System Check Virus ... Can't System Restore even in Safe Mode

Maddielee · February 23, 2012, 01:12:50 PM

Help. I am pretty much computer illiterate. Luckily, I was refered to this site from The Gardenweb Computer Site. Hopefully, I can find some guidance here.

Yesterday morning we woke up to a System Check Virus. All Programs and Icons seem to be gone. When rebooting, the screen quickly fills with MANY System Check windows.

When opening in Safe Mode to try a System Restore to an earlier date, the System Restore window opens but the machine doesn't Restore.

We have;

Dell
Windows XP
Home Edition
Version 2002
Service Pack 3
MacAfee

Any help would be appreciated. Thank you.

Maddielee

Corrine · February 23, 2012, 03:19:37 PM

Hi, Maddielee. Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. With this infection it is extremely important that you do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

(Topic at GW: http://ths.gardenweb.com/forums/load/comphelp/msg0215444018262.html?4)

If you have questions regarding any of the instructions or problems running any tools, please let us know.

1. Please restart the computer in Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.)

2. Please download rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

Double-click rkill to run.
A command window will open then disappear upon completion, this is normal.
Please leave rkill on the Desktop until otherwise advised.
Do NOT restart your computer after running rkill as the malware program(s) will start again.

Note: If you you receive security warnings about rkill, please ignore and allow the download to continue.

3. Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

4. Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware
Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, be sure Quick scan is selected, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

5. There are infections that will hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop: Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.

This program will remove the +H, or hidden, attribute from all the files on your hard drives. It is important to note that if there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

6. Download DDS.scr by sUBs from one of the following links and save it to your desktop.
Link 1
Link 2

Double-Click dds.scr and a command window will appear. This is normal
Shortly after two logs will appear, DDS.txt & Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

5. Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Requested logs:

TDSSKiller
Malwarebytes
Both DDS.txt and Attach.txt
checkup.txt

Note: Due to the number of logs requested, it will be necessary to post your logs in more than one reply. Check after posting to see that the log(s) were not cut off by the forum software.

Maddielee · February 23, 2012, 04:04:47 PM

Thanks, I got as far as clicking on the CURE in TDSSKiller. I get a

Windows -No Disk message
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

With options to Cancel Try Again or Continue

I did Try Again, get the same Windows box.

Maddielee · February 23, 2012, 04:34:16 PM

for some reason, the Try Again finally worked???

log:

10:57:18.0593 3960   TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
10:57:19.0796 3960   ============================================================
10:57:19.0796 3960   Current date / time: 2012/02/23 10:57:19.0796
10:57:19.0796 3960   SystemInfo:
10:57:19.0796 3960
10:57:19.0796 3960   OS Version: 5.1.2600 ServicePack: 3.0
10:57:19.0796 3960   Product type: Workstation
10:57:19.0796 3960   ComputerName: CATHY
10:57:19.0796 3960   UserName: Administrator
10:57:19.0796 3960   Windows directory: C:\WINDOWS
10:57:19.0796 3960   System windows directory: C:\WINDOWS
10:57:19.0796 3960   Processor architecture: Intel x86
10:57:19.0796 3960   Number of processors: 2
10:57:19.0796 3960   Page size: 0x1000
10:57:19.0796 3960   Boot type: Safe boot with network
10:57:19.0796 3960   ============================================================
10:57:21.0671 3960   Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:57:21.0671 3960   \Device\Harddisk0\DR0:
10:57:21.0671 3960   MBR used
10:57:21.0671 3960   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x4406358
10:57:22.0046 3960   Initialize success
10:57:22.0046 3960   ============================================================
10:57:27.0703 4092   ============================================================
10:57:27.0703 4092   Scan started
10:57:27.0703 4092   Mode: Manual;
10:57:27.0703 4092   ============================================================
10:57:28.0921 4092   Abiosdsk - ok
10:57:29.0000 4092   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:57:29.0000 4092   abp480n5 - ok
10:57:29.0125 4092   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:57:29.0125 4092   ACPI - ok
10:57:29.0218 4092   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:57:29.0218 4092   ACPIEC - ok
10:57:29.0343 4092   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:57:29.0359 4092   adpu160m - ok
10:57:29.0500 4092   aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
10:57:29.0500 4092   aeaudio - ok
10:57:29.0671 4092   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:57:29.0671 4092   aec - ok
10:57:29.0765 4092   AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:57:29.0765 4092   AFD - ok
10:57:29.0859 4092   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:57:29.0859 4092   agp440 - ok
10:57:30.0000 4092   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:57:30.0000 4092   agpCPQ - ok
10:57:30.0046 4092   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:57:30.0046 4092   Aha154x - ok
10:57:30.0171 4092   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:57:30.0171 4092   aic78u2 - ok
10:57:30.0265 4092   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:57:30.0265 4092   aic78xx - ok
10:57:30.0421 4092   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:57:30.0421 4092   AliIde - ok
10:57:30.0515 4092   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:57:30.0515 4092   alim1541 - ok
10:57:30.0687 4092   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:57:30.0687 4092   amdagp - ok
10:57:30.0750 4092   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:57:30.0750 4092   amsint - ok
10:57:30.0921 4092   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:57:30.0921 4092   asc - ok
10:57:30.0984 4092   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:57:31.0000 4092   asc3350p - ok
10:57:31.0109 4092   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:57:31.0109 4092   asc3550 - ok
10:57:31.0234 4092   ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
10:57:31.0234 4092   ASCTRM - ok
10:57:31.0390 4092   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:57:31.0390 4092   AsyncMac - ok
10:57:31.0500 4092   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:57:31.0500 4092   atapi - ok
10:57:31.0640 4092   Atdisk - ok
10:57:31.0734 4092   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:57:31.0750 4092   Atmarpc - ok
10:57:31.0875 4092   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:57:31.0875 4092   audstub - ok
10:57:31.0953 4092   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:57:31.0968 4092   Beep - ok
10:57:32.0093 4092   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:57:32.0093 4092   cbidf - ok
10:57:32.0171 4092   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:57:32.0171 4092   cbidf2k - ok
10:57:32.0296 4092   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:57:32.0296 4092   cd20xrnt - ok
10:57:32.0437 4092   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:57:32.0437 4092   Cdaudio - ok
10:57:32.0500 4092   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:57:32.0500 4092   Cdfs - ok
10:57:32.0640 4092   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:57:32.0640 4092   Cdrom - ok
10:57:32.0734 4092   cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys
10:57:32.0734 4092   cfwids - ok
10:57:32.0812 4092   Changer - ok
10:57:32.0953 4092   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:57:32.0953 4092   CmdIde - ok
10:57:33.0109 4092   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:57:33.0109 4092   Cpqarray - ok
10:57:33.0203 4092   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:57:33.0203 4092   dac2w2k - ok
10:57:33.0328 4092   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:57:33.0328 4092   dac960nt - ok
10:57:33.0437 4092   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:57:33.0437 4092   Disk - ok
10:57:33.0593 4092   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:57:33.0625 4092   dmboot - ok
10:57:33.0750 4092   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:57:33.0765 4092   dmio - ok
10:57:33.0828 4092   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:57:33.0828 4092   dmload - ok
10:57:33.0984 4092   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:57:33.0984 4092   DMusic - ok
10:57:34.0078 4092   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:57:34.0078 4092   dpti2o - ok
10:57:34.0218 4092   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:57:34.0218 4092   drmkaud - ok
10:57:34.0312 4092   drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:57:34.0312 4092   drvmcdb - ok
10:57:34.0421 4092   drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
10:57:34.0421 4092   drvnddm - ok
10:57:34.0609 4092   DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:57:34.0609 4092   DSproct - ok
10:57:34.0703 4092   dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
10:57:34.0703 4092   dsunidrv - ok
10:57:34.0843 4092   E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:57:34.0843 4092   E100B - ok
10:57:35.0000 4092   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:57:35.0000 4092   Fastfat - ok
10:57:35.0093 4092   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:57:35.0093 4092   Fdc - ok
10:57:35.0234 4092   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:57:35.0250 4092   Fips - ok
10:57:35.0328 4092   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:57:35.0343 4092   Flpydisk - ok
10:57:35.0421 4092   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:57:35.0437 4092   FltMgr - ok
10:57:35.0562 4092   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:57:35.0562 4092   Fs_Rec - ok
10:57:35.0765 4092   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:57:35.0765 4092   Ftdisk - ok
10:57:35.0843 4092   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:57:35.0859 4092   GEARAspiWDM - ok
10:57:35.0953 4092   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:57:35.0953 4092   Gpc - ok
10:57:36.0125 4092   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:57:36.0125 4092   HidUsb - ok
10:57:36.0203 4092   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:57:36.0203 4092   hpn - ok
10:57:36.0328 4092   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:57:36.0359 4092   HTTP - ok
10:57:36.0500 4092   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:57:36.0500 4092   i2omgmt - ok
10:57:36.0656 4092   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:57:36.0656 4092   i2omp - ok
10:57:36.0734 4092   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:57:36.0734 4092   i8042prt - ok
10:57:36.0859 4092   ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:57:36.0890 4092   ialm - ok
10:57:37.0062 4092   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:57:37.0062 4092   Imapi - ok
10:57:37.0187 4092   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:57:37.0187 4092   ini910u - ok
10:57:37.0296 4092   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:57:37.0296 4092   IntelIde - ok
10:57:37.0390 4092   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:57:37.0390 4092   intelppm - ok
10:57:37.0500 4092   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:57:37.0500 4092   Ip6Fw - ok
10:57:37.0625 4092   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:57:37.0640 4092   IpFilterDriver - ok
10:57:37.0781 4092   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:57:37.0781 4092   IpInIp - ok
10:57:37.0859 4092   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:57:37.0859 4092   IpNat - ok
10:57:38.0000 4092   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:57:38.0000 4092   IPSec - ok
10:57:38.0093 4092   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:57:38.0093 4092   IRENUM - ok
10:57:38.0203 4092   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:57:38.0218 4092   isapnp - ok
10:57:38.0296 4092   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:57:38.0312 4092   Kbdclass - ok
10:57:38.0406 4092   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:57:38.0421 4092   kmixer - ok
10:57:38.0515 4092   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:57:38.0515 4092   KSecDD - ok
10:57:38.0640 4092   L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
10:57:38.0640 4092   L8042pr2 - ok
10:57:38.0718 4092   lbrtfdc - ok
10:57:38.0875 4092   LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
10:57:38.0875 4092   LMouFlt2 - ok
10:57:39.0140 4092   mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys
10:57:39.0156 4092   mfeapfk - ok
10:57:39.0234 4092   mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys
10:57:39.0250 4092   mfeavfk - ok
10:57:39.0375 4092   mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys
10:57:39.0375 4092   mfebopk - ok
10:57:39.0500 4092   mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys
10:57:39.0500 4092   mfefirek - ok
10:57:39.0625 4092   mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys
10:57:39.0656 4092   mfehidk - ok
10:57:39.0781 4092   mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
10:57:39.0781 4092   mfendisk - ok
10:57:39.0796 4092   mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
10:57:39.0796 4092   mfendiskmp - ok
10:57:39.0875 4092   mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys
10:57:39.0890 4092   mferkdet - ok
10:57:39.0984 4092   mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
10:57:39.0984 4092   mferkdk - ok
10:57:40.0093 4092   mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
10:57:40.0093 4092   mfesmfk - ok
10:57:40.0171 4092   mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys
10:57:40.0171 4092   mfetdi2k - ok
10:57:40.0296 4092   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:57:40.0296 4092   mnmdd - ok
10:57:40.0390 4092   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:57:40.0390 4092   Modem - ok
10:57:40.0515 4092   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:57:40.0515 4092   Mouclass - ok
10:57:40.0640 4092   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:57:40.0656 4092   MountMgr - ok
10:57:40.0765 4092   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:57:40.0765 4092   mraid35x - ok
10:57:40.0859 4092   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:57:40.0875 4092   MRxDAV - ok
10:57:41.0000 4092   MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:57:41.0015 4092   MRxSmb - ok
10:57:41.0156 4092   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:57:41.0156 4092   Msfs - ok
10:57:41.0281 4092   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:57:41.0281 4092   MSKSSRV - ok
10:57:41.0390 4092   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:57:41.0390 4092   MSPCLOCK - ok
10:57:41.0484 4092   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:57:41.0484 4092   MSPQM - ok
10:57:41.0671 4092   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:57:41.0671 4092   mssmbios - ok
10:57:41.0750 4092   Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:57:41.0750 4092   Mup - ok
10:57:41.0906 4092   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:57:41.0906 4092   NDIS - ok
10:57:41.0984 4092   ndisrd (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
10:57:41.0984 4092   ndisrd - ok
10:57:42.0093 4092   NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:57:42.0093 4092   NdisTapi - ok
10:57:42.0171 4092   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:57:42.0171 4092   Ndisuio - ok
10:57:42.0250 4092   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:57:42.0265 4092   NdisWan - ok
10:57:42.0343 4092   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:57:42.0343 4092   NDProxy - ok
10:57:42.0453 4092   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:57:42.0453 4092   NetBIOS - ok
10:57:42.0562 4092   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:57:42.0562 4092   NetBT - ok
10:57:42.0765 4092   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:57:42.0781 4092   Npfs - ok
10:57:42.0875 4092   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:57:42.0906 4092   Ntfs - ok
10:57:43.0046 4092   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:57:43.0046 4092   Null - ok
10:57:43.0171 4092   nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:57:43.0234 4092   nv - ok
10:57:43.0359 4092   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:57:43.0359 4092   NwlnkFlt - ok
10:57:43.0453 4092   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:57:43.0453 4092   NwlnkFwd - ok
10:57:43.0640 4092   omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
10:57:43.0640 4092   omci - ok
10:57:43.0734 4092   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:57:43.0734 4092   Parport - ok
10:57:43.0843 4092   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:57:43.0843 4092   PartMgr - ok
10:57:43.0937 4092   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:57:43.0937 4092   ParVdm - ok
10:57:44.0046 4092   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:57:44.0046 4092   PCI - ok
10:57:44.0093 4092   PCIDump - ok
10:57:44.0218 4092   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:57:44.0234 4092   PCIIde - ok
10:57:44.0359 4092   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:57:44.0359 4092   Pcmcia - ok
10:57:44.0437 4092   PDCOMP - ok
10:57:44.0546 4092   PDFRAME - ok
10:57:44.0656 4092   PDRELI - ok
10:57:44.0703 4092   PDRFRAME - ok
10:57:44.0796 4092   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:57:44.0812 4092   perc2 - ok
10:57:44.0937 4092   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:57:44.0937 4092   perc2hib - ok
10:57:45.0140 4092   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:57:45.0140 4092   PptpMiniport - ok
10:57:45.0187 4092   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:57:45.0203 4092   PSched - ok
10:57:45.0312 4092   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:57:45.0312 4092   Ptilink - ok
10:57:45.0375 4092   PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:57:45.0375 4092   PxHelp20 - ok
10:57:45.0500 4092   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:57:45.0500 4092   ql1080 - ok
10:57:45.0703 4092   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:57:45.0703 4092   Ql10wnt - ok
10:57:45.0765 4092   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:57:45.0781 4092   ql12160 - ok
10:57:45.0921 4092   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:57:45.0921 4092   ql1240 - ok
10:57:45.0984 4092   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:57:45.0984 4092   ql1280 - ok
10:57:46.0078 4092   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:57:46.0078 4092   RasAcd - ok
10:57:46.0187 4092   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:57:46.0187 4092   Rasl2tp - ok
10:57:46.0296 4092   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:57:46.0312 4092   RasPppoe - ok
10:57:46.0390 4092   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:57:46.0390 4092   Raspti - ok
10:57:46.0500 4092   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:57:46.0500 4092   Rdbss - ok
10:57:46.0562 4092   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:57:46.0578 4092   RDPCDD - ok
10:57:46.0687 4092   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:57:46.0703 4092   rdpdr - ok
10:57:46.0796 4092   RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:57:46.0812 4092   RDPWD - ok
10:57:46.0937 4092   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:57:46.0937 4092   redbook - ok
10:57:47.0171 4092   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:57:47.0171 4092   Secdrv - ok
10:57:47.0265 4092   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:57:47.0265 4092   serenum - ok
10:57:47.0421 4092   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:57:47.0421 4092   Serial - ok
10:57:47.0593 4092   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:57:47.0593 4092   Sfloppy - ok
10:57:47.0671 4092   Simbad - ok
10:57:47.0765 4092   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:57:47.0765 4092   sisagp - ok
10:57:47.0937 4092   smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
10:57:47.0953 4092   smwdm - ok
10:57:48.0078 4092   SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:57:48.0078 4092   SONYPVU1 - ok
10:57:48.0156 4092   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:57:48.0156 4092   Sparrow - ok
10:57:48.0281 4092   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:57:48.0281 4092   splitter - ok
10:57:48.0359 4092   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:57:48.0359 4092   sr - ok
10:57:48.0500 4092   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:57:48.0515 4092   Srv - ok
10:57:48.0640 4092   sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
10:57:48.0640 4092   sscdbhk5 - ok
10:57:48.0718 4092   ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
10:57:48.0718 4092   ssrtln - ok
10:57:48.0859 4092   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:57:48.0859 4092   swenum - ok
10:57:48.0906 4092   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:57:48.0906 4092   swmidi - ok
10:57:49.0078 4092   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:57:49.0078 4092   symc810 - ok
10:57:49.0125 4092   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:57:49.0125 4092   symc8xx - ok
10:57:49.0250 4092   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:57:49.0265 4092   sym_hi - ok
10:57:49.0328 4092   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:57:49.0328 4092   sym_u3 - ok
10:57:49.0421 4092   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:57:49.0437 4092   sysaudio - ok
10:57:49.0546 4092   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:57:49.0562 4092   Tcpip - ok
10:57:49.0703 4092   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:57:49.0718 4092   TDPIPE - ok
10:57:49.0765 4092   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:57:49.0781 4092   TDTCP - ok
10:57:49.0921 4092   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:57:49.0921 4092   TermDD - ok
10:57:49.0984 4092   tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
10:57:49.0984 4092   tfsnboio - ok
10:57:50.0093 4092   tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
10:57:50.0093 4092   tfsncofs - ok
10:57:50.0156 4092   tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
10:57:50.0156 4092   tfsndrct - ok
10:57:50.0234 4092   tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
10:57:50.0234 4092   tfsndres - ok
10:57:50.0312 4092   tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
10:57:50.0312 4092   tfsnifs - ok
10:57:50.0390 4092   tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
10:57:50.0390 4092   tfsnopio - ok
10:57:50.0468 4092   tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
10:57:50.0468 4092   tfsnpool - ok
10:57:50.0546 4092   tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
10:57:50.0562 4092   tfsnudf - ok
10:57:50.0625 4092   tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
10:57:50.0625 4092   tfsnudfa - ok
10:57:50.0750 4092   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:57:50.0750 4092   TosIde - ok
10:57:50.0875 4092   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:57:50.0875 4092   Udfs - ok
10:57:50.0984 4092   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:57:50.0984 4092   ultra - ok
10:57:51.0078 4092   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:57:51.0109 4092   Update - ok
10:57:51.0281 4092   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:57:51.0281 4092   USBAAPL - ok
10:57:51.0375 4092   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:57:51.0375 4092   usbccgp - ok
10:57:51.0500 4092   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:57:51.0500 4092   usbehci - ok
10:57:51.0593 4092   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:57:51.0593 4092   usbhub - ok
10:57:51.0687 4092   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:57:51.0687 4092   usbprint - ok
10:57:51.0734 4092   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:57:51.0734 4092   usbscan - ok
10:57:51.0859 4092   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:57:51.0859 4092   USBSTOR - ok
10:57:51.0984 4092   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:57:51.0984 4092   usbuhci - ok
10:57:52.0031 4092   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:57:52.0031 4092   VgaSave - ok
10:57:52.0125 4092   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:57:52.0125 4092   viaagp - ok
10:57:52.0234 4092   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:57:52.0234 4092   ViaIde - ok
10:57:52.0328 4092   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:57:52.0328 4092   VolSnap - ok
10:57:52.0468 4092   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:57:52.0468 4092   Wanarp - ok
10:57:52.0546 4092   wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
10:57:52.0546 4092   wanatw - ok
10:57:52.0640 4092   WDICA - ok
10:57:52.0734 4092   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:57:52.0734 4092   wdmaud - ok
10:57:53.0046 4092   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:57:53.0046 4092   WudfPf - ok
10:57:53.0125 4092   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:57:53.0125 4092   WudfRd - ok
10:57:53.0203 4092   MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
10:57:53.0234 4092   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
10:57:53.0234 4092   \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
10:57:53.0265 4092   Boot (0x1200) (9d71c6d16701d347ef680ac0761ab9cf) \Device\Harddisk0\DR0\Partition0
10:57:53.0265 4092   \Device\Harddisk0\DR0\Partition0 - ok
10:57:53.0265 4092   ============================================================
10:57:53.0265 4092   Scan finished
10:57:53.0265 4092   ============================================================
10:57:53.0328 4084   Detected object count: 1
10:57:53.0328 4084   Actual detected object count: 1
10:58:23.0734 4084   \Device\Harddisk0\DR0\# - copied to quarantine
10:58:23.0734 4084   \Device\Harddisk0\DR0 - copied to quarantine
10:58:23.0765 4084   \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:58:23.0796 4084   \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
10:58:23.0796 4084   \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
10:58:23.0796 4084   \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
10:58:23.0812 4084   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
10:58:23.0812 4084   \Device\Harddisk0\DR0 - ok
11:27:19.0062 4084   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
11:28:24.0703 3956   Deinitialize success

Maddielee · February 23, 2012, 04:47:53 PM

I try to download Malwarebytes' Anti-Malware and was taken to 'Bleeping Computer' site. Do I pay them the $25.00 for the Download?

winchester73 · February 23, 2012, 06:10:29 PM

No, that fee is for the Pro version. Click on the green Download Now button, not the Buy Now one.

Maddielee · February 23, 2012, 06:20:08 PM

Sorry for being so stupid, but I click on the Free Download and am taken to Bleeping Computer....where the only option I see is to buy it???

I don't mind paying for something that will work, but I don't know if Bleeping Computer is a scam or not?

MikeW · February 23, 2012, 06:42:06 PM

Maddielee

Try this link

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Maddielee · February 23, 2012, 06:52:57 PM

Thanks.

But during the Install, a pop-up came up saying "Access Denied". When I clicked on 'OK", it told me to correct the problem (or something like that).

winchester73 · February 23, 2012, 07:00:48 PM

Hmmmm, that link doesn't take me to Bleeping Computer ...

Please try this link then ... http://www.malwarebytes.org/products/malwarebytes_free

Did your computer reboot after you ran TDSSKiller?

Maddielee · February 23, 2012, 07:09:33 PM

http://www.malwarebytes.org/products/malwarebytes_free

also took me to Bleeping Computer.

And the one (http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1) MikeW posted took me to "Registry Booster" . But I think I downloaded the correct program.

Maddielee · February 23, 2012, 07:10:55 PM

and Yes I rebooted after running tdsskiller.

Maddielee · February 23, 2012, 07:14:03 PM

what I meant to write was that those links take me to what looks like the Malwarebytes site, but when I clicked on the Download Now button, I redirected to Bleeping Computer and Registry Booster sites.

Corrine · February 23, 2012, 07:32:25 PM

Hi, Maddielee.

What you are seeing are advertisements, not downloads for Registry Booster. The free version of MBAM is redirected to several random download sites. (By hosting the download at those sites, vendors receive a small fee per download from those sites, which helps support providing the free version of their software.)

This direct link from FileForum should work: http://fileforum.betanews.com/download/Malwarebytes-AntiMalware/1186760019/1

Maddielee · February 23, 2012, 07:38:47 PM

I get a Acess Denied box (Setup) during the Malaware bytes Install.