Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects and virus sems to regenerate itself


  • This topic is locked This topic is locked
9 replies to this topic

#1 betteloop

betteloop

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phx. AZ
  • Local time:10:33 AM

Posted 05 December 2011 - 03:05 AM

Hello,
New to the site, forgive me if I step off topic or out of bounds-I did read before my post....but I still am confused as to where to start...Guide me please as necessary.
Operating system is Vista, Internet 8is the browser.Security Essential, anti malwarebyte. The initial problem was the browser redirecting-after running malwarebytes and removing indicated files and or deleting said files...computer is still slow and files seem to recreate themself and once again the redirecting continues, all settings change,-some files say they cannot be deleted or in use by other programs.
It also prevents some virus or security from downloading or starting...Please advise how I shiould proceed. Please and Thank you...


Betteloop

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 05 December 2011 - 05:14 PM

Hello and welcome.. please do these.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 betteloop

betteloop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phx. AZ
  • Local time:10:33 AM

Posted 06 December 2011 - 08:57 PM

Thanks for the reponse...
here it is

MiniToolBox by Farbar
Ran by Glenn (administrator) on 06-12-2011 at 16:02:01
Windows Vista ™ Ultimate Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































217.23.4.166 www.google-analytics.com.
217.23.4.166 ad-emea.doubleclick.net.
217.23.4.166 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros L2 Fast Ethernet 10/100Base-T Controller = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=$ subinterface=ethernet_8 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Glenn-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tc.ph.cox.net

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-19-86-00-01-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : tc.ph.cox.net
Description . . . . . . . . . . . : Atheros L2 Fast Ethernet 10/100Base-T Controller
Physical Address. . . . . . . . . : 00-1F-C6-C0-66-12
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c0be:841:1dd7:c616%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, December 06, 2011 10:58:32 AM
Lease Expires . . . . . . . . . . : Tuesday, December 06, 2011 4:58:38 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167780294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-6F-DF-02-00-1F-C6-C0-66-12
DNS Servers . . . . . . . . . . . : 68.105.28.12
68.105.29.12
68.105.28.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.tc.ph.cox.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{08DCE5D9-068F-4573-91A4-0813EBF113CF}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns2.cox.net
Address: 68.105.28.12

Name: google.com
Addresses: 173.194.64.106
173.194.64.147
173.194.64.99
173.194.64.103
173.194.64.104
173.194.64.105



Pinging google.com [173.194.64.103] with 32 bytes of data:

Reply from 173.194.64.103: bytes=32 time=66ms TTL=50

Reply from 173.194.64.103: bytes=32 time=66ms TTL=50



Ping statistics for 173.194.64.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 66ms, Maximum = 66ms, Average = 66ms

Server: cdns2.cox.net
Address: 68.105.28.12

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=46ms TTL=57

Reply from 209.191.122.70: bytes=32 time=46ms TTL=57



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 46ms, Average = 46ms

Server: cdns2.cox.net
Address: 68.105.28.12

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
13 ...00 19 86 00 01 81 ...... Bluetooth Device (Personal Area Network)
8 ...00 1f c6 c0 66 12 ...... Atheros L2 Fast Ethernet 10/100Base-T Controller
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.tc.ph.cox.net
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{08DCE5D9-068F-4573-91A4-0813EBF113CF}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.13 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.13 276
192.168.0.13 255.255.255.255 On-link 192.168.0.13 276
192.168.0.255 255.255.255.255 On-link 192.168.0.13 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.13 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.13 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
8 276 fe80::/64 On-link
8 276 fe80::c0be:841:1dd7:c616/128
On-link
1 306 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/06/2011 11:06:34 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19154, time stamp 0x4e8634f0, faulting module mshtml.dll, version 8.0.6001.19154, time stamp 0x4e864aec, exception code 0xc0000005, fault offset 0x0029cbfb,
process id 0xdb4, application start time 0xiexplore.exe0.

Error: (12/05/2011 01:23:09 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80070006

Error: (12/04/2011 03:38:54 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.6001.19154 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1f90
Start Time: 01ccb2d3248d6e90
Termination Time: 0

Error: (12/02/2011 09:09:42 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. 0xc0041801 (0xc0041801)

Error: (12/02/2011 02:15:18 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19154, time stamp 0x4e8634f0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0244d426,
process id 0xd4c, application start time 0xiexplore.exe0.

Error: (12/02/2011 08:50:25 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80070006

Error: (12/02/2011 08:49:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error on creating/using the COM+ Writers publisher interface: BackupShutdown [0x8000ffff].

Error: (12/02/2011 08:49:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IMultiInterfaceEventControl::GetSubscriptions. hr = 0x80010108.

Error: (12/02/2011 08:32:25 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80070006

Error: (12/02/2011 08:18:51 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80070006


System errors:
=============
Error: (12/06/2011 11:10:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x8007042c

Error description: The dependency service or group failed to start.

Reason: %%892

Error: (12/06/2011 11:10:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%858

Error: (12/05/2011 11:13:00 PM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (12/05/2011 10:34:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x8007042c

Error description: The dependency service or group failed to start.

Reason: %%892

Error: (12/05/2011 10:34:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%858

Error: (12/05/2011 01:25:39 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (12/05/2011 01:24:25 AM) (Source: Service Control Manager) (User: )
Description: msisadrv

Error: (12/05/2011 01:24:25 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (12/05/2011 01:24:25 AM) (Source: Service Control Manager) (User: )
Description: PEAUTH%%2

Error: (12/05/2011 01:24:25 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE


Microsoft Office Sessions:
=========================
Error: (12/06/2011 11:06:34 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.191544e8634f0mshtml.dll8.0.6001.191544e864aecc00000050029cbfbdb401ccb440b7b3c3e0

Error: (12/05/2011 01:23:09 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80070006

Error: (12/04/2011 03:38:54 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.191541f9001ccb2d3248d6e900

Error: (12/02/2011 09:09:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. 0xc0041801 (0xc0041801)

Error: (12/02/2011 02:15:18 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.191544e8634f0unknown0.0.0.000000000c00000050244d426d4c01ccb137746d2790

Error: (12/02/2011 08:50:25 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80070006

Error: (12/02/2011 08:49:00 AM) (Source: VSS)(User: )
Description: BackupShutdown0x8000ffff

Error: (12/02/2011 08:49:00 AM) (Source: VSS)(User: )
Description: IMultiInterfaceEventControl::GetSubscriptions0x80010108

Error: (12/02/2011 08:32:25 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80070006

Error: (12/02/2011 08:18:51 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80070006


=========================== Installed Programs ============================

2008 National Construction Estimator Download (Version: 1.00.0000)
2008 National Electrical Estimator Download (Version: 1.00.0000)
2008 National Home Improvement Estimator Download (Version: 1.00.0000)
2008 National Renovation and Insurance Repair Estimator Download (Version: 1.00.0000)
2008 National Repair and Remodeling Estimator Download (Version: 1.00.0000)
32 Bit HP CIO Components Installer (Version: 7.1.8)
5 Spots II
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Architectural Home Designer 9 (Version: 9.4.1.6)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
Atheros Communications Inc.® L2 Fast Ethernet Driver (Version: 2.6.7.10)
Bejeweled 2 Deluxe
Browser Hijack Recover(BHR) 3.0
BufferChm (Version: 140.0.212.000)
Carbonite (Version: 4.0.4 build 806 (Mar-03-2011))
CCleaner (Version: 3.13)
Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0)
Copy (Version: 140.0.212.000)
Core Temp version 0.99.7 (Version: 0.99.7)
Defraggler (Version: 2.05)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000)
F2400 (Version: 140.0.690.000)
Feeding Frenzy 2
File Uploader (Version: 1.2.3)
GIMP 2.6.10 (Version: 2.6.10)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 140.0.211.000)
GUN ™ (Version: 1.00.0000)
Hamsterball
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
ieSpell (Version: 2.6.4 (build 573))
Image Plugin (Version: 3.04.0226)
iMesh (Version: 11.0.0.112196)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 140.0.212.000)
MediaMonkey 3.2 (Version: 3.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Money Plus (Version: 17)
Microsoft Money Shared Libraries (Version: 17.0.0.724)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Moto Helper Service (Version: 5.5)
MotoHelper 2.0.51 Driver 5.1.0 (Version: 2.0.51)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.1.0 (Version: 5.1.0)
Motorola Phone Tools (Version: 5.0.5 1/18/2008)
Motorola Phone Tools (Version: 5.00)
Mototools Software Update (Version: 3.4.8)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.2)
NVIDIA 3D Vision Controller Driver (Version: 270.61)
NVIDIA 3D Vision Controller Driver 270.61 (Version: 270.61)
NVIDIA 3D Vision Driver 270.61 (Version: 270.61)
NVIDIA Control Panel 270.61 (Version: 270.61)
NVIDIA Graphics Driver 270.61 (Version: 270.61)
NVIDIA Install Application (Version: 2.270.54.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7061)
NVIDIA Update 1.1.34 (Version: 1.1.34)
NVIDIA Update Components (Version: 1.1.34)
PhotoScape
Picasa 3 (Version: 3.8)
Picture Control Utility (Version: 1.1.9)
Platypus II
PowerDesk 8 (Version: 8.4.0.0)
PowerDesk 8 Patch (Version: 8.4.0.0)
Print Designer GOLD 8.5.1.0
QuickBooks Pro 2006 (Version: )
QuickTime (Version: 7.3.1.70)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Status (Version: 140.0.212.000)
Super Tap a Jam
swMSM (Version: 12.0.0.1)
System Requirements Lab
Tennis Titans
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
ViewNX (Version: 1.5.1)
WebReg (Version: 140.0.212.017)
WIDCOMM Bluetooth Software (Version: 6.3.0.8200)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Sound Schemes
Yahoo! Messenger
Yahoo! Toolbar
Zuma Deluxe

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2046.51 MB
Available physical RAM: 1106.05 MB
Total Pagefile: 4332.3 MB
Available Pagefile: 3193.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.86 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:157.41 GB) (Free:114.33 GB) NTFS
2 Drive d: () (Fixed) (Total:122.07 GB) (Free:100.57 GB) NTFS
4 Drive f: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:68.52 GB) NTFS

========================= Users: ========================================

User accounts for \\GLENN-PC

Administrator ASPNET Glenn
Guest UpdatusUser

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini120511-01.dmp

**** End of log ****

and here is the result for second scan:

18:42:06.0404 3592 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
18:42:06.0622 3592 ============================================================
18:42:06.0622 3592 Current date / time: 2011/12/06 18:42:06.0622
18:42:06.0622 3592 SystemInfo:
18:42:06.0622 3592
18:42:06.0622 3592 OS Version: 6.0.6002 ServicePack: 2.0
18:42:06.0622 3592 Product type: Workstation
18:42:06.0622 3592 ComputerName: GLENN-PC
18:42:06.0622 3592 UserName: Glenn
18:42:06.0622 3592 Windows directory: C:\Windows
18:42:06.0622 3592 System windows directory: C:\Windows
18:42:06.0622 3592 Processor architecture: Intel x86
18:42:06.0622 3592 Number of processors: 2
18:42:06.0622 3592 Page size: 0x1000
18:42:06.0622 3592 Boot type: Normal boot
18:42:06.0622 3592 ============================================================
18:42:08.0307 3592 Initialize success
18:42:25.0233 5932 ============================================================
18:42:25.0233 5932 Scan started
18:42:25.0233 5932 Mode: Manual;
18:42:25.0233 5932 ============================================================
18:42:25.0654 5932 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:42:25.0654 5932 ACPI - ok
18:42:25.0732 5932 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:42:25.0748 5932 adp94xx - ok
18:42:25.0795 5932 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:42:25.0810 5932 adpahci - ok
18:42:25.0857 5932 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:42:25.0873 5932 adpu160m - ok
18:42:25.0904 5932 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:42:25.0920 5932 adpu320 - ok
18:42:25.0998 5932 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:42:26.0044 5932 AFD - ok
18:42:26.0076 5932 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:42:26.0091 5932 agp440 - ok
18:42:26.0122 5932 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:42:26.0122 5932 aic78xx - ok
18:42:26.0169 5932 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:42:26.0169 5932 aliide - ok
18:42:26.0216 5932 ALSysIO - ok
18:42:26.0278 5932 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:42:26.0278 5932 amdagp - ok
18:42:26.0310 5932 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:42:26.0310 5932 amdide - ok
18:42:26.0372 5932 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:42:26.0372 5932 AmdK7 - ok
18:42:26.0419 5932 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:42:26.0419 5932 AmdK8 - ok
18:42:26.0450 5932 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:42:26.0450 5932 arc - ok
18:42:26.0497 5932 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:42:26.0512 5932 arcsas - ok
18:42:26.0590 5932 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:26.0590 5932 AsyncMac - ok
18:42:26.0622 5932 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:42:26.0622 5932 atapi - ok
18:42:26.0668 5932 Atc002 (dbb4ef5cec65d1f7b8b924000b4f1cb4) C:\Windows\system32\DRIVERS\l260x86.sys
18:42:26.0668 5932 Atc002 - ok
18:42:26.0715 5932 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:42:26.0715 5932 Beep - ok
18:42:26.0746 5932 blbdrive - ok
18:42:26.0793 5932 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:42:26.0793 5932 bowser - ok
18:42:26.0824 5932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:42:26.0824 5932 BrFiltLo - ok
18:42:26.0856 5932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:42:26.0856 5932 BrFiltUp - ok
18:42:26.0902 5932 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:42:26.0902 5932 Brserid - ok
18:42:26.0934 5932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:42:26.0934 5932 BrSerWdm - ok
18:42:26.0965 5932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:42:26.0965 5932 BrUsbMdm - ok
18:42:26.0996 5932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:42:26.0996 5932 BrUsbSer - ok
18:42:27.0043 5932 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:42:27.0043 5932 BthEnum - ok
18:42:27.0105 5932 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
18:42:27.0105 5932 BTHMODEM - ok
18:42:27.0152 5932 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:42:27.0152 5932 BthPan - ok
18:42:27.0230 5932 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
18:42:27.0277 5932 BTHPORT - ok
18:42:27.0370 5932 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
18:42:27.0370 5932 BTHUSB - ok
18:42:27.0433 5932 BTWAMPFL (2a0de6423d6be95c96124fc66046176e) C:\Windows\system32\DRIVERS\btwampfl.sys
18:42:27.0433 5932 BTWAMPFL - ok
18:42:27.0464 5932 btwaudio (cc0a5e69d19b5c1ecc6cf9bf3acc3969) C:\Windows\system32\drivers\btwaudio.sys
18:42:27.0464 5932 btwaudio - ok
18:42:27.0495 5932 btwavdt (9abea4dc976e3f47da2d4b169719cbaa) C:\Windows\system32\drivers\btwavdt.sys
18:42:27.0495 5932 btwavdt - ok
18:42:27.0526 5932 btwl2cap (a94032a7755164e13c75e0e7409afd65) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:42:27.0542 5932 btwl2cap - ok
18:42:27.0558 5932 btwrchid (1e5468447e4d18fbea5f01267d6495a5) C:\Windows\system32\DRIVERS\btwrchid.sys
18:42:27.0573 5932 btwrchid - ok
18:42:27.0636 5932 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:27.0636 5932 cdfs - ok
18:42:27.0682 5932 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:42:27.0714 5932 cdrom - ok
18:42:27.0776 5932 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
18:42:27.0792 5932 circlass - ok
18:42:27.0854 5932 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:42:27.0854 5932 CLFS - ok
18:42:27.0932 5932 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:42:27.0932 5932 cmdide - ok
18:42:27.0963 5932 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
18:42:27.0963 5932 Compbatt - ok
18:42:28.0010 5932 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:42:28.0010 5932 crcdisk - ok
18:42:28.0041 5932 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:42:28.0041 5932 Crusoe - ok
18:42:28.0119 5932 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
18:42:28.0150 5932 CSC - ok
18:42:28.0228 5932 cur_bus (7f11342c2682b40901952cec4f928d22) C:\Windows\system32\DRIVERS\cur_bus.sys
18:42:28.0244 5932 cur_bus - ok
18:42:28.0306 5932 cur_mdfl (9f325f5b5ab0bf859f1a8a57fe562c5f) C:\Windows\system32\DRIVERS\cur_mdfl.sys
18:42:28.0322 5932 cur_mdfl - ok
18:42:28.0353 5932 cur_mdm (6374dc15a2722c7d3441e018f151a852) C:\Windows\system32\DRIVERS\cur_mdm.sys
18:42:28.0353 5932 cur_mdm - ok
18:42:28.0400 5932 cur_serd (28b374cc0efa3c3149a3e34b18275a8b) C:\Windows\system32\DRIVERS\cur_serd.sys
18:42:28.0400 5932 cur_serd - ok
18:42:28.0462 5932 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:42:28.0462 5932 DfsC - ok
18:42:28.0556 5932 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:42:28.0556 5932 disk - ok
18:42:28.0618 5932 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:42:28.0634 5932 Dot4 - ok
18:42:28.0665 5932 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:42:28.0665 5932 Dot4Print - ok
18:42:28.0759 5932 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:42:28.0806 5932 dot4usb - ok
18:42:28.0868 5932 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:42:28.0868 5932 drmkaud - ok
18:42:28.0930 5932 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:28.0962 5932 DXGKrnl - ok
18:42:29.0055 5932 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:42:29.0055 5932 E1G60 - ok
18:42:29.0118 5932 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:42:29.0118 5932 Ecache - ok
18:42:29.0180 5932 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:42:29.0196 5932 elxstor - ok
18:42:29.0274 5932 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:42:29.0305 5932 exfat - ok
18:42:29.0383 5932 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:42:29.0383 5932 fastfat - ok
18:42:29.0414 5932 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:42:29.0430 5932 fdc - ok
18:42:29.0492 5932 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:42:29.0492 5932 FileInfo - ok
18:42:29.0523 5932 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:42:29.0539 5932 Filetrace - ok
18:42:29.0586 5932 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:29.0586 5932 flpydisk - ok
18:42:29.0617 5932 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:42:29.0617 5932 FltMgr - ok
18:42:29.0679 5932 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:29.0679 5932 Fs_Rec - ok
18:42:29.0742 5932 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
18:42:29.0757 5932 fvevol - ok
18:42:29.0788 5932 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:42:29.0788 5932 gagp30kx - ok
18:42:29.0913 5932 HCW88TSE (d1b38599f3678f536eb61406f4f0da6d) C:\Windows\system32\drivers\hcw88tse.sys
18:42:29.0929 5932 HCW88TSE - ok
18:42:29.0976 5932 HCW88TUNE (36baa5ace16bb31e2b0bfaf551ac9786) C:\Windows\system32\drivers\hcw88tun.sys
18:42:29.0991 5932 HCW88TUNE - ok
18:42:30.0038 5932 hcw88vid (2688cd88b87e0f5996ed4330e42d344a) C:\Windows\system32\drivers\hcw88vid.sys
18:42:30.0054 5932 hcw88vid - ok
18:42:30.0116 5932 HCW88XBAR (462f10c8b88cddeb2fdaa47fa34793bb) C:\Windows\system32\drivers\HCW88BAR.sys
18:42:30.0147 5932 HCW88XBAR - ok
18:42:30.0210 5932 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
18:42:30.0225 5932 HdAudAddService - ok
18:42:30.0272 5932 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:42:30.0319 5932 HDAudBus - ok
18:42:30.0366 5932 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
18:42:30.0366 5932 HidBth - ok
18:42:30.0412 5932 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
18:42:30.0412 5932 HidIr - ok
18:42:30.0475 5932 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:42:30.0490 5932 HidUsb - ok
18:42:30.0537 5932 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:42:30.0537 5932 HpCISSs - ok
18:42:30.0662 5932 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:42:30.0678 5932 HTTP - ok
18:42:30.0787 5932 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:42:30.0787 5932 i2omp - ok
18:42:30.0834 5932 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:42:30.0834 5932 iaStorV - ok
18:42:30.0880 5932 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:42:30.0880 5932 iirsp - ok
18:42:30.0958 5932 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:42:30.0958 5932 intelide - ok
18:42:30.0990 5932 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:42:30.0990 5932 intelppm - ok
18:42:31.0036 5932 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:31.0052 5932 IpFilterDriver - ok
18:42:31.0068 5932 IpInIp - ok
18:42:31.0114 5932 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:42:31.0130 5932 IPMIDRV - ok
18:42:31.0161 5932 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:42:31.0177 5932 IPNAT - ok
18:42:31.0192 5932 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:42:31.0192 5932 IRENUM - ok
18:42:31.0239 5932 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:42:31.0239 5932 isapnp - ok
18:42:31.0317 5932 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:42:31.0333 5932 iScsiPrt - ok
18:42:31.0364 5932 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:42:31.0364 5932 iteatapi - ok
18:42:31.0411 5932 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:42:31.0411 5932 iteraid - ok
18:42:31.0442 5932 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:31.0458 5932 kbdclass - ok
18:42:31.0489 5932 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:31.0504 5932 kbdhid - ok
18:42:31.0567 5932 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:42:31.0598 5932 KSecDD - ok
18:42:31.0645 5932 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:31.0660 5932 lltdio - ok
18:42:31.0707 5932 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:42:31.0707 5932 LSI_FC - ok
18:42:31.0801 5932 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:42:31.0816 5932 LSI_SAS - ok
18:42:31.0848 5932 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:42:31.0848 5932 LSI_SCSI - ok
18:42:31.0879 5932 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:42:31.0879 5932 luafv - ok
18:42:31.0926 5932 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:42:31.0926 5932 megasas - ok
18:42:31.0972 5932 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:42:31.0972 5932 Modem - ok
18:42:32.0004 5932 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:42:32.0004 5932 monitor - ok
18:42:32.0066 5932 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys
18:42:32.0066 5932 motccgp - ok
18:42:32.0113 5932 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
18:42:32.0113 5932 motccgpfl - ok
18:42:32.0128 5932 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\Windows\system32\DRIVERS\motodrv.sys
18:42:32.0128 5932 MotDev - ok
18:42:32.0175 5932 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
18:42:32.0175 5932 motmodem - ok
18:42:32.0238 5932 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:32.0238 5932 mouclass - ok
18:42:32.0269 5932 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:42:32.0284 5932 mouhid - ok
18:42:32.0378 5932 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:42:32.0378 5932 MountMgr - ok
18:42:32.0440 5932 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:42:32.0487 5932 MpFilter - ok
18:42:32.0550 5932 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:42:32.0550 5932 mpio - ok
18:42:32.0596 5932 MpKsl54922535 - ok
18:42:32.0628 5932 MpKsl70ad4de9 - ok
18:42:32.0674 5932 MpKsleac4bc6d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DAA62737-E408-4D39-9672-421D0A607FB1}\MpKsleac4bc6d.sys
18:42:32.0674 5932 MpKsleac4bc6d - ok
18:42:32.0752 5932 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:42:32.0752 5932 MpNWMon - ok
18:42:32.0830 5932 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:42:32.0846 5932 mpsdrv - ok
18:42:32.0877 5932 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:42:32.0893 5932 Mraid35x - ok
18:42:32.0940 5932 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:42:32.0940 5932 MRxDAV - ok
18:42:32.0971 5932 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:32.0971 5932 mrxsmb - ok
18:42:33.0033 5932 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:33.0064 5932 mrxsmb10 - ok
18:42:33.0080 5932 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:33.0080 5932 mrxsmb20 - ok
18:42:33.0111 5932 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:42:33.0111 5932 msahci - ok
18:42:33.0158 5932 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:42:33.0158 5932 msdsm - ok
18:42:33.0205 5932 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:42:33.0205 5932 Msfs - ok
18:42:33.0252 5932 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:42:33.0252 5932 msisadrv - ok
18:42:33.0298 5932 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:33.0298 5932 MSKSSRV - ok
18:42:33.0392 5932 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:33.0392 5932 MSPCLOCK - ok
18:42:33.0423 5932 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:42:33.0439 5932 MSPQM - ok
18:42:33.0486 5932 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:42:33.0486 5932 MsRPC - ok
18:42:33.0548 5932 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:42:33.0548 5932 mssmbios - ok
18:42:33.0579 5932 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:42:33.0579 5932 MSTEE - ok
18:42:33.0642 5932 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
18:42:33.0642 5932 MTsensor - ok
18:42:33.0704 5932 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:42:33.0704 5932 Mup - ok
18:42:33.0782 5932 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:33.0782 5932 NativeWifiP - ok
18:42:33.0829 5932 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:42:33.0844 5932 NDIS - ok
18:42:33.0938 5932 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:33.0938 5932 NdisTapi - ok
18:42:33.0985 5932 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:33.0985 5932 Ndisuio - ok
18:42:34.0032 5932 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:34.0032 5932 NdisWan - ok
18:42:34.0078 5932 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:42:34.0078 5932 NDProxy - ok
18:42:34.0110 5932 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:42:34.0110 5932 NetBIOS - ok
18:42:34.0156 5932 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:42:34.0188 5932 netbt - ok
18:42:34.0250 5932 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:42:34.0266 5932 nfrd960 - ok
18:42:34.0312 5932 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:42:34.0312 5932 NisDrv - ok
18:42:34.0390 5932 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:42:34.0406 5932 Npfs - ok
18:42:34.0453 5932 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:42:34.0468 5932 nsiproxy - ok
18:42:34.0546 5932 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:42:34.0578 5932 Ntfs - ok
18:42:34.0624 5932 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:42:34.0624 5932 ntrigdigi - ok
18:42:34.0671 5932 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:42:34.0671 5932 Null - ok
18:42:34.0999 5932 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:42:35.0248 5932 nvlddmkm - ok
18:42:35.0295 5932 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:42:35.0311 5932 nvraid - ok
18:42:35.0389 5932 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:42:35.0389 5932 nvstor - ok
18:42:35.0436 5932 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:42:35.0451 5932 nv_agp - ok
18:42:35.0498 5932 NwlnkFlt - ok
18:42:35.0529 5932 NwlnkFwd - ok
18:42:35.0607 5932 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:42:35.0607 5932 ohci1394 - ok
18:42:35.0670 5932 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
18:42:35.0670 5932 Parport - ok
18:42:35.0716 5932 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:42:35.0716 5932 partmgr - ok
18:42:35.0748 5932 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
18:42:35.0748 5932 Parvdm - ok
18:42:35.0826 5932 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:42:35.0826 5932 pci - ok
18:42:35.0888 5932 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:42:35.0888 5932 pciide - ok
18:42:35.0935 5932 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:42:35.0935 5932 pcmcia - ok
18:42:35.0997 5932 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:42:36.0044 5932 PEAUTH - ok
18:42:36.0138 5932 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:36.0138 5932 PptpMiniport - ok
18:42:36.0184 5932 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:42:36.0184 5932 Processor - ok
18:42:36.0231 5932 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:42:36.0247 5932 PSched - ok
18:42:36.0325 5932 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:42:36.0340 5932 ql2300 - ok
18:42:36.0418 5932 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:42:36.0434 5932 ql40xx - ok
18:42:36.0465 5932 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:42:36.0465 5932 QWAVEdrv - ok
18:42:36.0496 5932 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:36.0512 5932 RasAcd - ok
18:42:36.0543 5932 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:36.0543 5932 Rasl2tp - ok
18:42:36.0606 5932 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:36.0606 5932 RasPppoe - ok
18:42:36.0637 5932 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:36.0652 5932 RasSstp - ok
18:42:36.0730 5932 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:36.0746 5932 rdbss - ok
18:42:36.0777 5932 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:36.0793 5932 RDPCDD - ok
18:42:36.0871 5932 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
18:42:36.0886 5932 rdpdr - ok
18:42:36.0918 5932 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:42:36.0918 5932 RDPENCDD - ok
18:42:36.0964 5932 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:42:37.0011 5932 RDPWD - ok
18:42:37.0136 5932 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:42:37.0167 5932 RFCOMM - ok
18:42:37.0245 5932 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:37.0261 5932 rspndr - ok
18:42:37.0323 5932 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:42:37.0323 5932 sbp2port - ok
18:42:37.0370 5932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:42:37.0370 5932 secdrv - ok
18:42:37.0495 5932 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
18:42:37.0495 5932 Serenum - ok
18:42:37.0542 5932 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
18:42:37.0542 5932 Serial - ok
18:42:37.0588 5932 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:42:37.0588 5932 sermouse - ok
18:42:37.0635 5932 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:42:37.0635 5932 sffdisk - ok
18:42:37.0682 5932 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:42:37.0682 5932 sffp_mmc - ok
18:42:37.0713 5932 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:42:37.0713 5932 sffp_sd - ok
18:42:37.0760 5932 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:42:37.0760 5932 sfloppy - ok
18:42:37.0822 5932 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:42:37.0822 5932 sisagp - ok
18:42:37.0854 5932 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:42:37.0854 5932 SiSRaid2 - ok
18:42:37.0885 5932 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:42:37.0900 5932 SiSRaid4 - ok
18:42:37.0963 5932 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:42:37.0978 5932 Smb - ok
18:42:38.0056 5932 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:42:38.0056 5932 spldr - ok
18:42:38.0119 5932 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:42:38.0134 5932 srv - ok
18:42:38.0166 5932 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:42:38.0166 5932 srv2 - ok
18:42:38.0212 5932 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:42:38.0212 5932 srvnet - ok
18:42:38.0275 5932 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:42:38.0275 5932 swenum - ok
18:42:38.0306 5932 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:42:38.0322 5932 Symc8xx - ok
18:42:38.0368 5932 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:42:38.0368 5932 Sym_hi - ok
18:42:38.0446 5932 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:42:38.0446 5932 Sym_u3 - ok
18:42:38.0556 5932 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:42:38.0587 5932 Tcpip - ok
18:42:38.0634 5932 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:42:38.0634 5932 Tcpip6 - ok
18:42:38.0680 5932 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:42:38.0680 5932 tcpipreg - ok
18:42:38.0712 5932 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:42:38.0712 5932 TDPIPE - ok
18:42:38.0758 5932 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:42:38.0758 5932 TDTCP - ok
18:42:38.0836 5932 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:42:38.0868 5932 tdx - ok
18:42:38.0946 5932 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:42:38.0946 5932 TermDD - ok
18:42:38.0992 5932 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:38.0992 5932 tssecsrv - ok
18:42:39.0055 5932 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:42:39.0055 5932 tunmp - ok
18:42:39.0086 5932 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:42:39.0086 5932 tunnel - ok
18:42:39.0133 5932 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:42:39.0133 5932 uagp35 - ok
18:42:39.0195 5932 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:42:39.0195 5932 udfs - ok
18:42:39.0258 5932 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:42:39.0258 5932 uliagpkx - ok
18:42:39.0304 5932 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:42:39.0336 5932 uliahci - ok
18:42:39.0351 5932 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:42:39.0367 5932 UlSata - ok
18:42:39.0398 5932 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:42:39.0398 5932 ulsata2 - ok
18:42:39.0460 5932 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:42:39.0460 5932 umbus - ok
18:42:39.0570 5932 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:39.0570 5932 usbccgp - ok
18:42:39.0601 5932 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
18:42:39.0616 5932 usbcir - ok
18:42:39.0663 5932 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:42:39.0663 5932 usbehci - ok
18:42:39.0710 5932 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:42:39.0726 5932 usbhub - ok
18:42:39.0772 5932 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:42:39.0772 5932 usbohci - ok
18:42:39.0819 5932 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:42:39.0819 5932 usbprint - ok
18:42:39.0897 5932 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:42:39.0897 5932 usbscan - ok
18:42:39.0944 5932 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:39.0944 5932 USBSTOR - ok
18:42:39.0991 5932 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:42:39.0991 5932 usbuhci - ok
18:42:40.0053 5932 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:40.0053 5932 vga - ok
18:42:40.0116 5932 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:42:40.0116 5932 VgaSave - ok
18:42:40.0147 5932 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:42:40.0147 5932 viaagp - ok
18:42:40.0209 5932 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:42:40.0209 5932 ViaC7 - ok
18:42:40.0240 5932 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:42:40.0240 5932 viaide - ok
18:42:40.0303 5932 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:42:40.0303 5932 volmgr - ok
18:42:40.0365 5932 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:42:40.0381 5932 volmgrx - ok
18:42:40.0412 5932 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:42:40.0412 5932 volsnap - ok
18:42:40.0474 5932 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:42:40.0474 5932 vsmraid - ok
18:42:40.0521 5932 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:42:40.0537 5932 WacomPen - ok
18:42:40.0599 5932 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:40.0599 5932 Wanarp - ok
18:42:40.0599 5932 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:40.0599 5932 Wanarpv6 - ok
18:42:40.0646 5932 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:42:40.0646 5932 Wd - ok
18:42:40.0740 5932 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
18:42:40.0771 5932 winusb - ok
18:42:40.0896 5932 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:42:40.0896 5932 WmiAcpi - ok
18:42:40.0974 5932 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:42:40.0989 5932 WpdUsb - ok
18:42:41.0036 5932 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:41.0036 5932 ws2ifsl - ok
18:42:41.0083 5932 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:41.0083 5932 WUDFRd - ok
18:42:41.0130 5932 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:42:41.0145 5932 \Device\Harddisk0\DR0 - ok
18:42:41.0504 5932 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:42:41.0504 5932 \Device\Harddisk1\DR1 - ok
18:42:41.0520 5932 Boot (0x1200) (1ed238b341d377b24604199d5344c86f) \Device\Harddisk0\DR0\Partition0
18:42:41.0520 5932 \Device\Harddisk0\DR0\Partition0 - ok
18:42:41.0535 5932 Boot (0x1200) (48fb4e5d373c00300a959c50da6838ec) \Device\Harddisk0\DR0\Partition1
18:42:41.0535 5932 \Device\Harddisk0\DR0\Partition1 - ok
18:42:41.0535 5932 Boot (0x1200) (e3a91645ea2ec65b9aea07843a42a1a0) \Device\Harddisk1\DR1\Partition0
18:42:41.0535 5932 \Device\Harddisk1\DR1\Partition0 - ok
18:42:41.0535 5932 ============================================================
18:42:41.0535 5932 Scan finished
18:42:41.0535 5932 ============================================================
18:42:41.0551 3096 Detected object count: 0
18:42:41.0551 3096 Actual detected object count: 0




And here is the final scan you requested...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8325

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/6/2011 6:53:56 PM
mbam-log-2011-12-06 (18-53-56).txt

Scan type: Quick scan
Objects scanned: 197554
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Thank You so much...is there something else necessary or is itnow fixed? Ill look for your notes regarding review of scans....

betteloop

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 06 December 2011 - 10:58 PM

Your HOSTS file is infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


Do yopu do any banking or financials on here?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 betteloop

betteloop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phx. AZ
  • Local time:10:33 AM

Posted 06 December 2011 - 11:35 PM

Account balance stuff like that...ebay or paypal transactions if those count. My roommate just sold some coins on ebay. Is this a problem? I just ran fixit and am going to restart now.

Thank you for your help...Ill be back after reboot.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 07 December 2011 - 11:48 AM

I asked because this is our (BC) opinion on a backdoor infection.

One of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 betteloop

betteloop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phx. AZ
  • Local time:10:33 AM

Posted 09 December 2011 - 06:54 AM

Hello Again,
Thank you for your honest answer. After discussing with the rightful owner of computer and going over pros and cons, and everything you have told me, he would like to proceed without reformatting or re-installing OS- seeing how the nature of the hijacking has been mostly just one of inconvenience for the user and not per say the attack or abuse of any personal/confidential information. For the time being transactions of the personal sort will be executed on a seperate computer. He says it will take some time to get special permissions and or product codes for many of the ptograms he runs to provide estimates and/or design layouts for potential customers (apparently too many hard drive failures result in too many authorized installs).
So if you have any further instructions and or advice to continue with the removal of infections pleaase advise. The computer is running much better and Ive not noticed any redirecting or hi-jacking, but we are still unable to save and remember log ons and passwords. I respond to re security essentials when it says a threat needs to be removed, but I am unsure of how oftem I need to do a full scan or if I should be running new sans periodically to see if new issues arrive. hopegully you will be able to give me an idea as to how to proceed.
Once again Thank you for the time you have invested and the help you have offered thus far.
Until next time,
kind regards,
Betteloop

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 09 December 2011 - 04:08 PM

Ok,,, Then We need a deeper look yo find and remove evrything.
. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 betteloop

betteloop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phx. AZ
  • Local time:10:33 AM

Posted 09 December 2011 - 05:48 PM

Hello again...I think it went well, i posted dds, gmer and ark. logs in malware removal topic as instructed...however I was/am confused as to posting a link back to this topic....?? Not sure if you meant old topic or new topic...needless to say I did not post a link- other than the new post. I apologize if Ive made things difficult.

Thanx again...
betteloop

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 09 December 2011 - 09:38 PM

Hello,that looks fine.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 3 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users