0.06230)
VAIO Update (Version: 5.5.1.09220)
VAIO Update Merge Module x64 (Version: 5.5.19220)
VAIO Wireless Wizard (Version: 3.0.0.06230)
Webroot Software (Version: 7.0.4.102)
WIDCOMM Bluetooth Software (Version: 6.3.0.5600)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 6124.93 MB
Available physical RAM: 3217.89 MB
Total Pagefile: 12248.05 MB
Available Pagefile: 9109.46 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.52 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:586.03 GB) (Free:219.85 GB) NTFS
2 Drive d: () (Removable) (Total:0.95 GB) (Free:0.1 GB) FAT

========================= Users: ========================================

User accounts for \\OWNER-VAIO

Administrator Guest owner

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


Next I used TDSSKiller but it didn't find anything...

21:56:24.0587 3416 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
21:56:25.0154 3416 ============================================================
21:56:25.0154 3416 Current date / time: 2011/10/17 21:56:25.0154
21:56:25.0155 3416 SystemInfo:
21:56:25.0155 3416
21:56:25.0155 3416 OS Version: 6.1.7601 ServicePack: 1.0
21:56:25.0155 3416 Product type: Workstation
21:56:25.0155 3416 ComputerName: OWNER-VAIO
21:56:25.0155 3416 UserName: owner
21:56:25.0155 3416 Windows directory: C:\Windows
21:56:25.0155 3416 System windows directory: C:\Windows
21:56:25.0155 3416 Running under WOW64
21:56:25.0155 3416 Processor architecture: Intel x64
21:56:25.0155 3416 Number of processors: 8
21:56:25.0155 3416 Page size: 0x1000
21:56:25.0155 3416 Boot type: Normal boot
21:56:25.0155 3416 ============================================================
21:56:25.0614 3416 Initialize success
21:56:51.0604 0480 ============================================================
21:56:51.0604 0480 Scan started
21:56:51.0604 0480 Mode: Manual;
21:56:51.0604 0480 ============================================================
21:56:52.0284 0480 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:56:52.0304 0480 1394ohci - ok
21:56:52.0354 0480 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:56:52.0361 0480 ACPI - ok
21:56:52.0448 0480 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:56:52.0449 0480 AcpiPmi - ok
21:56:52.0496 0480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:56:52.0506 0480 adp94xx - ok
21:56:52.0612 0480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:56:52.0620 0480 adpahci - ok
21:56:52.0708 0480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:56:52.0723 0480 adpu320 - ok
21:56:52.0871 0480 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:56:52.0880 0480 AFD - ok
21:56:52.0932 0480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:56:52.0947 0480 agp440 - ok
21:56:52.0996 0480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:56:52.0998 0480 aliide - ok
21:56:53.0028 0480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:56:53.0030 0480 amdide - ok
21:56:53.0093 0480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:56:53.0098 0480 AmdK8 - ok
21:56:53.0142 0480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:56:53.0144 0480 AmdPPM - ok
21:56:53.0184 0480 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:56:53.0233 0480 amdsata - ok
21:56:53.0279 0480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:56:53.0284 0480 amdsbs - ok
21:56:53.0310 0480 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:56:53.0311 0480 amdxata - ok
21:56:53.0397 0480 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
21:56:53.0400 0480 ApfiltrService - ok
21:56:53.0454 0480 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:56:53.0457 0480 AppID - ok
21:56:53.0538 0480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:56:53.0541 0480 arc - ok
21:56:53.0575 0480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:56:53.0577 0480 arcsas - ok
21:56:53.0654 0480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:53.0669 0480 AsyncMac - ok
21:56:53.0709 0480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:56:53.0712 0480 atapi - ok
21:56:53.0805 0480 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
21:56:53.0854 0480 athr - ok
21:56:54.0034 0480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:56:54.0044 0480 b06bdrv - ok
21:56:54.0074 0480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:56:54.0080 0480 b57nd60a - ok
21:56:54.0163 0480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:56:54.0165 0480 Beep - ok
21:56:54.0248 0480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:56:54.0279 0480 blbdrive - ok
21:56:54.0529 0480 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:56:54.0536 0480 bowser - ok
21:56:55.0338 0480 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
21:56:55.0340 0480 bpenum - ok
21:56:55.0546 0480 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
21:56:55.0550 0480 bpmp - ok
21:56:55.0679 0480 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
21:56:55.0681 0480 bpusb - ok
21:56:55.0922 0480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:56:55.0924 0480 BrFiltLo - ok
21:56:56.0277 0480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:56:56.0279 0480 BrFiltUp - ok
21:56:56.0544 0480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:56:56.0550 0480 Brserid - ok
21:56:56.0846 0480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:56.0849 0480 BrSerWdm - ok
21:56:57.0076 0480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:57.0085 0480 BrUsbMdm - ok
21:56:57.0508 0480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:57.0516 0480 BrUsbSer - ok
21:56:57.0697 0480 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:56:57.0699 0480 BthEnum - ok
21:56:57.0913 0480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:56:57.0916 0480 BTHMODEM - ok
21:56:58.0097 0480 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:56:58.0099 0480 BthPan - ok
21:56:58.0426 0480 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:56:58.0436 0480 BTHPORT - ok
21:56:58.0719 0480 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:56:58.0727 0480 BTHUSB - ok
21:56:58.0945 0480 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
21:56:58.0950 0480 btwampfl - ok
21:56:59.0140 0480 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
21:56:59.0141 0480 btwaudio - ok
21:56:59.0565 0480 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
21:56:59.0567 0480 btwavdt - ok
21:56:59.0856 0480 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:56:59.0858 0480 btwl2cap - ok
21:57:00.0376 0480 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
21:57:00.0377 0480 btwrchid - ok
21:57:00.0807 0480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:57:00.0810 0480 cdfs - ok
21:57:01.0071 0480 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:57:01.0075 0480 cdrom - ok
21:57:01.0340 0480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:57:01.0353 0480 circlass - ok
21:57:01.0520 0480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:57:01.0528 0480 CLFS - ok
21:57:01.0853 0480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:57:01.0865 0480 CmBatt - ok
21:57:02.0038 0480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:57:02.0040 0480 cmdide - ok
21:57:02.0319 0480 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:57:02.0327 0480 CNG - ok
21:57:02.0534 0480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:57:02.0535 0480 Compbatt - ok
21:57:02.0787 0480 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:57:02.0789 0480 CompositeBus - ok
21:57:03.0023 0480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:57:03.0039 0480 crcdisk - ok
21:57:03.0275 0480 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:57:03.0278 0480 DfsC - ok
21:57:03.0491 0480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:57:03.0492 0480 discache - ok
21:57:03.0794 0480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:57:03.0796 0480 Disk - ok
21:57:04.0046 0480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:57:04.0076 0480 drmkaud - ok
21:57:04.0403 0480 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:57:04.0415 0480 DXGKrnl - ok
21:57:04.0714 0480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:57:04.0805 0480 ebdrv - ok
21:57:05.0178 0480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:57:05.0189 0480 elxstor - ok
21:57:05.0365 0480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:57:05.0367 0480 ErrDev - ok
21:57:05.0538 0480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:57:05.0542 0480 exfat - ok
21:57:05.0935 0480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:57:05.0939 0480 fastfat - ok
21:57:06.0205 0480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:57:06.0207 0480 fdc - ok
21:57:06.0454 0480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:57:06.0475 0480 FileInfo - ok
21:57:06.0656 0480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:57:06.0667 0480 Filetrace - ok
21:57:06.0854 0480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:57:06.0896 0480 flpydisk - ok
21:57:07.0225 0480 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:57:07.0231 0480 FltMgr - ok
21:57:07.0923 0480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:57:07.0926 0480 FsDepends - ok
21:57:08.0200 0480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:57:08.0201 0480 Fs_Rec - ok
21:57:08.0391 0480 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:57:08.0396 0480 fvevol - ok
21:57:08.0595 0480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:57:08.0597 0480 gagp30kx - ok
21:57:08.0797 0480 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:57:08.0798 0480 GEARAspiWDM - ok
21:57:08.0924 0480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:57:08.0936 0480 hcw85cir - ok
21:57:09.0235 0480 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:57:09.0250 0480 HdAudAddService - ok
21:57:09.0395 0480 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:57:09.0407 0480 HDAudBus - ok
21:57:09.0622 0480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:57:09.0638 0480 HidBatt - ok
21:57:09.0778 0480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:57:09.0781 0480 HidBth - ok
21:57:09.0897 0480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:57:09.0906 0480 HidIr - ok
21:57:10.0028 0480 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:57:10.0031 0480 HidUsb - ok
21:57:10.0231 0480 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:57:10.0252 0480 HpSAMD - ok
21:57:10.0546 0480 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:57:10.0568 0480 HTTP - ok
21:57:10.0703 0480 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:57:10.0704 0480 hwpolicy - ok
21:57:10.0873 0480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:57:10.0890 0480 i8042prt - ok
21:57:11.0123 0480 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
21:57:11.0130 0480 iaStor - ok
21:57:11.0411 0480 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:57:11.0419 0480 iaStorV - ok
21:57:11.0608 0480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:57:11.0617 0480 iirsp - ok
21:57:11.0752 0480 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys
21:57:11.0756 0480 Impcd - ok
21:57:12.0120 0480 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
21:57:12.0147 0480 IntcAzAudAddService - ok
21:57:12.0366 0480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:57:12.0390 0480 intelide - ok
21:57:12.0727 0480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:57:12.0729 0480 intelppm - ok
21:57:12.0816 0480 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:57:12.0818 0480 IpFilterDriver - ok
21:57:12.0858 0480 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:57:12.0861 0480 IPMIDRV - ok
21:57:12.0897 0480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:57:12.0900 0480 IPNAT - ok
21:57:12.0954 0480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:57:12.0956 0480 IRENUM - ok
21:57:12.0998 0480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:57:13.0000 0480 isapnp - ok
21:57:13.0080 0480 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:57:13.0086 0480 iScsiPrt - ok
21:57:13.0129 0480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:57:13.0131 0480 kbdclass - ok
21:57:13.0179 0480 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:57:13.0190 0480 kbdhid - ok
21:57:13.0266 0480 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:57:13.0269 0480 KSecDD - ok
21:57:13.0345 0480 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:57:13.0348 0480 KSecPkg - ok
21:57:13.0434 0480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:57:13.0436 0480 ksthunk - ok
21:57:13.0491 0480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:57:13.0493 0480 lltdio - ok
21:57:13.0553 0480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:57:13.0560 0480 LSI_FC - ok
21:57:13.0633 0480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:57:13.0647 0480 LSI_SAS - ok
21:57:13.0693 0480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:57:13.0696 0480 LSI_SAS2 - ok
21:57:13.0721 0480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:57:13.0732 0480 LSI_SCSI - ok
21:57:13.0770 0480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:57:13.0773 0480 luafv - ok
21:57:13.0832 0480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:57:13.0835 0480 megasas - ok
21:57:13.0902 0480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:57:13.0909 0480 MegaSR - ok
21:57:13.0947 0480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:57:13.0955 0480 Modem - ok
21:57:13.0986 0480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:57:13.0987 0480 monitor - ok
21:57:14.0036 0480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:57:14.0038 0480 mouclass - ok
21:57:14.0067 0480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
21:57:14.0079 0480 mouhid - ok
21:57:14.0158 0480 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:57:14.0160 0480 mountmgr - ok
21:57:14.0216 0480 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:57:14.0220 0480 mpio - ok
21:57:14.0288 0480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:57:14.0291 0480 mpsdrv - ok
21:57:14.0386 0480 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:57:14.0428 0480 MRxDAV - ok
21:57:14.0516 0480 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:57:14.0537 0480 mrxsmb - ok
21:57:14.0586 0480 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:57:14.0592 0480 mrxsmb10 - ok
21:57:14.0651 0480 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:57:14.0662 0480 mrxsmb20 - ok
21:57:14.0708 0480 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:57:14.0710 0480 msahci - ok
21:57:14.0744 0480 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:57:14.0748 0480 msdsm - ok
21:57:14.0853 0480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:57:14.0855 0480 Msfs - ok
21:57:14.0880 0480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:57:14.0882 0480 mshidkmdf - ok
21:57:14.0897 0480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:57:14.0898 0480 msisadrv - ok
21:57:14.0984 0480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:57:14.0986 0480 MSKSSRV - ok
21:57:15.0021 0480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:57:15.0023 0480 MSPCLOCK - ok
21:57:15.0061 0480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:57:15.0063 0480 MSPQM - ok
21:57:15.0137 0480 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:57:15.0143 0480 MsRPC - ok
21:57:15.0209 0480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:57:15.0210 0480 mssmbios - ok
21:57:15.0249 0480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:57:15.0251 0480 MSTEE - ok
21:57:15.0277 0480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:57:15.0279 0480 MTConfig - ok
21:57:15.0301 0480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:57:15.0303 0480 Mup - ok
21:57:15.0405 0480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:57:15.0411 0480 NativeWifiP - ok
21:57:15.0497 0480 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:57:15.0521 0480 NDIS - ok
21:57:15.0542 0480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:57:15.0545 0480 NdisCap - ok
21:57:15.0571 0480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:57:15.0573 0480 NdisTapi - ok
21:57:15.0667 0480 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:57:15.0669 0480 Ndisuio - ok
21:57:15.0734 0480 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:57:15.0738 0480 NdisWan - ok
21:57:15.0796 0480 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:57:15.0798 0480 NDProxy - ok
21:57:15.0822 0480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:57:15.0824 0480 NetBIOS - ok
21:57:15.0905 0480 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:57:15.0923 0480 NetBT - ok
21:57:16.0277 0480 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
21:57:16.0463 0480 NETw5s64 - ok
21:57:16.0612 0480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:57:16.0615 0480 nfrd960 - ok
21:57:16.0661 0480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:57:16.0673 0480 Npfs - ok
21:57:16.0736 0480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:57:16.0737 0480 nsiproxy - ok
21:57:16.0899 0480 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:57:16.0928 0480 Ntfs - ok
21:57:16.0968 0480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:57:16.0971 0480 Null - ok
21:57:17.0010 0480 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:57:17.0012 0480 nusb3hub - ok
21:57:17.0096 0480 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:57:17.0100 0480 nusb3xhc - ok
21:57:17.0146 0480 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
21:57:17.0148 0480 NVHDA - ok
21:57:17.0649 0480 nvlddmkm (fbe6ac1c3591cb67543fad15abd26bcb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:57:17.0802 0480 nvlddmkm - ok
21:57:18.0048 0480 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:57:18.0067 0480 nvraid - ok
21:57:18.0101 0480 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:57:18.0105 0480 nvstor - ok
21:57:18.0154 0480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:57:18.0157 0480 nv_agp - ok
21:57:18.0212 0480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:57:18.0215 0480 ohci1394 - ok
21:57:18.0269 0480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:57:18.0272 0480 Parport - ok
21:57:18.0312 0480 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:57:18.0327 0480 partmgr - ok
21:57:18.0359 0480 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:57:18.0363 0480 pci - ok
21:57:18.0397 0480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:57:18.0398 0480 pciide - ok
21:57:18.0478 0480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:57:18.0482 0480 pcmcia - ok
21:57:18.0518 0480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:57:18.0520 0480 pcw - ok
21:57:18.0588 0480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:57:18.0612 0480 PEAUTH - ok
21:57:18.0717 0480 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:57:18.0751 0480 PptpMiniport - ok
21:57:18.0786 0480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:57:18.0789 0480 Processor - ok
21:57:18.0854 0480 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:57:18.0857 0480 Psched - ok
21:57:18.0997 0480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:57:19.0030 0480 ql2300 - ok
21:57:19.0121 0480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:57:19.0140 0480 ql40xx - ok
21:57:19.0173 0480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:57:19.0176 0480 QWAVEdrv - ok
21:57:19.0201 0480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:57:19.0203 0480 RasAcd - ok
21:57:19.0239 0480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:57:19.0247 0480 RasAgileVpn - ok
21:57:19.0308 0480 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:57:19.0312 0480 Rasl2tp - ok
21:57:19.0335 0480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:57:19.0338 0480 RasPppoe - ok
21:57:19.0369 0480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:57:19.0372 0480 RasSstp - ok
21:57:19.0466 0480 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:57:19.0473 0480 rdbss - ok
21:57:19.0500 0480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:57:19.0502 0480 rdpbus - ok
21:57:19.0523 0480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:57:19.0524 0480 RDPCDD - ok
21:57:19.0551 0480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:57:19.0553 0480 RDPENCDD - ok
21:57:19.0619 0480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:57:19.0620 0480 RDPREFMP - ok
21:57:19.0687 0480 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:57:19.0692 0480 RDPWD - ok
21:57:19.0773 0480 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:57:19.0788 0480 rdyboost - ok
21:57:19.0955 0480 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
21:57:19.0957 0480 regi - ok
21:57:20.0004 0480 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:57:20.0007 0480 RFCOMM - ok
21:57:20.0079 0480 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
21:57:20.0081 0480 rimspci - ok
21:57:20.0130 0480 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
21:57:20.0132 0480 risdsnpe - ok
21:57:20.0209 0480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:57:20.0211 0480 rspndr - ok
21:57:20.0287 0480 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:57:20.0303 0480 sbp2port - ok
21:57:20.0373 0480 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:57:20.0375 0480 scfilter - ok
21:57:20.0420 0480 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:57:20.0430 0480 sdbus - ok
21:57:20.0486 0480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:57:20.0487 0480 secdrv - ok
21:57:20.0544 0480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:57:20.0568 0480 Serenum - ok
21:57:20.0614 0480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:57:20.0617 0480 Serial - ok
21:57:20.0655 0480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:57:20.0657 0480 sermouse - ok
21:57:20.0722 0480 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
21:57:20.0724 0480 SFEP - ok
21:57:20.0773 0480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:57:20.0782 0480 sffdisk - ok
21:57:20.0816 0480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:57:20.0831 0480 sffp_mmc - ok
21:57:20.0878 0480 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:57:20.0885 0480 sffp_sd - ok
21:57:20.0923 0480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:57:20.0924 0480 sfloppy - ok
21:57:21.0035 0480 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:57:21.0045 0480 Sftfs - ok
21:57:21.0204 0480 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:57:21.0207 0480 Sftplay - ok
21:57:21.0392 0480 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:57:21.0393 0480 Sftredir - ok
21:57:21.0431 0480 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:57:21.0433 0480 Sftvol - ok
21:57:21.0556 0480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:57:21.0558 0480 SiSRaid2 - ok
21:57:21.0598 0480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:57:21.0601 0480 SiSRaid4 - ok
21:57:21.0643 0480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:57:21.0651 0480 Smb - ok
21:57:21.0753 0480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:57:21.0754 0480 spldr - ok
21:57:21.0921 0480 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:57:21.0930 0480 srv - ok
21:57:21.0995 0480 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:57:22.0004 0480 srv2 - ok
21:57:22.0053 0480 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:57:22.0057 0480 srvnet - ok
21:57:22.0120 0480 ssfmonm (a4c4a1fedfbed04b39efae9f1311ed5e) C:\Windows\system32\DRIVERS\ssfmonm.sys
21:57:22.0121 0480 ssfmonm - ok
21:57:22.0164 0480 ssidrv (1cc88f50bd4e6fd6eac5c5365ceb6583) C:\Windows\system32\DRIVERS\ssidrv.sys
21:57:22.0168 0480 ssidrv - ok
21:57:22.0224 0480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:57:22.0237 0480 stexstor - ok
21:57:22.0278 0480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:57:22.0280 0480 swenum - ok
21:57:22.0476 0480 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:57:22.0508 0480 Tcpip - ok
21:57:22.0573 0480 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:57:22.0596 0480 TCPIP6 - ok
21:57:22.0651 0480 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:57:22.0667 0480 tcpipreg - ok
21:57:22.0756 0480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:57:22.0758 0480 TDPIPE - ok
21:57:22.0770 0480 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:57:22.0772 0480 TDTCP - ok
21:57:22.0825 0480 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:57:22.0828 0480 tdx - ok
21:57:22.0864 0480 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:57:22.0866 0480 TermDD - ok
21:57:22.0965 0480 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:57:22.0968 0480 tssecsrv - ok
21:57:23.0016 0480 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:57:23.0018 0480 TsUsbFlt - ok
21:57:23.0073 0480 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:57:23.0076 0480 tunnel - ok
21:57:23.0124 0480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:57:23.0127 0480 uagp35 - ok
21:57:23.0207 0480 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:57:23.0214 0480 udfs - ok
21:57:23.0268 0480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:57:23.0277 0480 uliagpkx - ok
21:57:23.0329 0480 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:57:23.0331 0480 umbus - ok
21:57:23.0378 0480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:57:23.0380 0480 UmPass - ok
21:57:23.0427 0480 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:57:23.0444 0480 USBAAPL64 - ok
21:57:23.0481 0480 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:57:23.0484 0480 usbccgp - ok
21:57:23.0519 0480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:57:23.0539 0480 usbcir - ok
21:57:23.0607 0480 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:57:23.0609 0480 usbehci - ok
21:57:23.0678 0480 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:57:23.0685 0480 usbhub - ok
21:57:23.0758 0480 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:57:23.0759 0480 usbohci - ok
21:57:23.0786 0480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:57:23.0789 0480 usbprint - ok
21:57:23.0847 0480 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:57:23.0849 0480 usbscan - ok
21:57:23.0901 0480 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:57:23.0904 0480 USBSTOR - ok
21:57:23.0974 0480 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:57:23.0995 0480 usbuhci - ok
21:57:24.0027 0480 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:57:24.0031 0480 usbvideo - ok
21:57:24.0113 0480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:57:24.0114 0480 vdrvroot - ok
21:57:24.0151 0480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:57:24.0153 0480 vga - ok
21:57:24.0175 0480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:57:24.0177 0480 VgaSave - ok
21:57:24.0212 0480 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:57:24.0217 0480 vhdmp - ok
21:57:24.0241 0480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:57:24.0258 0480 viaide - ok
21:57:24.0293 0480 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:57:24.0295 0480 volmgr - ok
21:57:24.0388 0480 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:57:24.0402 0480 volmgrx - ok
21:57:24.0429 0480 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:57:24.0435 0480 volsnap - ok
21:57:24.0493 0480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:57:24.0497 0480 vsmraid - ok
21:57:24.0625 0480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:57:24.0627 0480 vwifibus - ok
21:57:24.0677 0480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:57:24.0696 0480 vwififlt - ok
21:57:24.0749 0480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:57:24.0751 0480 WacomPen - ok
21:57:24.0780 0480 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:57:24.0782 0480 WANARP - ok
21:57:24.0788 0480 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:57:24.0791 0480 Wanarpv6 - ok
21:57:24.0859 0480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:57:24.0862 0480 Wd - ok
21:57:24.0920 0480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:57:24.0931 0480 Wdf01000 - ok
21:57:24.0986 0480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:57:24.0988 0480 WfpLwf - ok
21:57:25.0018 0480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:57:25.0020 0480 WIMMount - ok
21:57:25.0110 0480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:57:25.0111 0480 WmiAcpi - ok
21:57:25.0177 0480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:57:25.0190 0480 ws2ifsl - ok
21:57:25.0251 0480 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:57:25.0254 0480 WudfPf - ok
21:57:25.0274 0480 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:57:25.0278 0480 WUDFRd - ok
21:57:25.0355 0480 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
21:57:25.0361 0480 yukonw7 - ok
21:57:25.0398 0480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:57:25.0420 0480 \Device\Harddisk0\DR0 - ok
21:57:25.0429 0480 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:57:25.0501 0480 \Device\Harddisk1\DR1 - ok
21:57:25.0508 0480 Boot (0x1200) (3219a0267e3b4c84a32621fcee4af897) \Device\Harddisk0\DR0\Partition0
21:57:25.0509 0480 \Device\Harddisk0\DR0\Partition0 - ok
21:57:25.0530 0480 Boot (0x1200) (81d42fc928afd12c3d83e0d07d25cc82) \Device\Harddisk0\DR0\Partition1
21:57:25.0532 0480 \Device\Harddisk0\DR0\Partition1 - ok
21:57:25.0538 0480 Boot (0x1200) (717e4a694c2bd8fc4c4e7463b0d396cc) \Device\Harddisk1\DR1\Partition0
21:57:25.0539 0480 \Device\Harddisk1\DR1\Partition0 - ok
21:57:25.0541 0480 ============================================================
21:57:25.0541 0480 Scan finished
21:57:25.0542 0480 ============================================================
21:57:25.0561 8908 Detected object count: 0
21:57:25.0561 8908 Actual detected object count: 0


And I ran a quick scan through MBAM but it didn't detect anything so there was no reboot..

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7970

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/17/2011 10:04:49 PM
mbam-log-2011-10-17 (22-04-49).txt

Scan type: Quick scan
Objects scanned: 179898
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Currently my computer can get online (though my internet settings are different) and I can open files and programs, but my Webroot is still sending me auto-quarantine notifications for Mal/TDSSConf-A in places like 'c:\users\owner\appdata\local\temp\tmp84a.tmp' (the only thing that changes in the file locations is at the '\tmp###' and I get even more notifications when I have webroot open as opposed to any other time...

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 PM

Posted 18 October 2011 - 02:55 PM

I still suspect a PRAGMA rootkit

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 19 October 2011 - 02:57 PM

Alright, here are the results from Gmer...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-19 14:49:15
Windows 6.1.7601 Service Pack 1
Running: 012cvt8h.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619b4b870
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd1008a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbef8b75
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619b4b870 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd1008a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbef8b75 (not active ControlSet)

---- EOF - GMER 1.0.15 ----



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 PM

Posted 19 October 2011 - 08:49 PM

OK, lets update the exploitable Java and Adobe Reader amd then do an online scan.



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 20 October 2011 - 02:31 AM

Updated Java and Adobe. The following were my results from the online scan.

C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\24432f51-691d8a44 a variant of Java/TrojanDownloader.OpenConnection.MU trojan deleted - quarantined
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2930f476-4938d7e5 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 PM

Posted 20 October 2011 - 12:06 PM

To check for and confirm the MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 20 October 2011 - 02:32 PM

Question: I have Windows 7 and while I am the administrator of the laptop when I tried to save mbr.exe into the root folder it tells me the following:

You don't have permission to save in this location. Contact the administrator to obtain permission. Would you like to save in the owner folder instead?

Is there a way to get around that or is it okay to save it to the owner folder instead?

#10 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 20 October 2011 - 02:47 PM

I managed to figure it out :D

Here are the results:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 PM

Posted 20 October 2011 - 03:23 PM

Ok, probaly needed a right click.You still have an infected MBR and will need specific guidance to remove it.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic and your MBR log.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 20 October 2011 - 06:56 PM

I did as you suggested and posted a new topic in 'Virus, Trojan, Spyware, and Malware Removal Logs' which can be found here.

I also wanted to thank you so much for the help you've been giving me.

I hope I can get my laptop back in good health sometime soon :]

#13 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 20 October 2011 - 07:00 PM

O, and on a side note do I re-enable my cd emulataion software now that I've completed those steps?

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:30 PM

Posted 21 October 2011 - 01:03 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic424386.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users