Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Redirect Virus


  • Please log in to reply
3 replies to this topic

#1 oddskies

oddskies

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 15 December 2011 - 06:44 PM

Hi there. For the past few days I have had some sort of a virus that will randomly open up new windows with several tabs in them with addresses such as "http://www.hb,rh%c2%adqv.com/", "http://www.xn--g1<!-qfa88aia6oj.com/", and "xn--<n-kna...xn--ux-ola2e/y", but the one that occurs the most is "http://www.xn--v-khn.com/". Like I said, it is random and not when I am on any particular website, although I usually have to do some clicking or browsing of some sorts for it to do it. I ran Malwarebytes and it came up with nothing. Any help would be greatly appreciated, this is getting very agitating!

Thanks
-Skyler

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 15 December 2011 - 10:42 PM

Hello Skyler ,and welcome.

Are you on a router? Are other machines on it,if so are they redirecting?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 oddskies

oddskies
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 17 December 2011 - 06:26 PM

It seems as though either Malwarebytes or TDSS Killer fixed the problem. I posted the logs below anyways, though. I am on a router, but the other computers were not having the same redirect problem. Thank you!

MiniToolBox by Farbar
Ran by Skyler (administrator) on 17-12-2011 at 15:59:04
Microsoft Windows XP Home Edition Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Disconnected)
RangeMax Wireless-N USB Adapter WN111v2 = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : SKY

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : RangeMax Wireless-N USB Adapter WN111v2

Physical Address. . . . . . . . . : 00-22-3F-9C-20-8E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, December 17, 2011 2:22:56 PM

Lease Expires . . . . . . . . . . : Sunday, December 18, 2011 2:22:56 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.227.81, 74.125.227.84, 74.125.227.80, 74.125.227.82
74.125.227.83



Pinging google.com [74.125.227.17] with 32 bytes of data:



Reply from 74.125.227.17: bytes=32 time=39ms TTL=50

Reply from 74.125.227.17: bytes=32 time=26ms TTL=49



Ping statistics for 74.125.227.17:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 39ms, Average = 32ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=58ms TTL=48

Reply from 209.191.122.70: bytes=32 time=37ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 58ms, Average = 47ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 22 3f 9c 20 8e ...... RangeMax Wireless-N USB Adapter WN111v2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/17/2011 03:10:41 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 8.0.0.4325, faulting module mozalloc.dll, version 8.0.0.4325, fault address 0x00001a57.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/17/2011 00:35:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 78834797

Error: (12/17/2011 00:35:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 78834797

Error: (12/17/2011 00:35:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/17/2011 00:35:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 78819172

Error: (12/17/2011 00:35:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 78819172

Error: (12/17/2011 00:35:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/17/2011 00:34:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 78803516

Error: (12/17/2011 00:34:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 78803516

Error: (12/17/2011 00:34:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/16/2011 02:13:12 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1053" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/16/2011 02:12:42 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1053" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/16/2011 02:11:42 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1053" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/16/2011 02:11:11 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1053" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (12/16/2011 00:24:53 AM) (Source: DCOM) (User: Skyler)
Description: The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Error: (12/16/2011 00:24:22 AM) (Source: DCOM) (User: Skyler)
Description: The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Error: (12/16/2011 00:23:51 AM) (Source: DCOM) (User: Skyler)
Description: The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Error: (12/15/2011 10:15:48 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (12/15/2011 07:19:10 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.8 for the Network Card with network address 00223F9C208E has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/14/2011 05:15:29 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Torrent (Version: 1.8.4)
32 Bit HP CIO Components Installer (Version: 6.1.1)
ABC Amber Photoshop Converter
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.10)
Adobe Reader 9.4.6 (Version: 9.4.6)
Agere Systems PCI-SV92EX Soft Modem
AIM 7
Any Video Converter 3.0.5
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.12.2.0)
Audacity 1.2.6
AVG 2011 (Version: 10.0.1415)
AVG 2011 (Version: 10.0.2108)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conduit Engine (Version: )
Cool Beans NFO Creator 2.0.1.3
CyberLink DVD Suite (Version: 6.0.2110)
CyberLink LabelPrint (Version: 2.0.3111)
CyberLink Power2Go (Version: 6.0.2115)
CyberLink PowerDVD (Version: 7.0.3409.a)
D1600 (Version: 130.0.373.000)
DeviceDiscovery (Version: 130.0.372.000)
DivX Plus Web Player (Version: 2.0.0)
DJ_SF_06_D1600_SW_Min (Version: 130.0.373.000)
Download Updater (AOL LLC)
eMachines Games (Version: 1.0.0.52)
eMachines Recovery Management (Version: 3.1.3005)
EPSON Printer Software
EPSON Scan
Google Chrome (Version: 15.0.874.121)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 5 (Version: 1.6.0.50)
JPG to PDF Converter 1.0 (Version: 1.0)
Junk Mail filter update (Version: 14.0.8050.1202)
Last.fm 1.5.4.27091
Logitech QuickCam (Version: 11.50.1169)
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Silverlight (Version: 4.0.51204.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 08.04.0623)
Microsoft Works (Version: 9.7.0621)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
musicjacker for MySpace (Version: 1.3)
Picasa 3 (Version: 3.8)
Prism Video Converter
QuickTime (Version: 7.69.80.9)
RangeMax Wireless-N USB Adapter WN111v2 (Version: 1.00.0000)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.6132)
RealUpgrade 1.0 (Version: 1.0.0)
Segoe UI (Version: 14.0.4327.805)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
SoulSeek 157 NS 13e
Status (Version: 130.0.373.000)
Switch Sound File Converter
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
uTorrentBar Toolbar (Version: 6.2.7.3)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.1 (Version: 1.0.1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows PowerShell™ 1.0 (Version: 2)
WinRAR archiver

========================= Devices: ================================

Name: NVIDIA nForce 10/100/1000 Mbps Networking Controller
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 894.42 MB
Available physical RAM: 620.37 MB
Total Pagefile: 2359.07 MB
Available Pagefile: 1756 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.13 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:139.04 GB) (Free:58.47 GB) NTFS
4 Drive f: () (Removable) (Total:0.93 GB) (Free:0.92 GB) FAT

========================= Users: ========================================

User accounts for \\SKY

Administrator Guest HelpAssistant
Skyler SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini011010-01.dmp
C:\WINDOWS\Minidump\Mini012810-01.dmp
C:\WINDOWS\Minidump\Mini020210-01.dmp
C:\WINDOWS\Minidump\Mini021111-01.dmp
C:\WINDOWS\Minidump\Mini022311-01.dmp
C:\WINDOWS\Minidump\Mini041210-01.dmp
C:\WINDOWS\Minidump\Mini041310-01.dmp
C:\WINDOWS\Minidump\Mini042011-01.dmp
C:\WINDOWS\Minidump\Mini042110-01.dmp
C:\WINDOWS\Minidump\Mini042710-01.dmp
C:\WINDOWS\Minidump\Mini043011-01.dmp
C:\WINDOWS\Minidump\Mini050510-01.dmp
C:\WINDOWS\Minidump\Mini050610-01.dmp
C:\WINDOWS\Minidump\Mini051711-01.dmp
C:\WINDOWS\Minidump\Mini051910-01.dmp
C:\WINDOWS\Minidump\Mini052010-01.dmp
C:\WINDOWS\Minidump\Mini060810-01.dmp
C:\WINDOWS\Minidump\Mini060910-01.dmp
C:\WINDOWS\Minidump\Mini061110-01.dmp
C:\WINDOWS\Minidump\Mini061410-01.dmp
C:\WINDOWS\Minidump\Mini062110-01.dmp
C:\WINDOWS\Minidump\Mini062310-01.dmp
C:\WINDOWS\Minidump\Mini062610-01.dmp
C:\WINDOWS\Minidump\Mini062910-01.dmp
C:\WINDOWS\Minidump\Mini062910-02.dmp
C:\WINDOWS\Minidump\Mini071110-01.dmp
C:\WINDOWS\Minidump\Mini071310-01.dmp
C:\WINDOWS\Minidump\Mini071410-01.dmp
C:\WINDOWS\Minidump\Mini072511-01.dmp
C:\WINDOWS\Minidump\Mini072511-02.dmp
C:\WINDOWS\Minidump\Mini072611-01.dmp
C:\WINDOWS\Minidump\Mini073011-01.dmp
C:\WINDOWS\Minidump\Mini080311-01.dmp
C:\WINDOWS\Minidump\Mini080610-01.dmp
C:\WINDOWS\Minidump\Mini080610-02.dmp
C:\WINDOWS\Minidump\Mini081010-01.dmp
C:\WINDOWS\Minidump\Mini081010-02.dmp
C:\WINDOWS\Minidump\Mini081110-01.dmp
C:\WINDOWS\Minidump\Mini081310-01.dmp
C:\WINDOWS\Minidump\Mini081510-01.dmp
C:\WINDOWS\Minidump\Mini081510-02.dmp
C:\WINDOWS\Minidump\Mini081910-01.dmp
C:\WINDOWS\Minidump\Mini090410-01.dmp
C:\WINDOWS\Minidump\Mini090610-01.dmp
C:\WINDOWS\Minidump\Mini090710-01.dmp
C:\WINDOWS\Minidump\Mini090810-01.dmp
C:\WINDOWS\Minidump\Mini090810-02.dmp
C:\WINDOWS\Minidump\Mini091510-01.dmp
C:\WINDOWS\Minidump\Mini091910-01.dmp
C:\WINDOWS\Minidump\Mini092110-01.dmp
C:\WINDOWS\Minidump\Mini092310-01.dmp
C:\WINDOWS\Minidump\Mini092310-02.dmp
C:\WINDOWS\Minidump\Mini092311-01.dmp
C:\WINDOWS\Minidump\Mini092410-01.dmp
C:\WINDOWS\Minidump\Mini092510-01.dmp
C:\WINDOWS\Minidump\Mini092610-01.dmp
C:\WINDOWS\Minidump\Mini100310-01.dmp
C:\WINDOWS\Minidump\Mini100410-01.dmp
C:\WINDOWS\Minidump\Mini101210-01.dmp
C:\WINDOWS\Minidump\Mini101410-01.dmp
C:\WINDOWS\Minidump\Mini101610-01.dmp
C:\WINDOWS\Minidump\Mini102410-01.dmp
C:\WINDOWS\Minidump\Mini102410-02.dmp
C:\WINDOWS\Minidump\Mini103011-01.dmp
C:\WINDOWS\Minidump\Mini103011-02.dmp
C:\WINDOWS\Minidump\Mini103110-01.dmp
C:\WINDOWS\Minidump\Mini110410-01.dmp
C:\WINDOWS\Minidump\Mini111210-01.dmp
C:\WINDOWS\Minidump\Mini111310-01.dmp
C:\WINDOWS\Minidump\Mini112011-01.dmp
C:\WINDOWS\Minidump\Mini112909-01.dmp
C:\WINDOWS\Minidump\Mini112909-02.dmp
C:\WINDOWS\Minidump\Mini120210-01.dmp
C:\WINDOWS\Minidump\Mini120611-01.dmp
C:\WINDOWS\Minidump\Mini120810-01.dmp
C:\WINDOWS\Minidump\Mini121409-01.dmp
C:\WINDOWS\Minidump\Mini122910-01.dmp
C:\WINDOWS\Minidump\Mini123109-01.dmp

**** End of log ****


15:56:07.0937 4968 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
15:56:08.0437 4968 ============================================================
15:56:08.0437 4968 Current date / time: 2011/12/17 15:56:08.0437
15:56:08.0437 4968 SystemInfo:
15:56:08.0437 4968
15:56:08.0437 4968 OS Version: 5.1.2600 ServicePack: 3.0
15:56:08.0437 4968 Product type: Workstation
15:56:08.0437 4968 ComputerName: SKY
15:56:08.0437 4968 UserName: Skyler
15:56:08.0437 4968 Windows directory: C:\WINDOWS
15:56:08.0437 4968 System windows directory: C:\WINDOWS
15:56:08.0437 4968 Processor architecture: Intel x86
15:56:08.0437 4968 Number of processors: 1
15:56:08.0437 4968 Page size: 0x1000
15:56:08.0437 4968 Boot type: Normal boot
15:56:08.0437 4968 ============================================================
15:56:14.0640 4968 Initialize success
15:58:54.0750 3684 ============================================================
15:58:54.0750 3684 Scan started
15:58:54.0750 3684 Mode: Manual;
15:58:54.0750 3684 ============================================================
15:58:59.0968 3684 Abiosdsk - ok
15:59:00.0125 3684 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:59:00.0484 3684 abp480n5 - ok
15:59:00.0875 3684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:59:00.0968 3684 ACPI - ok
15:59:01.0312 3684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:59:01.0546 3684 ACPIEC - ok
15:59:01.0937 3684 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:59:02.0000 3684 adpu160m - ok
15:59:02.0312 3684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:59:02.0421 3684 aec - ok
15:59:02.0781 3684 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:59:03.0171 3684 AFD - ok
15:59:03.0562 3684 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:59:04.0125 3684 AgereSoftModem - ok
15:59:04.0453 3684 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:59:04.0484 3684 agp440 - ok
15:59:04.0859 3684 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:59:05.0125 3684 agpCPQ - ok
15:59:05.0343 3684 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:59:05.0421 3684 Aha154x - ok
15:59:05.0593 3684 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:59:05.0625 3684 aic78u2 - ok
15:59:05.0765 3684 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:59:05.0781 3684 aic78xx - ok
15:59:05.0968 3684 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:59:06.0171 3684 AliIde - ok
15:59:06.0515 3684 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:59:06.0531 3684 alim1541 - ok
15:59:07.0484 3684 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
15:59:07.0984 3684 Ambfilt - ok
15:59:08.0296 3684 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:59:08.0359 3684 amdagp - ok
15:59:08.0609 3684 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:59:08.0609 3684 amsint - ok
15:59:08.0890 3684 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:59:08.0968 3684 asc - ok
15:59:09.0171 3684 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:59:09.0312 3684 asc3350p - ok
15:59:09.0500 3684 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:59:09.0531 3684 asc3550 - ok
15:59:09.0593 3684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:59:09.0625 3684 AsyncMac - ok
15:59:09.0921 3684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:59:09.0921 3684 atapi - ok
15:59:10.0156 3684 Atdisk - ok
15:59:10.0390 3684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:59:10.0515 3684 Atmarpc - ok
15:59:11.0406 3684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:59:11.0578 3684 audstub - ok
15:59:12.0625 3684 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
15:59:12.0984 3684 AVGIDSDriver - ok
15:59:13.0281 3684 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
15:59:13.0375 3684 AVGIDSEH - ok
15:59:13.0859 3684 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
15:59:13.0890 3684 AVGIDSFilter - ok
15:59:14.0515 3684 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
15:59:14.0593 3684 AVGIDSShim - ok
15:59:15.0359 3684 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:59:15.0453 3684 Avgldx86 - ok
15:59:15.0828 3684 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:59:15.0968 3684 Avgmfx86 - ok
15:59:16.0156 3684 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:59:16.0281 3684 Avgrkx86 - ok
15:59:16.0765 3684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:59:16.0843 3684 Beep - ok
15:59:16.0875 3684 catchme - ok
15:59:17.0109 3684 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:59:17.0171 3684 cbidf - ok
15:59:17.0718 3684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:59:17.0718 3684 cbidf2k - ok
15:59:18.0406 3684 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:59:18.0765 3684 CCDECODE - ok
15:59:19.0062 3684 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:59:19.0328 3684 cd20xrnt - ok
15:59:19.0656 3684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:59:19.0984 3684 Cdaudio - ok
15:59:20.0156 3684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:59:20.0406 3684 Cdfs - ok
15:59:20.0718 3684 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:59:20.0875 3684 Cdrom - ok
15:59:21.0140 3684 Changer - ok
15:59:21.0750 3684 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:59:21.0781 3684 CmdIde - ok
15:59:22.0078 3684 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:59:22.0328 3684 Cpqarray - ok
15:59:22.0796 3684 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:59:23.0046 3684 dac2w2k - ok
15:59:23.0250 3684 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:59:23.0390 3684 dac960nt - ok
15:59:23.0531 3684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:59:23.0546 3684 Disk - ok
15:59:23.0625 3684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:59:23.0781 3684 dmboot - ok
15:59:24.0250 3684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:59:24.0281 3684 dmio - ok
15:59:24.0609 3684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:59:24.0656 3684 dmload - ok
15:59:24.0937 3684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:59:24.0937 3684 DMusic - ok
15:59:25.0000 3684 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
15:59:25.0125 3684 DNINDIS5 - ok
15:59:25.0343 3684 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:59:25.0375 3684 dpti2o - ok
15:59:25.0406 3684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:59:25.0406 3684 drmkaud - ok
15:59:25.0500 3684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:59:25.0531 3684 Fastfat - ok
15:59:25.0718 3684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:59:25.0734 3684 Fdc - ok
15:59:25.0812 3684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:59:25.0906 3684 Fips - ok
15:59:26.0078 3684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:59:26.0156 3684 Flpydisk - ok
15:59:26.0250 3684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:59:26.0281 3684 FltMgr - ok
15:59:26.0359 3684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:59:26.0375 3684 Fs_Rec - ok
15:59:26.0421 3684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:59:26.0515 3684 Ftdisk - ok
15:59:26.0718 3684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:59:26.0765 3684 GEARAspiWDM - ok
15:59:26.0843 3684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:59:26.0906 3684 Gpc - ok
15:59:27.0015 3684 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:59:27.0062 3684 HDAudBus - ok
15:59:27.0281 3684 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:59:27.0296 3684 hpn - ok
15:59:27.0375 3684 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:59:27.0562 3684 HPZid412 - ok
15:59:27.0734 3684 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:59:27.0843 3684 HPZipr12 - ok
15:59:27.0906 3684 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:59:27.0968 3684 HPZius12 - ok
15:59:28.0156 3684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:59:28.0250 3684 HTTP - ok
15:59:28.0312 3684 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:59:28.0312 3684 i2omgmt - ok
15:59:28.0375 3684 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:59:28.0390 3684 i2omp - ok
15:59:28.0468 3684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:59:28.0500 3684 i8042prt - ok
15:59:28.0562 3684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:59:28.0593 3684 Imapi - ok
15:59:28.0671 3684 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:59:28.0687 3684 ini910u - ok
15:59:28.0765 3684 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\WINDOWS\system32\drivers\int15.sys
15:59:28.0812 3684 int15 - ok
15:59:28.0828 3684 int15.sys - ok
15:59:29.0031 3684 IntcAzAudAddService (994186286e1df03b5bcba765a9320e0f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:59:29.0343 3684 IntcAzAudAddService - ok
15:59:29.0500 3684 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:59:29.0515 3684 IntelIde - ok
15:59:29.0562 3684 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:59:29.0609 3684 Ip6Fw - ok
15:59:29.0640 3684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:59:29.0671 3684 IpFilterDriver - ok
15:59:29.0859 3684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:59:29.0859 3684 IpInIp - ok
15:59:29.0921 3684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:59:29.0984 3684 IpNat - ok
15:59:30.0281 3684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:59:30.0328 3684 IPSec - ok
15:59:30.0531 3684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:59:30.0718 3684 IRENUM - ok
15:59:31.0046 3684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:59:31.0156 3684 isapnp - ok
15:59:31.0468 3684 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
15:59:31.0609 3684 JSWSCIMD - ok
15:59:31.0921 3684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:59:31.0953 3684 Kbdclass - ok
15:59:32.0312 3684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:59:32.0343 3684 kmixer - ok
15:59:32.0562 3684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:59:32.0609 3684 KSecDD - ok
15:59:32.0656 3684 lbrtfdc - ok
15:59:33.0062 3684 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
15:59:33.0375 3684 LVcKap - ok
15:59:34.0109 3684 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
15:59:34.0500 3684 LVMVDrv - ok
15:59:34.0718 3684 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
15:59:34.0718 3684 LVPr2Mon - ok
15:59:34.0859 3684 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
15:59:34.0859 3684 LVUSBSta - ok
15:59:34.0921 3684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:59:34.0968 3684 mnmdd - ok
15:59:35.0078 3684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:59:35.0171 3684 Modem - ok
15:59:35.0265 3684 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
15:59:35.0328 3684 Monfilt - ok
15:59:35.0406 3684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:59:35.0453 3684 Mouclass - ok
15:59:35.0500 3684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:59:35.0500 3684 MountMgr - ok
15:59:35.0531 3684 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:59:35.0546 3684 mraid35x - ok
15:59:35.0562 3684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:59:35.0562 3684 MRxDAV - ok
15:59:35.0656 3684 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:59:35.0734 3684 MRxSmb - ok
15:59:36.0093 3684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:59:36.0109 3684 Msfs - ok
15:59:36.0312 3684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:59:36.0328 3684 MSKSSRV - ok
15:59:36.0484 3684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:59:36.0484 3684 MSPCLOCK - ok
15:59:36.0562 3684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:59:36.0593 3684 MSPQM - ok
15:59:36.0687 3684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:59:36.0703 3684 mssmbios - ok
15:59:36.0968 3684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:59:37.0015 3684 MSTEE - ok
15:59:37.0140 3684 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:59:37.0140 3684 Mup - ok
15:59:37.0500 3684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:59:37.0562 3684 NABTSFEC - ok
15:59:37.0750 3684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:59:37.0781 3684 NDIS - ok
15:59:37.0843 3684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:59:37.0859 3684 NdisIP - ok
15:59:38.0046 3684 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:59:38.0046 3684 NdisTapi - ok
15:59:38.0109 3684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:59:38.0140 3684 Ndisuio - ok
15:59:38.0218 3684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:59:38.0265 3684 NdisWan - ok
15:59:38.0359 3684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:59:38.0500 3684 NDProxy - ok
15:59:38.0750 3684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:59:38.0765 3684 NetBIOS - ok
15:59:38.0796 3684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:59:38.0828 3684 NetBT - ok
15:59:39.0093 3684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:59:39.0156 3684 Npfs - ok
15:59:39.0375 3684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:59:39.0593 3684 Ntfs - ok
15:59:39.0703 3684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:59:39.0703 3684 Null - ok
15:59:39.0937 3684 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:59:40.0187 3684 nv - ok
15:59:40.0328 3684 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:59:40.0343 3684 NVENETFD - ok
15:59:40.0421 3684 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:59:40.0421 3684 nvnetbus - ok
15:59:40.0500 3684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:59:40.0562 3684 NwlnkFlt - ok
15:59:40.0625 3684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:59:40.0625 3684 NwlnkFwd - ok
15:59:40.0718 3684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:59:40.0718 3684 Parport - ok
15:59:40.0734 3684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:59:40.0734 3684 PartMgr - ok
15:59:40.0781 3684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:59:40.0781 3684 ParVdm - ok
15:59:40.0859 3684 PbsAuDrv (ca7cb72fa9e0a1ff68c7a7637de2ac26) C:\WINDOWS\system32\drivers\pbsaudrv.sys
15:59:40.0921 3684 PbsAuDrv - ok
15:59:41.0046 3684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:59:41.0046 3684 PCI - ok
15:59:41.0078 3684 PCIDump - ok
15:59:41.0093 3684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:59:41.0093 3684 PCIIde - ok
15:59:41.0156 3684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:59:41.0171 3684 Pcmcia - ok
15:59:41.0187 3684 PDCOMP - ok
15:59:41.0218 3684 PDFRAME - ok
15:59:41.0234 3684 PDRELI - ok
15:59:41.0250 3684 PDRFRAME - ok
15:59:41.0296 3684 pepifilter (0896002d1efcd08859a41c9db34ad84c) C:\WINDOWS\system32\DRIVERS\lv302af.sys
15:59:41.0312 3684 pepifilter - ok
15:59:41.0343 3684 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:59:41.0343 3684 perc2 - ok
15:59:41.0375 3684 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:59:41.0406 3684 perc2hib - ok
15:59:41.0484 3684 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
15:59:41.0562 3684 PID_PEPI - ok
15:59:41.0781 3684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:59:41.0812 3684 PptpMiniport - ok
15:59:41.0890 3684 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:59:41.0890 3684 Processor - ok
15:59:41.0937 3684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:59:41.0968 3684 PSched - ok
15:59:42.0015 3684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:59:42.0062 3684 Ptilink - ok
15:59:42.0218 3684 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:59:42.0218 3684 ql1080 - ok
15:59:42.0265 3684 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:59:42.0296 3684 Ql10wnt - ok
15:59:42.0343 3684 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:59:42.0343 3684 ql12160 - ok
15:59:42.0375 3684 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:59:42.0421 3684 ql1240 - ok
15:59:42.0453 3684 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:59:42.0468 3684 ql1280 - ok
15:59:42.0500 3684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:59:42.0578 3684 RasAcd - ok
15:59:42.0625 3684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:59:42.0640 3684 Rasl2tp - ok
15:59:42.0671 3684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:59:42.0703 3684 RasPppoe - ok
15:59:42.0828 3684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:59:42.0859 3684 Raspti - ok
15:59:42.0984 3684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:59:43.0046 3684 Rdbss - ok
15:59:43.0203 3684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:59:43.0234 3684 RDPCDD - ok
15:59:43.0312 3684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:59:43.0343 3684 rdpdr - ok
15:59:43.0406 3684 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:59:43.0437 3684 RDPWD - ok
15:59:43.0515 3684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:59:43.0562 3684 redbook - ok
15:59:43.0796 3684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:59:43.0875 3684 Secdrv - ok
15:59:43.0984 3684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:59:44.0015 3684 Serial - ok
15:59:44.0109 3684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:59:44.0156 3684 Sfloppy - ok
15:59:44.0187 3684 Simbad - ok
15:59:44.0234 3684 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:59:44.0250 3684 sisagp - ok
15:59:44.0484 3684 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:59:44.0500 3684 SLIP - ok
15:59:44.0671 3684 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:59:44.0718 3684 Sparrow - ok
15:59:44.0859 3684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:59:44.0875 3684 splitter - ok
15:59:45.0265 3684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:59:45.0281 3684 sr - ok
15:59:45.0531 3684 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
15:59:45.0546 3684 Srv - ok
15:59:45.0671 3684 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:59:45.0687 3684 streamip - ok
15:59:45.0734 3684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:59:45.0765 3684 swenum - ok
15:59:45.0796 3684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:59:45.0828 3684 swmidi - ok
15:59:45.0890 3684 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:59:45.0890 3684 symc810 - ok
15:59:45.0937 3684 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:59:45.0953 3684 symc8xx - ok
15:59:45.0968 3684 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:59:46.0062 3684 sym_hi - ok
15:59:46.0109 3684 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:59:46.0109 3684 sym_u3 - ok
15:59:46.0156 3684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:59:46.0171 3684 sysaudio - ok
15:59:46.0343 3684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:59:46.0375 3684 Tcpip - ok
15:59:46.0593 3684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:59:46.0687 3684 TDPIPE - ok
15:59:46.0921 3684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:59:46.0937 3684 TDTCP - ok
15:59:47.0218 3684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:59:47.0218 3684 TermDD - ok
15:59:47.0390 3684 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:59:47.0390 3684 TosIde - ok
15:59:47.0468 3684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:59:47.0468 3684 Udfs - ok
15:59:47.0500 3684 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:59:47.0578 3684 ultra - ok
15:59:47.0687 3684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:59:47.0734 3684 Update - ok
15:59:47.0921 3684 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:59:47.0921 3684 USBAAPL - ok
15:59:47.0968 3684 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:59:48.0000 3684 usbaudio - ok
15:59:48.0078 3684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:59:48.0140 3684 usbccgp - ok
15:59:48.0390 3684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:59:48.0390 3684 usbehci - ok
15:59:48.0515 3684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:59:48.0546 3684 usbhub - ok
15:59:48.0578 3684 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:59:48.0578 3684 usbohci - ok
15:59:48.0656 3684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:59:48.0656 3684 usbprint - ok
15:59:48.0765 3684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:59:48.0781 3684 usbscan - ok
15:59:49.0015 3684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:59:49.0015 3684 USBSTOR - ok
15:59:49.0078 3684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:59:49.0078 3684 VgaSave - ok
15:59:49.0140 3684 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:59:49.0171 3684 viaagp - ok
15:59:49.0218 3684 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:59:49.0218 3684 ViaIde - ok
15:59:49.0265 3684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:59:49.0265 3684 VolSnap - ok
15:59:49.0312 3684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:59:49.0343 3684 Wanarp - ok
15:59:49.0468 3684 WDICA - ok
15:59:49.0671 3684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:59:49.0687 3684 wdmaud - ok
15:59:50.0234 3684 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:59:50.0296 3684 WmiAcpi - ok
15:59:50.0640 3684 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
15:59:50.0828 3684 WN111v2 - ok
15:59:51.0187 3684 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
15:59:51.0234 3684 WSIMD - ok
15:59:51.0656 3684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:59:51.0687 3684 WSTCODEC - ok
15:59:51.0828 3684 MBR (0x1B8) (7e190e8bad75beb8bf10d6c0da0e022a) \Device\Harddisk0\DR0
15:59:51.0843 3684 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
15:59:51.0843 3684 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
15:59:51.0859 3684 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
15:59:51.0875 3684 \Device\Harddisk2\DR4 - ok
15:59:51.0906 3684 Boot (0x1200) (8c7a46ab4ad4db40c0124bd4d603ef31) \Device\Harddisk0\DR0\Partition0
15:59:51.0937 3684 \Device\Harddisk0\DR0\Partition0 - ok
15:59:51.0953 3684 Boot (0x1200) (6fbea3b974cba4c4f568ab82f70fa29f) \Device\Harddisk2\DR4\Partition0
15:59:51.0953 3684 \Device\Harddisk2\DR4\Partition0 - ok
15:59:51.0953 3684 ============================================================
15:59:51.0953 3684 Scan finished
15:59:51.0953 3684 ============================================================
15:59:51.0984 4324 Detected object count: 1
15:59:51.0984 4324 Actual detected object count: 1
16:00:25.0046 4324 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
16:00:25.0046 4324 \Device\Harddisk0\DR0 - ok
16:00:25.0046 4324 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
16:00:29.0609 0804 Deinitialize success


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8388

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/17/2011 4:44:12 PM
mbam-log-2011-12-17 (16-44-12).txt

Scan type: Quick scan
Objects scanned: 180714
Time elapsed: 24 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{03D7FF6E-9781-40B5-BB7F-94291A361604} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\dtnaxfvh (Trojan.FakeAlert.Gen) -> Value: dtnaxfvh -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Skyler\local settings\temp\new.exe (Trojan.Zbot.H) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\71.tmp (PUP.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\Skyler\application data\Sun\mxd1.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Skyler\application data\Sun\cetw.txt (Malware.Trace) -> Quarantined and deleted successfully.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 17 December 2011 - 09:04 PM

Hello,looks good. This was your biggest issue from Tdss
15:59:51.0984 4324 Detected object count: 1
15:59:51.0984 4324 Actual detected object count: 1
16:00:25.0046 4324 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
16:00:25.0046 4324 \Device\Harddisk0\DR0 - ok
16:00:25.0046 4324 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
16:00:29.0609 0804 Deinitialize success


We should be sure there are no remnants or spinoffs.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users