Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gimmeamnswrs and happili infection


  • Please log in to reply
5 replies to this topic

#1 gimmeanswers

gimmeanswers

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 03 March 2012 - 06:54 PM

Firefox is redirecting to gimmeanswers and happili...

Tried resetting values in about:config on a clean uninstall/re-install of Firefox; couldn't get "reset" option from gray to black.

Ran MalwareBytes - after it cleaned out 1 trojan, I ran this GMER - totally clean (ran with everything closed and disconnected from internet).

MBAM:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jennifer :: JENNIFER-PC [administrator]

3/3/2012 4:28:48 PM
mbam-log-2012-03-03 (16-28-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208788
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:23 PM

Posted 03 March 2012 - 08:11 PM

Hello and welcome. Let's see what we get from these.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

>>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 gimmeanswers

gimmeanswers
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 04 March 2012 - 03:14 PM

Here is the minitoolbox log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Jennifer (administrator) on 04-03-2012 at 14:10:48
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

NETGEAR WNA1100 Wireless-N 150 USB Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jennifer-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 36-46-9A-20-33-99
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : NETGEAR WNA1100 Wireless-N 150 USB Adapter
Physical Address. . . . . . . . . : 30-46-9A-20-33-99
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9de6:1b80:1eff:9f29%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.130(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 04, 2012 12:54:37 PM
Lease Expires . . . . . . . . . . : Monday, March 05, 2012 2:05:14 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 405816986
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-B3-D5-C5-90-FB-A6-E3-A1-18
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 90-FB-A6-E3-A1-18
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c23:60a:3f57:fe7d(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c23:60a:3f57:fe7d%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.hsd1.tx.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9D3378E3-9967-49E7-998F-C569D43239DB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FFEE37D3-F785-437C-9BCA-57B208E60AC9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 74.125.227.1
74.125.227.7
74.125.227.8
74.125.227.0
74.125.227.5
74.125.227.3
74.125.227.4
74.125.227.9
74.125.227.6
74.125.227.2
74.125.227.14


Pinging google.com [74.125.227.102] with 32 bytes of data:
Reply from 74.125.227.102: bytes=32 time=19ms TTL=54
Reply from 74.125.227.102: bytes=32 time=15ms TTL=54

Ping statistics for 74.125.227.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 19ms, Average = 17ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 75.75.76.76

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
98.139.127.62


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=18ms TTL=51
Reply from 209.191.122.70: bytes=32 time=137ms TTL=51

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 137ms, Average = 77ms
Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...36 46 9a 20 33 99 ......Microsoft Virtual WiFi Miniport Adapter
11...30 46 9a 20 33 99 ......NETGEAR WNA1100 Wireless-N 150 USB Adapter
10...90 fb a6 e3 a1 18 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.130 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.130 281
192.168.1.130 255.255.255.255 On-link 192.168.1.130 281
192.168.1.255 255.255.255.255 On-link 192.168.1.130 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.130 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.130 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:1c23:60a:3f57:fe7d/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::1c23:60a:3f57:fe7d/128
On-link
11 281 fe80::9de6:1b80:1eff:9f29/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/04/2012 02:10:22 PM) (Source: Application Hang) (User: )
Description: The program MiniToolBox.exe version 3.3.6.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 129c

Start Time: 01ccfa42835b21d0

Termination Time: 15

Application Path: C:\Users\Jennifer\Downloads\MiniToolBox.exe

Report Id:

Error: (03/04/2012 11:14:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1194577

Error: (03/04/2012 11:14:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1194577

Error: (03/04/2012 11:14:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/23/2012 07:52:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7207

Error: (02/23/2012 07:52:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7207

Error: (02/23/2012 07:52:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/23/2012 07:52:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6022

Error: (02/23/2012 07:52:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6022

Error: (02/23/2012 07:52:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/03/2012 01:22:54 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service hung on starting.

Error: (03/03/2012 11:25:53 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/03/2012 11:25:53 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/03/2012 11:25:51 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/03/2012 11:25:46 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/03/2012 11:25:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswSnx
aswSP
aswTdi
discache
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6

Error: (02/17/2012 04:11:49 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/20/2012 07:25:26 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9DB59268-998C-4C88-AE74-7C2D0E1D35A5} because another computer on the network has the same name. The server could not start.

Error: (01/20/2012 07:25:01 AM) (Source: Service Control Manager) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error:
%%1053

Error: (01/20/2012 07:25:01 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Acer Arcade Deluxe (Version: 4.1.7405)
Acer Arcade Movie (Version: 9.0.6205)
Acer eRecovery Management (Version: 4.05.3007)
Acer Game Console
Acer Games (Version: 1.0.0.80)
Acer Registration (Version: 1.02.3006)
Acer ScreenSaver (Version: 1.1.0812)
Acer Updater (Version: 1.02.3001)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader 9.5.0 MUI (Version: 9.5.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Advertising Center (Version: 0.0.0.2)
AMD DnD V1.0.20 (Version: 1.0.20)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 10.12.0.00210)
ATI Catalyst Install Manager (Version: 3.0.765.0)
avast! Free Antivirus (Version: 7.0.1407.0)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Blackhawk Striker 2 (Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Build-a-lot 2 (Version: 2.2.0.82)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Light (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2206.39615)
Catalyst Control Center InstallProxy (Version: 2010.0210.2206.39615)
Catalyst Control Center Localization All (Version: 2010.0210.2206.39615)
ccc-core-static (Version: 2010.0210.2206.39615)
ccc-utility64 (Version: 2010.0210.2206.39615)
CCC Help Chinese Standard (Version: 2010.0210.2205.39615)
CCC Help Chinese Traditional (Version: 2010.0210.2205.39615)
CCC Help Czech (Version: 2010.0210.2205.39615)
CCC Help Danish (Version: 2010.0210.2205.39615)
CCC Help Dutch (Version: 2010.0210.2205.39615)
CCC Help English (Version: 2010.0210.2205.39615)
CCC Help Finnish (Version: 2010.0210.2205.39615)
CCC Help French (Version: 2010.0210.2205.39615)
CCC Help German (Version: 2010.0210.2205.39615)
CCC Help Greek (Version: 2010.0210.2205.39615)
CCC Help Hungarian (Version: 2010.0210.2205.39615)
CCC Help Italian (Version: 2010.0210.2205.39615)
CCC Help Japanese (Version: 2010.0210.2205.39615)
CCC Help Korean (Version: 2010.0210.2205.39615)
CCC Help Norwegian (Version: 2010.0210.2205.39615)
CCC Help Polish (Version: 2010.0210.2205.39615)
CCC Help Portuguese (Version: 2010.0210.2205.39615)
CCC Help Russian (Version: 2010.0210.2205.39615)
CCC Help Spanish (Version: 2010.0210.2205.39615)
CCC Help Swedish (Version: 2010.0210.2205.39615)
CCC Help Thai (Version: 2010.0210.2205.39615)
CCC Help Turkish (Version: 2010.0210.2205.39615)
Cisco Connect (Version: 1.2.10218.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
eBay Worldwide (Version: 2.1.0901)
Escape Rosecliff Island (Version: 2.2.0.82)
eSobi v2 (Version: 2.0.4.000274)
Faerie Solitaire (Version: 2.2.0.82)
FATE - The Traitor Soul (Version: 2.2.0.82)
Fax (Version: 130.0.418.000)
Google Update Helper (Version: 1.3.21.99)
GPBaseService2 (Version: 130.0.371.000)
Haali Media Splitter
Hotkey Utility (Version: 2.05.3003)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Solution Center 13.0 (Version: 13.0)
HPProductAssistant (Version: 130.0.371.000)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
inSSIDer 2.0 (Version: 2.0.7)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Jewel Quest Solitaire 3 (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MediaShow Espresso (Version: 5.5.1403_23691)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Monopoly (Version: 2.2.0.82)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - Lost in Los Angeles (Version: 2.2.0.82)
MyWinLocker (Version: 3.1.206.0)
MyWinLocker Suite (Version: 3.1.206.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.16.0.100)
NeroExpress (Version: 9.4.33.100)
neroxml (Version: 1.0.0)
NETGEAR WNA1100 wireless USB 2.0 adapter (Version: 1.0.0.133)
Network64 (Version: 130.0.374.000)
OpenOffice.org 3.3 (Version: 3.3.9567)
Penguins! (Version: 2.2.0.82)
Plants vs. Zombies (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6045)
Safari (Version: 5.34.52.7)
Scan (Version: 13.0.0.0)
Scrabble Plus (Version: 2.2.0.82)
Shredder (Version: 2.0.5.0)
Skype™ 5.3 (Version: 5.3.120)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
The Price is Right (Version: 2.2.0.82)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - A New Home (Version: 2.2.0.82)
WebReg (Version: 130.0.132.017)
Welcome Center (Version: 1.00.3013)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahtzee (Version: 2.2.0.82)
Zuma Deluxe (Version: 2.2.0.82)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3823.76 MB
Available physical RAM: 2925.05 MB
Total Pagefile: 7645.72 MB
Available Pagefile: 6361.56 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.46 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:577.01 GB) (Free:467.03 GB) NTFS
2 Drive d: (FROGGER) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\JENNIFER-PC

Administrator Guest Jennifer


**** End of log ****

#4 gimmeanswers

gimmeanswers
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 04 March 2012 - 03:18 PM

TDSSkiller did not require a reboot - it says it found nothing... here is the log:

14:16:47.0264 0704 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
14:16:47.0592 0704 ============================================================
14:16:47.0592 0704 Current date / time: 2012/03/04 14:16:47.0592
14:16:47.0592 0704 SystemInfo:
14:16:47.0592 0704
14:16:47.0592 0704 OS Version: 6.1.7601 ServicePack: 1.0
14:16:47.0592 0704 Product type: Workstation
14:16:47.0592 0704 ComputerName: JENNIFER-PC
14:16:47.0592 0704 UserName: Jennifer
14:16:47.0592 0704 Windows directory: C:\Windows
14:16:47.0592 0704 System windows directory: C:\Windows
14:16:47.0592 0704 Running under WOW64
14:16:47.0592 0704 Processor architecture: Intel x64
14:16:47.0592 0704 Number of processors: 2
14:16:47.0592 0704 Page size: 0x1000
14:16:47.0592 0704 Boot type: Normal boot
14:16:47.0592 0704 ============================================================
14:16:47.0950 0704 Drive \Device\Harddisk0\DR0 - Size: 0x9507050000 (596.11 Gb), SectorSize: 0x200, Cylinders: 0x12FF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:16:47.0997 0704 \Device\Harddisk0\DR0:
14:16:47.0997 0704 MBR used
14:16:47.0997 0704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
14:16:47.0997 0704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x48205000
14:16:48.0028 0704 Initialize success
14:16:48.0028 0704 ============================================================
14:16:52.0162 1212 ============================================================
14:16:52.0162 1212 Scan started
14:16:52.0162 1212 Mode: Manual;
14:16:52.0162 1212 ============================================================
14:16:52.0396 1212 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:16:52.0396 1212 1394ohci - ok
14:16:52.0443 1212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:16:52.0459 1212 ACPI - ok
14:16:52.0490 1212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:16:52.0506 1212 AcpiPmi - ok
14:16:52.0568 1212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:16:52.0584 1212 adp94xx - ok
14:16:52.0599 1212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:16:52.0615 1212 adpahci - ok
14:16:52.0630 1212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:16:52.0630 1212 adpu320 - ok
14:16:52.0693 1212 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:16:52.0708 1212 AFD - ok
14:16:52.0755 1212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:16:52.0755 1212 agp440 - ok
14:16:52.0786 1212 ahcix64s (367bb1682a128ddf23182b370769771e) C:\Windows\system32\DRIVERS\ahcix64s.sys
14:16:52.0786 1212 ahcix64s - ok
14:16:52.0818 1212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:16:52.0818 1212 aliide - ok
14:16:52.0864 1212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:16:52.0864 1212 amdide - ok
14:16:52.0896 1212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:16:52.0896 1212 AmdK8 - ok
14:16:53.0036 1212 amdkmdag (9337b5fabc03ca44cd355f700da9b25b) C:\Windows\system32\DRIVERS\atipmdag.sys
14:16:53.0176 1212 amdkmdag - ok
14:16:53.0208 1212 amdkmdap (560688a447e7a87f43774a2ff23a3e52) C:\Windows\system32\DRIVERS\atikmpag.sys
14:16:53.0208 1212 amdkmdap - ok
14:16:53.0223 1212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:16:53.0223 1212 AmdPPM - ok
14:16:53.0270 1212 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:16:53.0270 1212 amdsata - ok
14:16:53.0317 1212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:16:53.0317 1212 amdsbs - ok
14:16:53.0332 1212 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:16:53.0332 1212 amdxata - ok
14:16:53.0379 1212 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:16:53.0379 1212 AppID - ok
14:16:53.0426 1212 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:16:53.0426 1212 arc - ok
14:16:53.0426 1212 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:16:53.0442 1212 arcsas - ok
14:16:53.0488 1212 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
14:16:53.0488 1212 aswFsBlk - ok
14:16:53.0566 1212 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
14:16:53.0566 1212 aswMonFlt - ok
14:16:53.0629 1212 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
14:16:53.0629 1212 aswRdr - ok
14:16:53.0707 1212 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
14:16:53.0707 1212 aswSnx - ok
14:16:53.0754 1212 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
14:16:53.0754 1212 aswSP - ok
14:16:53.0769 1212 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
14:16:53.0769 1212 aswTdi - ok
14:16:53.0816 1212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:16:53.0816 1212 AsyncMac - ok
14:16:53.0847 1212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:16:53.0847 1212 atapi - ok
14:16:53.0894 1212 athur (c579174daf19e9330c31c95df1471380) C:\Windows\system32\DRIVERS\athurx.sys
14:16:53.0941 1212 athur - ok
14:16:53.0988 1212 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
14:16:53.0988 1212 AtiHdmiService - ok
14:16:54.0034 1212 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:16:54.0034 1212 AtiPcie - ok
14:16:54.0081 1212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:16:54.0097 1212 b06bdrv - ok
14:16:54.0128 1212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:16:54.0128 1212 b57nd60a - ok
14:16:54.0159 1212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:16:54.0159 1212 Beep - ok
14:16:54.0206 1212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:16:54.0206 1212 blbdrive - ok
14:16:54.0253 1212 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:16:54.0253 1212 bowser - ok
14:16:54.0268 1212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:16:54.0268 1212 BrFiltLo - ok
14:16:54.0284 1212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:16:54.0284 1212 BrFiltUp - ok
14:16:54.0300 1212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:16:54.0315 1212 Brserid - ok
14:16:54.0315 1212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:16:54.0315 1212 BrSerWdm - ok
14:16:54.0331 1212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:16:54.0331 1212 BrUsbMdm - ok
14:16:54.0331 1212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:16:54.0331 1212 BrUsbSer - ok
14:16:54.0362 1212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:16:54.0362 1212 BTHMODEM - ok
14:16:54.0378 1212 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:16:54.0378 1212 cdfs - ok
14:16:54.0409 1212 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:16:54.0424 1212 cdrom - ok
14:16:54.0440 1212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:16:54.0440 1212 circlass - ok
14:16:54.0456 1212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:16:54.0471 1212 CLFS - ok
14:16:54.0487 1212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:16:54.0487 1212 CmBatt - ok
14:16:54.0502 1212 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:16:54.0502 1212 cmdide - ok
14:16:54.0534 1212 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:16:54.0534 1212 CNG - ok
14:16:54.0549 1212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:16:54.0549 1212 Compbatt - ok
14:16:54.0596 1212 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:16:54.0596 1212 CompositeBus - ok
14:16:54.0612 1212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:16:54.0612 1212 crcdisk - ok
14:16:54.0674 1212 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:16:54.0674 1212 DfsC - ok
14:16:54.0705 1212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:16:54.0705 1212 discache - ok
14:16:54.0736 1212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:16:54.0736 1212 Disk - ok
14:16:54.0783 1212 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:16:54.0783 1212 Dot4 - ok
14:16:54.0846 1212 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
14:16:54.0846 1212 Dot4Print - ok
14:16:54.0861 1212 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:16:54.0861 1212 dot4usb - ok
14:16:54.0892 1212 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:16:54.0892 1212 drmkaud - ok
14:16:54.0939 1212 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:16:54.0955 1212 DXGKrnl - ok
14:16:55.0048 1212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:16:55.0111 1212 ebdrv - ok
14:16:55.0142 1212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:16:55.0158 1212 elxstor - ok
14:16:55.0189 1212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:16:55.0189 1212 ErrDev - ok
14:16:55.0204 1212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:16:55.0220 1212 exfat - ok
14:16:55.0236 1212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:16:55.0236 1212 fastfat - ok
14:16:55.0251 1212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:16:55.0251 1212 fdc - ok
14:16:55.0282 1212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:16:55.0282 1212 FileInfo - ok
14:16:55.0298 1212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:16:55.0298 1212 Filetrace - ok
14:16:55.0298 1212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:16:55.0298 1212 flpydisk - ok
14:16:55.0345 1212 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:16:55.0345 1212 FltMgr - ok
14:16:55.0360 1212 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:16:55.0360 1212 FsDepends - ok
14:16:55.0376 1212 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:16:55.0376 1212 Fs_Rec - ok
14:16:55.0423 1212 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:16:55.0423 1212 fvevol - ok
14:16:55.0438 1212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:16:55.0438 1212 gagp30kx - ok
14:16:55.0501 1212 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:16:55.0501 1212 GEARAspiWDM - ok
14:16:55.0563 1212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:16:55.0563 1212 hcw85cir - ok
14:16:55.0610 1212 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:16:55.0626 1212 HdAudAddService - ok
14:16:55.0641 1212 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:16:55.0641 1212 HDAudBus - ok
14:16:55.0672 1212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:16:55.0672 1212 HidBatt - ok
14:16:55.0672 1212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:16:55.0672 1212 HidBth - ok
14:16:55.0688 1212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:16:55.0688 1212 HidIr - ok
14:16:55.0735 1212 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:16:55.0735 1212 HidUsb - ok
14:16:55.0797 1212 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:16:55.0797 1212 HpSAMD - ok
14:16:55.0844 1212 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:16:55.0860 1212 HTTP - ok
14:16:55.0891 1212 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:16:55.0891 1212 hwpolicy - ok
14:16:55.0938 1212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:16:55.0938 1212 i8042prt - ok
14:16:55.0953 1212 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:16:55.0969 1212 iaStorV - ok
14:16:55.0984 1212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:16:55.0984 1212 iirsp - ok
14:16:56.0062 1212 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
14:16:56.0078 1212 IntcAzAudAddService - ok
14:16:56.0094 1212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:16:56.0094 1212 intelide - ok
14:16:56.0109 1212 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:16:56.0125 1212 intelppm - ok
14:16:56.0140 1212 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:16:56.0140 1212 IpFilterDriver - ok
14:16:56.0156 1212 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:16:56.0172 1212 IPMIDRV - ok
14:16:56.0203 1212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:16:56.0203 1212 IPNAT - ok
14:16:56.0250 1212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:16:56.0250 1212 IRENUM - ok
14:16:56.0265 1212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:16:56.0265 1212 isapnp - ok
14:16:56.0296 1212 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:16:56.0296 1212 iScsiPrt - ok
14:16:56.0312 1212 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
14:16:56.0312 1212 JSWPSLWF - ok
14:16:56.0343 1212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:16:56.0343 1212 kbdclass - ok
14:16:56.0374 1212 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:16:56.0374 1212 kbdhid - ok
14:16:56.0406 1212 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:16:56.0421 1212 KSecDD - ok
14:16:56.0437 1212 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:16:56.0437 1212 KSecPkg - ok
14:16:56.0452 1212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:16:56.0452 1212 ksthunk - ok
14:16:56.0484 1212 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:16:56.0499 1212 lltdio - ok
14:16:56.0546 1212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:16:56.0546 1212 LSI_FC - ok
14:16:56.0562 1212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:16:56.0562 1212 LSI_SAS - ok
14:16:56.0577 1212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:16:56.0577 1212 LSI_SAS2 - ok
14:16:56.0593 1212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:16:56.0593 1212 LSI_SCSI - ok
14:16:56.0640 1212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:16:56.0640 1212 luafv - ok
14:16:56.0702 1212 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
14:16:56.0718 1212 LVUSBS64 - ok
14:16:56.0733 1212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:16:56.0733 1212 megasas - ok
14:16:56.0749 1212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:16:56.0764 1212 MegaSR - ok
14:16:56.0764 1212 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:16:56.0780 1212 Modem - ok
14:16:56.0796 1212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:16:56.0796 1212 monitor - ok
14:16:56.0827 1212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:16:56.0827 1212 mouclass - ok
14:16:56.0858 1212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:16:56.0874 1212 mouhid - ok
14:16:56.0905 1212 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:16:56.0905 1212 mountmgr - ok
14:16:56.0936 1212 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:16:56.0936 1212 mpio - ok
14:16:56.0952 1212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:16:56.0952 1212 mpsdrv - ok
14:16:56.0983 1212 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:16:56.0983 1212 MRxDAV - ok
14:16:57.0030 1212 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:16:57.0030 1212 mrxsmb - ok
14:16:57.0076 1212 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:16:57.0076 1212 mrxsmb10 - ok
14:16:57.0092 1212 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:16:57.0092 1212 mrxsmb20 - ok
14:16:57.0123 1212 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:16:57.0123 1212 msahci - ok
14:16:57.0139 1212 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:16:57.0139 1212 msdsm - ok
14:16:57.0170 1212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:16:57.0170 1212 Msfs - ok
14:16:57.0186 1212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:16:57.0186 1212 mshidkmdf - ok
14:16:57.0201 1212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:16:57.0201 1212 msisadrv - ok
14:16:57.0232 1212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:16:57.0232 1212 MSKSSRV - ok
14:16:57.0248 1212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:16:57.0248 1212 MSPCLOCK - ok
14:16:57.0248 1212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:16:57.0248 1212 MSPQM - ok
14:16:57.0295 1212 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:16:57.0295 1212 MsRPC - ok
14:16:57.0310 1212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:16:57.0310 1212 mssmbios - ok
14:16:57.0326 1212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:16:57.0326 1212 MSTEE - ok
14:16:57.0326 1212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:16:57.0326 1212 MTConfig - ok
14:16:57.0342 1212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:16:57.0342 1212 Mup - ok
14:16:57.0388 1212 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:16:57.0388 1212 mwlPSDFilter - ok
14:16:57.0404 1212 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:16:57.0404 1212 mwlPSDNServ - ok
14:16:57.0420 1212 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:16:57.0420 1212 mwlPSDVDisk - ok
14:16:57.0482 1212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:16:57.0482 1212 NativeWifiP - ok
14:16:57.0529 1212 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:16:57.0560 1212 NDIS - ok
14:16:57.0576 1212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:16:57.0576 1212 NdisCap - ok
14:16:57.0607 1212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:16:57.0607 1212 NdisTapi - ok
14:16:57.0638 1212 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:16:57.0638 1212 Ndisuio - ok
14:16:57.0669 1212 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:16:57.0685 1212 NdisWan - ok
14:16:57.0716 1212 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:16:57.0716 1212 NDProxy - ok
14:16:57.0747 1212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:16:57.0747 1212 NetBIOS - ok
14:16:57.0778 1212 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:16:57.0794 1212 NetBT - ok
14:16:57.0825 1212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:16:57.0841 1212 nfrd960 - ok
14:16:57.0872 1212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:16:57.0872 1212 Npfs - ok
14:16:57.0888 1212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:16:57.0903 1212 nsiproxy - ok
14:16:57.0950 1212 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:16:57.0997 1212 Ntfs - ok
14:16:58.0012 1212 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:16:58.0012 1212 Null - ok
14:16:58.0044 1212 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:16:58.0059 1212 nvraid - ok
14:16:58.0090 1212 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:16:58.0090 1212 nvstor - ok
14:16:58.0137 1212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:16:58.0137 1212 nv_agp - ok
14:16:58.0184 1212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:16:58.0184 1212 ohci1394 - ok
14:16:58.0231 1212 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:16:58.0231 1212 Parport - ok
14:16:58.0262 1212 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:16:58.0262 1212 partmgr - ok
14:16:58.0278 1212 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:16:58.0293 1212 pci - ok
14:16:58.0309 1212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:16:58.0309 1212 pciide - ok
14:16:58.0324 1212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:16:58.0324 1212 pcmcia - ok
14:16:58.0340 1212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:16:58.0340 1212 pcw - ok
14:16:58.0356 1212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:16:58.0371 1212 PEAUTH - ok
14:16:58.0480 1212 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
14:16:58.0512 1212 PID_PEPI - ok
14:16:58.0590 1212 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:16:58.0590 1212 PptpMiniport - ok
14:16:58.0605 1212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:16:58.0605 1212 Processor - ok
14:16:58.0652 1212 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:16:58.0652 1212 Psched - ok
14:16:58.0699 1212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:16:58.0730 1212 ql2300 - ok
14:16:58.0746 1212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:16:58.0746 1212 ql40xx - ok
14:16:58.0761 1212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:16:58.0761 1212 QWAVEdrv - ok
14:16:58.0761 1212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:16:58.0777 1212 RasAcd - ok
14:16:58.0792 1212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:16:58.0792 1212 RasAgileVpn - ok
14:16:58.0824 1212 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:16:58.0824 1212 Rasl2tp - ok
14:16:58.0855 1212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:16:58.0855 1212 RasPppoe - ok
14:16:58.0855 1212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:16:58.0870 1212 RasSstp - ok
14:16:58.0902 1212 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:16:58.0902 1212 rdbss - ok
14:16:58.0917 1212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:16:58.0917 1212 rdpbus - ok
14:16:58.0933 1212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:16:58.0933 1212 RDPCDD - ok
14:16:58.0964 1212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:16:58.0964 1212 RDPENCDD - ok
14:16:58.0980 1212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:16:58.0980 1212 RDPREFMP - ok
14:16:59.0011 1212 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:16:59.0011 1212 RDPWD - ok
14:16:59.0042 1212 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:16:59.0042 1212 rdyboost - ok
14:16:59.0104 1212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:16:59.0104 1212 rspndr - ok
14:16:59.0151 1212 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:16:59.0151 1212 RTL8167 - ok
14:16:59.0198 1212 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:16:59.0198 1212 sbp2port - ok
14:16:59.0229 1212 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:16:59.0229 1212 scfilter - ok
14:16:59.0276 1212 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
14:16:59.0276 1212 SCMNdisP - ok
14:16:59.0338 1212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:16:59.0338 1212 secdrv - ok
14:16:59.0385 1212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:16:59.0385 1212 Serenum - ok
14:16:59.0401 1212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:16:59.0416 1212 Serial - ok
14:16:59.0432 1212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:16:59.0432 1212 sermouse - ok
14:16:59.0479 1212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:16:59.0494 1212 sffdisk - ok
14:16:59.0510 1212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:16:59.0510 1212 sffp_mmc - ok
14:16:59.0526 1212 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:16:59.0526 1212 sffp_sd - ok
14:16:59.0526 1212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:16:59.0541 1212 sfloppy - ok
14:16:59.0541 1212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:16:59.0557 1212 SiSRaid2 - ok
14:16:59.0557 1212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:16:59.0557 1212 SiSRaid4 - ok
14:16:59.0572 1212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:16:59.0572 1212 Smb - ok
14:16:59.0604 1212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:16:59.0604 1212 spldr - ok
14:16:59.0635 1212 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:16:59.0650 1212 srv - ok
14:16:59.0682 1212 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:16:59.0682 1212 srv2 - ok
14:16:59.0697 1212 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:16:59.0697 1212 srvnet - ok
14:16:59.0744 1212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:16:59.0744 1212 stexstor - ok
14:16:59.0760 1212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:16:59.0775 1212 swenum - ok
14:16:59.0853 1212 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:16:59.0916 1212 Tcpip - ok
14:16:59.0978 1212 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:16:59.0994 1212 TCPIP6 - ok
14:17:00.0025 1212 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:17:00.0025 1212 tcpipreg - ok
14:17:00.0056 1212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:17:00.0056 1212 TDPIPE - ok
14:17:00.0056 1212 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:17:00.0056 1212 TDTCP - ok
14:17:00.0087 1212 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:17:00.0087 1212 tdx - ok
14:17:00.0118 1212 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:17:00.0118 1212 TermDD - ok
14:17:00.0165 1212 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:17:00.0165 1212 tssecsrv - ok
14:17:00.0212 1212 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:17:00.0212 1212 TsUsbFlt - ok
14:17:00.0274 1212 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:17:00.0274 1212 tunnel - ok
14:17:00.0290 1212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:17:00.0306 1212 uagp35 - ok
14:17:00.0337 1212 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:17:00.0337 1212 udfs - ok
14:17:00.0384 1212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:17:00.0384 1212 uliagpkx - ok
14:17:00.0415 1212 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:17:00.0415 1212 umbus - ok
14:17:00.0430 1212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:17:00.0446 1212 UmPass - ok
14:17:00.0477 1212 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:17:00.0477 1212 USBAAPL64 - ok
14:17:00.0493 1212 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:17:00.0493 1212 usbccgp - ok
14:17:00.0524 1212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:17:00.0524 1212 usbcir - ok
14:17:00.0540 1212 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:17:00.0540 1212 usbehci - ok
14:17:00.0555 1212 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:17:00.0571 1212 usbhub - ok
14:17:00.0571 1212 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:17:00.0571 1212 usbohci - ok
14:17:00.0618 1212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:17:00.0618 1212 usbprint - ok
14:17:00.0633 1212 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:17:00.0633 1212 usbscan - ok
14:17:00.0664 1212 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:17:00.0664 1212 USBSTOR - ok
14:17:00.0680 1212 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:17:00.0680 1212 usbuhci - ok
14:17:00.0696 1212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:17:00.0696 1212 vdrvroot - ok
14:17:00.0742 1212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:17:00.0742 1212 vga - ok
14:17:00.0774 1212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:17:00.0774 1212 VgaSave - ok
14:17:00.0789 1212 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:17:00.0789 1212 vhdmp - ok
14:17:00.0805 1212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:17:00.0805 1212 viaide - ok
14:17:00.0820 1212 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:17:00.0820 1212 volmgr - ok
14:17:00.0852 1212 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:17:00.0867 1212 volmgrx - ok
14:17:00.0883 1212 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:17:00.0883 1212 volsnap - ok
14:17:00.0930 1212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:17:00.0945 1212 vsmraid - ok
14:17:00.0976 1212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:17:00.0976 1212 vwifibus - ok
14:17:01.0008 1212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:17:01.0008 1212 vwififlt - ok
14:17:01.0039 1212 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:17:01.0039 1212 vwifimp - ok
14:17:01.0054 1212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:17:01.0070 1212 WacomPen - ok
14:17:01.0086 1212 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:17:01.0101 1212 WANARP - ok
14:17:01.0117 1212 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:17:01.0117 1212 Wanarpv6 - ok
14:17:01.0148 1212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:17:01.0148 1212 Wd - ok
14:17:01.0179 1212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:17:01.0195 1212 Wdf01000 - ok
14:17:01.0226 1212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:17:01.0226 1212 WfpLwf - ok
14:17:01.0242 1212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:17:01.0242 1212 WIMMount - ok
14:17:01.0288 1212 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:17:01.0288 1212 WinUsb - ok
14:17:01.0320 1212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:17:01.0320 1212 WmiAcpi - ok
14:17:01.0366 1212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:17:01.0366 1212 ws2ifsl - ok
14:17:01.0398 1212 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:17:01.0398 1212 WudfPf - ok
14:17:01.0429 1212 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:17:01.0429 1212 WUDFRd - ok
14:17:01.0460 1212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:17:01.0507 1212 \Device\Harddisk0\DR0 - ok
14:17:01.0522 1212 Boot (0x1200) (772bd059a2456e5e6aaded5ff8861fb8) \Device\Harddisk0\DR0\Partition0
14:17:01.0522 1212 \Device\Harddisk0\DR0\Partition0 - ok
14:17:01.0538 1212 Boot (0x1200) (6a333f39bb86de8a0bb867841a821416) \Device\Harddisk0\DR0\Partition1
14:17:01.0538 1212 \Device\Harddisk0\DR0\Partition1 - ok
14:17:01.0538 1212 ============================================================
14:17:01.0538 1212 Scan finished
14:17:01.0538 1212 ============================================================
14:17:01.0554 5100 Detected object count: 0
14:17:01.0554 5100 Actual detected object count: 0

#5 gimmeanswers

gimmeanswers
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 04 March 2012 - 05:06 PM

here's the esetonline scan log - 9 threats removed

C:\$Recycle.Bin\S-1-5-21-922330646-386067651-2020588429-1000\$R12PYN2.exe Win32/Adware.1ClickDownload application deleted - quarantined
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\6uwpxjbs.default\extensions\{e02a74a2-ef0a-41e7-8d75-112061a2a7e4}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\6uwpxjbs.default\extensions\{e02a74a2-ef0a-41e7-8d75-112061a2a7e4}\chrome\xulcache.jar JS/Agent.NDB trojan cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\Local\Temp\ICReinstall\cnet_inSSIDer-Installer-2_0_7_0126_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-10eefa8c multiple threats deleted - quarantined
C:\Users\Jennifer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-5c1efd1e a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\anz0pbn9.default\extensions\{e02a74a2-ef0a-41e7-8d75-112061a2a7e4}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\anz0pbn9.default\extensions\{e02a74a2-ef0a-41e7-8d75-112061a2a7e4}\chrome\xulcache.jar JS/Agent.NDB trojan cleaned by deleting - quarantined
C:\Users\Jennifer\Documents\John W\cnet_inSSIDer-Installer-2_0_7_0126_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:23 PM

Posted 04 March 2012 - 05:40 PM

Hello if there are still issues do these next


Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

><><><><><><><><><
Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

Edited by boopme, 04 March 2012 - 05:46 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users