Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake adobe flash player installer and redirect virus


  • This topic is locked This topic is locked
67 replies to this topic

#1 Kyle88

Kyle88

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 26 March 2012 - 06:48 AM

Hello I am new to the forums, so I apologise if I leave out any important info you may need to help me. Please bear with me.

One night ago I started getting this fake adobe flash player installer pop up on my PC. I know its fake because it is persistent (every 10 minutes it pops up), it doesn't look right, and it wants to install a version I already have. I tried going online to look up help, but web results with Google get redirected to seemingly random and odd websites. I am posting this topic via my netbook which is clean.

On my PC I can go to bookmark links and exact addresses typed in the address bar, but all web results i click on are redirected. I also get random browser tabs opening up to random websites. I use Firefox btw.

I went into safe mode and ran malwarebytes (free version). It detected 7 rootkits and promted me to restart in order to remove them, but the same rootkits keep getting detected with every malwarebytes scan. It can't seem to remove them or keep them removed. Microsoft security essentials didn't seem to properly work in safe mode (its real time protection was turned off). In normal mode it seems to be fighting the virus but not getting rid of it. For example, it keeps detecting the same "trojan" and removing it, but it doesn't stay removed. The fake adobe pop ups still happen and so do the google redirects. However, my computer functions fine other than that. I can still play my games and run applications, but my apps and games do get windowed every time the fake adobe pop-ups happen.

Any help with this will be greatly appreciated.

Note: Malwarebytes is working and up to date. MSE is working and up to date. I have hijackthis available for use.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 26 March 2012 - 01:24 PM

Hello, we need to see a couple of things.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>>


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your Anti-Malwareoperating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 Kyle88

Kyle88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 27 March 2012 - 02:09 AM

Hello, Thank you for your swift response.

I am on a router, but none of the other computers were experiencing any problems. No pop-ups and no redirecting.

I use Firefox as my browser.

I did all three steps in the order you presented. TDSSKiller DID need to reboot after it found some threats. Malwarebytes found no threats after the quick scan. No more fake adobe pop-ups are happening, and my browser is no longer redirecting. The virus seems to be gone. Thank you very much for your help. If you think it's still worth checking the logs, I pasted them below in the order of: Minitoolbox then TDSSKiller then Malwarebytes.

MiniToolBox log below:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Kyle (administrator) on 26-03-2012 at 22:03:07
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Linksys Wireless-G PCI Adapter = Wireless Network Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : kyle-66db7ee3fe

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : sd.cox.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : sd.cox.net

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-24-1D-22-D4-7D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 204.194.232.200

204.194.234.200

68.105.28.12

Lease Obtained. . . . . . . . . . : Monday, March 26, 2012 9:56:39 PM

Lease Expires . . . . . . . . . . : Tuesday, March 27, 2012 9:56:39 PM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Linksys Wireless-G PCI Adapter

Physical Address. . . . . . . . . : 00-16-B6-A1-08-85



Pinging google.com [74.125.239.8] with 32 bytes of data:



Reply from 74.125.239.8: bytes=32 time=31ms TTL=56

Reply from 74.125.239.8: bytes=32 time=36ms TTL=56



Ping statistics for 74.125.239.8:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 36ms, Average = 33ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=71ms TTL=54

Reply from 209.191.122.70: bytes=32 time=68ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 68ms, Maximum = 71ms, Average = 69ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time=-10ms TTL=128

Reply from 127.0.0.1: bytes=32 time=-10ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = -10ms, Maximum = -10ms, Average = 2147483638ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 24 1d 22 d4 7d ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
0x20002 ...00 16 b6 a1 08 85 ...... Linksys Wireless-G PCI Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
255.255.255.255 255.255.255.255 192.168.1.102 20002 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/26/2012 07:30:41 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/26/2012 07:25:40 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/26/2012 05:48:55 PM) (Source: MsiInstaller) (User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.

Error: (03/26/2012 05:47:14 PM) (Source: MsiInstaller) (User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.

Error: (03/26/2012 05:47:09 PM) (Source: Application Error) (User: )
Description: Faulting application virtualfem.exe, version 3.0.0.7, faulting module msvbvm60.dll, version 6.0.98.2, fault address 0x00063f5a.
Processing media-specific event for [virtualfem.exe!ws!]

Error: (03/26/2012 05:46:07 PM) (Source: MsiInstaller) (User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.

Error: (03/26/2012 05:45:41 PM) (Source: MsiInstaller) (User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.

Error: (03/26/2012 05:45:29 PM) (Source: MsiInstaller) (User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.

Error: (03/26/2012 05:45:17 PM) (Source: MsiInstaller) (User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.

Error: (03/26/2012 05:45:06 PM) (Source: MsiInstaller) (User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.


System errors:
=============
Error: (03/26/2012 04:18:07 PM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (03/26/2012 04:17:57 PM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (03/25/2012 07:22:49 PM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (03/25/2012 07:21:14 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (03/25/2012 07:21:08 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/25/2012 07:21:08 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/25/2012 07:20:10 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/25/2012 05:10:53 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.329.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/25/2012 05:10:53 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/25/2012 05:10:53 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Microsoft Office Sessions:
=========================
Error: (03/26/2012 07:30:41 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (03/26/2012 07:25:40 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (03/26/2012 05:48:55 PM) (Source: MsiInstaller)(User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (03/26/2012 05:47:14 PM) (Source: MsiInstaller)(User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (03/26/2012 05:47:09 PM) (Source: Application Error)(User: )
Description: virtualfem.exe3.0.0.7msvbvm60.dll6.0.98.200063f5a

Error: (03/26/2012 05:46:07 PM) (Source: MsiInstaller)(User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (03/26/2012 05:45:41 PM) (Source: MsiInstaller)(User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (03/26/2012 05:45:29 PM) (Source: MsiInstaller)(User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (03/26/2012 05:45:17 PM) (Source: MsiInstaller)(User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (03/26/2012 05:45:06 PM) (Source: MsiInstaller)(User: Kyle)Kyle
Description: Product: VirtualFem -- Error 1706. No valid source could be found for product VirtualFem. The Windows installer cannot continue.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Reader X (10.1.2) (Version: 10.1.2)
AIM 7
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Astrophysics Art
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
Bonjour (Version: 3.0.0.10)
Download Updater (AOL LLC)
Epson CreativeZone
Epson Easy Photo Print 2 (Version: 2.2.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
EPSON NX420 Series Printer Uninstall
EPSON Scan
ESPNMotion (Version: 2.1.6.0011)
GemMaster Mystic
GIMP 2.6.11 (Version: 2.6.11)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Linksys Wireless-G PCI Adapter
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OpenOffice.org 3.3 (Version: 3.3.9567)
Otto
QuickTime (Version: 7.71.80.42)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6449)
Skype™ 5.5 (Version: 5.5.124)
Star Wars: The Old Republic (Version: 1.00)
thriXXX 3DSexVilla2-123.001
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VirtualFem (Version: 2.0.0.0)
VLC media player 1.1.11 (Version: 1.1.11)
WD SmartWare (Version: 1.2.0.20)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 3326.42 MB
Available physical RAM: 2450.58 MB
Total Pagefile: 5210.59 MB
Available Pagefile: 4463.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.68 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:186.3 GB) (Free:60.98 GB) NTFS

========================= Users: ========================================

User accounts for \\KYLE-66DB7EE3FE

Administrator ASPNET Guest
HelpAssistant Kyle SUPPORT_388945a0
UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

TDSSKiller log:
22:09:27.0734 0664 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:09:28.0343 0664 ============================================================
22:09:28.0343 0664 Current date / time: 2012/03/26 22:09:28.0343
22:09:28.0343 0664 SystemInfo:
22:09:28.0343 0664
22:09:28.0343 0664 OS Version: 5.1.2600 ServicePack: 3.0
22:09:28.0343 0664 Product type: Workstation
22:09:28.0343 0664 ComputerName: KYLE-66DB7EE3FE
22:09:28.0343 0664 UserName: Kyle
22:09:28.0343 0664 Windows directory: C:\WINDOWS
22:09:28.0343 0664 System windows directory: C:\WINDOWS
22:09:28.0343 0664 Processor architecture: Intel x86
22:09:28.0343 0664 Number of processors: 2
22:09:28.0343 0664 Page size: 0x1000
22:09:28.0343 0664 Boot type: Normal boot
22:09:28.0343 0664 ============================================================
22:09:31.0593 0664 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:09:31.0765 0664 \Device\Harddisk0\DR0:
22:09:31.0921 0664 MBR used
22:09:31.0921 0664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
22:09:32.0531 0664 Initialize success
22:09:32.0531 0664 ============================================================
22:11:27.0578 3008 ============================================================
22:11:27.0578 3008 Scan started
22:11:27.0578 3008 Mode: Manual; TDLFS;
22:11:27.0578 3008 ============================================================
22:11:29.0781 3008 Abiosdsk - ok
22:11:29.0812 3008 abp480n5 - ok
22:11:29.0875 3008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:11:29.0875 3008 ACPI - ok
22:11:29.0906 3008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:11:29.0906 3008 ACPIEC - ok
22:11:29.0953 3008 adpu160m - ok
22:11:30.0000 3008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:11:30.0000 3008 aec - ok
22:11:30.0062 3008 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:11:30.0062 3008 AegisP - ok
22:11:30.0125 3008 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:11:30.0125 3008 AFD - ok
22:11:30.0140 3008 Aha154x - ok
22:11:30.0156 3008 aic78u2 - ok
22:11:30.0171 3008 aic78xx - ok
22:11:30.0218 3008 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:11:30.0218 3008 Alerter - ok
22:11:30.0250 3008 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:11:30.0250 3008 ALG - ok
22:11:30.0281 3008 AliIde - ok
22:11:30.0390 3008 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:11:30.0437 3008 Ambfilt - ok
22:11:30.0531 3008 amsint - ok
22:11:30.0640 3008 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:11:30.0640 3008 Apple Mobile Device - ok
22:11:30.0750 3008 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:11:30.0750 3008 AppMgmt - ok
22:11:30.0890 3008 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:11:30.0906 3008 Arp1394 - ok
22:11:30.0906 3008 asc - ok
22:11:30.0937 3008 asc3350p - ok
22:11:30.0953 3008 asc3550 - ok
22:11:31.0078 3008 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:11:31.0109 3008 aspnet_state - ok
22:11:31.0203 3008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:11:31.0203 3008 AsyncMac - ok
22:11:31.0296 3008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:11:31.0296 3008 atapi - ok
22:11:31.0312 3008 Atdisk - ok
22:11:31.0390 3008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:11:31.0390 3008 Atmarpc - ok
22:11:31.0500 3008 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:11:31.0500 3008 AudioSrv - ok
22:11:31.0546 3008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:11:31.0546 3008 audstub - ok
22:11:31.0593 3008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:11:31.0593 3008 Beep - ok
22:11:31.0656 3008 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:11:31.0703 3008 BITS - ok
22:11:31.0828 3008 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:11:31.0828 3008 Bonjour Service - ok
22:11:31.0968 3008 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:11:31.0968 3008 Browser - ok
22:11:32.0046 3008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:11:32.0046 3008 cbidf2k - ok
22:11:32.0062 3008 cd20xrnt - ok
22:11:32.0109 3008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:11:32.0109 3008 Cdaudio - ok
22:11:32.0156 3008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:11:32.0156 3008 Cdfs - ok
22:11:32.0187 3008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:11:32.0187 3008 Cdrom - ok
22:11:32.0203 3008 Changer - ok
22:11:32.0234 3008 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:11:32.0250 3008 CiSvc - ok
22:11:32.0343 3008 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:11:32.0343 3008 ClipSrv - ok
22:11:32.0453 3008 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:32.0500 3008 clr_optimization_v2.0.50727_32 - ok
22:11:32.0546 3008 CmdIde - ok
22:11:32.0578 3008 COMSysApp - ok
22:11:32.0593 3008 Cpqarray - ok
22:11:32.0671 3008 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:11:32.0671 3008 CryptSvc - ok
22:11:32.0734 3008 dac2w2k - ok
22:11:32.0765 3008 dac960nt - ok
22:11:32.0859 3008 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:11:32.0875 3008 DcomLaunch - ok
22:11:33.0062 3008 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:11:33.0062 3008 Dhcp - ok
22:11:33.0156 3008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:11:33.0156 3008 Disk - ok
22:11:33.0171 3008 dmadmin - ok
22:11:33.0328 3008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:11:33.0421 3008 dmboot - ok
22:11:33.0546 3008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:11:33.0562 3008 dmio - ok
22:11:33.0609 3008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:11:33.0609 3008 dmload - ok
22:11:33.0656 3008 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:11:33.0671 3008 dmserver - ok
22:11:33.0734 3008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:11:33.0734 3008 DMusic - ok
22:11:33.0781 3008 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:11:33.0781 3008 Dnscache - ok
22:11:33.0828 3008 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:11:33.0828 3008 Dot3svc - ok
22:11:33.0859 3008 dpti2o - ok
22:11:33.0906 3008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:11:33.0906 3008 drmkaud - ok
22:11:34.0015 3008 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:11:34.0015 3008 EapHost - ok
22:11:34.0093 3008 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
22:11:34.0093 3008 ehRecvr - ok
22:11:34.0140 3008 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
22:11:34.0140 3008 ehSched - ok
22:11:34.0250 3008 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:11:34.0250 3008 ERSvc - ok
22:11:34.0390 3008 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:11:34.0390 3008 Eventlog - ok
22:11:34.0453 3008 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:11:34.0468 3008 EventSystem - ok
22:11:34.0593 3008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:11:34.0593 3008 Fastfat - ok
22:11:34.0656 3008 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:11:34.0656 3008 FastUserSwitchingCompatibility - ok
22:11:34.0703 3008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:11:34.0703 3008 Fdc - ok
22:11:34.0718 3008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:11:34.0718 3008 Fips - ok
22:11:34.0750 3008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:11:34.0750 3008 Flpydisk - ok
22:11:34.0796 3008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:11:34.0796 3008 FltMgr - ok
22:11:34.0890 3008 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:11:34.0890 3008 FontCache3.0.0.0 - ok
22:11:34.0984 3008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:11:34.0984 3008 Fs_Rec - ok
22:11:35.0046 3008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:11:35.0046 3008 Ftdisk - ok
22:11:35.0093 3008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:11:35.0093 3008 GEARAspiWDM - ok
22:11:35.0156 3008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:11:35.0156 3008 Gpc - ok
22:11:35.0218 3008 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
22:11:35.0218 3008 GTNDIS5 - ok
22:11:35.0296 3008 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:11:35.0312 3008 HDAudBus - ok
22:11:35.0390 3008 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:11:35.0390 3008 helpsvc - ok
22:11:35.0453 3008 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:11:35.0468 3008 HidServ - ok
22:11:35.0531 3008 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:11:35.0531 3008 HidUsb - ok
22:11:35.0578 3008 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:11:35.0578 3008 hkmsvc - ok
22:11:35.0609 3008 hpn - ok
22:11:35.0656 3008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:11:35.0671 3008 HTTP - ok
22:11:35.0765 3008 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:11:35.0781 3008 HTTPFilter - ok
22:11:35.0812 3008 i2omgmt - ok
22:11:35.0828 3008 i2omp - ok
22:11:35.0859 3008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:11:35.0859 3008 i8042prt - ok
22:11:36.0031 3008 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:11:36.0046 3008 idsvc - ok
22:11:36.0187 3008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:11:36.0187 3008 Imapi - ok
22:11:36.0265 3008 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:11:36.0265 3008 ImapiService - ok
22:11:36.0468 3008 ini910u - ok
22:11:36.0718 3008 IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:11:36.0890 3008 IntcAzAudAddService - ok
22:11:37.0000 3008 IntelIde - ok
22:11:37.0062 3008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:11:37.0062 3008 Ip6Fw - ok
22:11:37.0140 3008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:11:37.0140 3008 IpFilterDriver - ok
22:11:37.0203 3008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:11:37.0203 3008 IpInIp - ok
22:11:37.0296 3008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:11:37.0296 3008 IpNat - ok
22:11:37.0406 3008 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
22:11:37.0437 3008 iPod Service - ok
22:11:37.0718 3008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:11:37.0718 3008 IPSec - ok
22:11:38.0046 3008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:11:38.0046 3008 IRENUM - ok
22:11:38.0171 3008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:11:38.0171 3008 isapnp - ok
22:11:38.0296 3008 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
22:11:38.0296 3008 JavaQuickStarterService - ok
22:11:38.0406 3008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:11:38.0406 3008 Kbdclass - ok
22:11:38.0453 3008 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:11:38.0453 3008 kbdhid - ok
22:11:38.0531 3008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:11:38.0546 3008 kmixer - ok
22:11:38.0656 3008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:11:38.0656 3008 KSecDD - ok
22:11:38.0765 3008 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:11:38.0781 3008 lanmanserver - ok
22:11:38.0890 3008 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:11:38.0890 3008 lanmanworkstation - ok
22:11:39.0000 3008 lbrtfdc - ok
22:11:39.0062 3008 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:11:39.0062 3008 LmHosts - ok
22:11:39.0140 3008 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
22:11:39.0156 3008 McrdSvc - ok
22:11:39.0234 3008 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:11:39.0234 3008 Messenger - ok
22:11:39.0343 3008 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
22:11:39.0343 3008 MHN - ok
22:11:39.0453 3008 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:11:39.0468 3008 MHNDRV - ok
22:11:39.0609 3008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:11:39.0609 3008 mnmdd - ok
22:11:39.0703 3008 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:11:39.0703 3008 mnmsrvc - ok
22:11:40.0109 3008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:11:40.0109 3008 Modem - ok
22:11:40.0281 3008 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:11:40.0312 3008 Monfilt - ok
22:11:40.0453 3008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:11:40.0453 3008 Mouclass - ok
22:11:40.0546 3008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:11:40.0546 3008 mouhid - ok
22:11:40.0671 3008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:11:40.0687 3008 MountMgr - ok
22:11:40.0984 3008 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:11:40.0984 3008 MpFilter - ok
22:11:41.0125 3008 MpKsl7cbf4daa (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D4FF10B-FDE5-4146-86A4-952492DBA4D9}\MpKsl7cbf4daa.sys
22:11:41.0125 3008 MpKsl7cbf4daa - ok
22:11:41.0234 3008 mraid35x - ok
22:11:41.0296 3008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:11:41.0296 3008 MRxDAV - ok
22:11:41.0437 3008 MRxSmb (dbf9d1b1d07bd1359e35d9eddffe8897) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:11:41.0453 3008 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: dbf9d1b1d07bd1359e35d9eddffe8897, Fake md5: a1e63554dffb4fedce8e3d3d6e1b152d
22:11:41.0468 3008 MRxSmb ( Virus.Win32.ZAccess.k ) - infected
22:11:41.0468 3008 MRxSmb - detected Virus.Win32.ZAccess.k (0)
22:11:41.0562 3008 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:11:41.0562 3008 MSDTC - ok
22:11:41.0703 3008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:11:41.0703 3008 Msfs - ok
22:11:41.0953 3008 MSIServer - ok
22:11:42.0125 3008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:11:42.0125 3008 MSKSSRV - ok
22:11:42.0234 3008 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
22:11:42.0234 3008 MsMpSvc - ok
22:11:42.0375 3008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:11:42.0375 3008 MSPCLOCK - ok
22:11:42.0421 3008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:11:42.0437 3008 MSPQM - ok
22:11:42.0500 3008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:11:42.0500 3008 mssmbios - ok
22:11:42.0562 3008 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:11:42.0562 3008 Mup - ok
22:11:42.0703 3008 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:11:42.0734 3008 napagent - ok
22:11:43.0015 3008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:11:43.0015 3008 NDIS - ok
22:11:43.0234 3008 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:11:43.0234 3008 NdisTapi - ok
22:11:43.0343 3008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:11:43.0343 3008 Ndisuio - ok
22:11:43.0421 3008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:11:43.0421 3008 NdisWan - ok
22:11:43.0484 3008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:11:43.0484 3008 NDProxy - ok
22:11:43.0500 3008 NecUsb3 - ok
22:11:43.0562 3008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:11:43.0562 3008 NetBIOS - ok
22:11:43.0625 3008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:11:43.0625 3008 NetBT - ok
22:11:43.0687 3008 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:11:43.0703 3008 NetDDE - ok
22:11:43.0843 3008 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:11:43.0859 3008 NetDDEdsdm - ok
22:11:44.0234 3008 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:11:44.0234 3008 Netlogon - ok
22:11:44.0343 3008 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:11:44.0359 3008 Netman - ok
22:11:44.0515 3008 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:44.0515 3008 NetTcpPortSharing - ok
22:11:44.0625 3008 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:11:44.0625 3008 NIC1394 - ok
22:11:44.0703 3008 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:11:44.0703 3008 Nla - ok
22:11:45.0015 3008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:11:45.0015 3008 Npfs - ok
22:11:45.0125 3008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:11:45.0140 3008 Ntfs - ok
22:11:45.0250 3008 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:11:45.0250 3008 NtLmSsp - ok
22:11:45.0328 3008 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:11:45.0343 3008 NtmsSvc - ok
22:11:45.0468 3008 NTSIM (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\system32\irmon.dll
22:11:45.0484 3008 NTSIM - ok
22:11:45.0562 3008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:11:45.0562 3008 Null - ok
22:11:45.0968 3008 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:11:46.0328 3008 nv - ok
22:11:46.0468 3008 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
22:11:46.0468 3008 NVSvc - ok
22:11:46.0671 3008 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:11:46.0984 3008 nvUpdatusService - ok
22:11:47.0406 3008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:11:47.0406 3008 NwlnkFlt - ok
22:11:48.0093 3008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:11:48.0093 3008 NwlnkFwd - ok
22:11:48.0593 3008 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:11:48.0593 3008 ohci1394 - ok
22:11:48.0750 3008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:11:48.0750 3008 Parport - ok
22:11:49.0000 3008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:11:49.0000 3008 PartMgr - ok
22:11:49.0109 3008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:11:49.0109 3008 ParVdm - ok
22:11:49.0171 3008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:11:49.0171 3008 PCI - ok
22:11:49.0203 3008 PCIDump - ok
22:11:49.0250 3008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:11:49.0250 3008 PCIIde - ok
22:11:49.0343 3008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:11:49.0343 3008 Pcmcia - ok
22:11:49.0437 3008 PDCOMP - ok
22:11:49.0468 3008 PDFRAME - ok
22:11:49.0500 3008 PDRELI - ok
22:11:49.0515 3008 PDRFRAME - ok
22:11:49.0546 3008 perc2 - ok
22:11:49.0578 3008 perc2hib - ok
22:11:49.0656 3008 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:11:49.0656 3008 PlugPlay - ok
22:11:50.0000 3008 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:11:50.0000 3008 PolicyAgent - ok
22:11:50.0156 3008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:11:50.0156 3008 PptpMiniport - ok
22:11:50.0250 3008 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:11:50.0250 3008 Processor - ok
22:11:50.0296 3008 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:11:50.0312 3008 ProtectedStorage - ok
22:11:50.0375 3008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:11:50.0375 3008 PSched - ok
22:11:50.0453 3008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:11:50.0453 3008 Ptilink - ok
22:11:50.0531 3008 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:11:50.0531 3008 PxHelp20 - ok
22:11:50.0562 3008 ql1080 - ok
22:11:50.0593 3008 Ql10wnt - ok
22:11:50.0625 3008 ql12160 - ok
22:11:50.0671 3008 ql1240 - ok
22:11:51.0093 3008 ql1280 - ok
22:11:51.0234 3008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:11:51.0234 3008 RasAcd - ok
22:11:51.0406 3008 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:11:51.0484 3008 RasAuto - ok
22:11:51.0625 3008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:11:51.0625 3008 Rasl2tp - ok
22:11:51.0781 3008 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:11:51.0781 3008 RasMan - ok
22:11:52.0031 3008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:11:52.0031 3008 RasPppoe - ok
22:11:52.0062 3008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:11:52.0062 3008 Raspti - ok
22:11:52.0140 3008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:11:52.0140 3008 Rdbss - ok
22:11:52.0250 3008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:11:52.0250 3008 RDPCDD - ok
22:11:52.0328 3008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:11:52.0328 3008 rdpdr - ok
22:11:52.0437 3008 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:11:52.0437 3008 RDPWD - ok
22:11:52.0578 3008 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:11:52.0578 3008 RDSessMgr - ok
22:11:52.0718 3008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:11:52.0718 3008 redbook - ok
22:11:52.0812 3008 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:11:52.0812 3008 RemoteAccess - ok
22:11:52.0921 3008 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:11:52.0921 3008 RemoteRegistry - ok
22:11:53.0062 3008 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:11:53.0062 3008 RpcLocator - ok
22:11:53.0234 3008 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:11:53.0234 3008 RpcSs - ok
22:11:53.0375 3008 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:11:53.0375 3008 RSVP - ok
22:11:53.0468 3008 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
22:11:53.0468 3008 RT61 - ok
22:11:53.0593 3008 RTLE8023xp (71439e5bf872a91db450641be445f51c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:11:53.0609 3008 RTLE8023xp - ok
22:11:53.0718 3008 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:11:53.0718 3008 SamSs - ok
22:11:53.0828 3008 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:11:53.0828 3008 SCardSvr - ok
22:11:54.0015 3008 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:11:54.0031 3008 Schedule - ok
22:11:54.0156 3008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:11:54.0156 3008 Secdrv - ok
22:11:54.0203 3008 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:11:54.0328 3008 seclogon - ok
22:11:54.0640 3008 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:11:54.0687 3008 SENS - ok
22:11:55.0140 3008 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:11:55.0140 3008 serenum - ok
22:11:55.0281 3008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:11:55.0281 3008 Serial - ok
22:11:55.0312 3008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:11:55.0312 3008 Sfloppy - ok
22:11:55.0390 3008 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:11:55.0406 3008 SharedAccess - ok
22:11:55.0468 3008 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:11:55.0468 3008 ShellHWDetection - ok
22:11:55.0484 3008 Simbad - ok
22:11:55.0500 3008 Sparrow - ok
22:11:55.0546 3008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:11:55.0546 3008 splitter - ok
22:11:55.0593 3008 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:11:55.0593 3008 Spooler - ok
22:11:55.0656 3008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:11:55.0656 3008 sr - ok
22:11:55.0765 3008 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:11:55.0859 3008 srservice - ok
22:11:56.0000 3008 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:11:56.0000 3008 Srv - ok
22:11:56.0109 3008 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:11:56.0109 3008 SSDPSRV - ok
22:11:56.0187 3008 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:11:56.0203 3008 stisvc - ok
22:11:56.0296 3008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:11:56.0296 3008 swenum - ok
22:11:56.0390 3008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:11:56.0390 3008 swmidi - ok
22:11:56.0406 3008 SwPrv - ok
22:11:56.0437 3008 symc810 - ok
22:11:56.0468 3008 symc8xx - ok
22:11:56.0484 3008 sym_hi - ok
22:11:56.0500 3008 sym_u3 - ok
22:11:56.0562 3008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:11:56.0562 3008 sysaudio - ok
22:11:56.0625 3008 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:11:56.0625 3008 SysmonLog - ok
22:11:56.0687 3008 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:11:56.0718 3008 TapiSrv - ok
22:11:56.0875 3008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:11:56.0875 3008 Tcpip - ok
22:11:56.0984 3008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:11:56.0984 3008 TDPIPE - ok
22:11:57.0046 3008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:11:57.0046 3008 TDTCP - ok
22:11:57.0125 3008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:11:57.0125 3008 TermDD - ok
22:11:57.0203 3008 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:11:57.0218 3008 TermService - ok
22:11:57.0328 3008 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:11:57.0328 3008 Themes - ok
22:11:57.0421 3008 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:11:57.0421 3008 TlntSvr - ok
22:11:57.0515 3008 TosIde - ok
22:11:57.0562 3008 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:11:57.0562 3008 TrkWks - ok
22:11:57.0625 3008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:11:57.0625 3008 Udfs - ok
22:11:57.0625 3008 ultra - ok
22:11:57.0703 3008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:11:57.0859 3008 Update - ok
22:11:57.0968 3008 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:11:57.0984 3008 upnphost - ok
22:11:58.0093 3008 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:11:58.0093 3008 UPS - ok
22:11:58.0171 3008 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:11:58.0171 3008 USBAAPL - ok
22:11:58.0265 3008 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:11:58.0281 3008 usbccgp - ok
22:11:58.0312 3008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:11:58.0312 3008 usbehci - ok
22:11:58.0375 3008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:11:58.0375 3008 usbhub - ok
22:11:58.0437 3008 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:11:58.0437 3008 usbohci - ok
22:11:58.0484 3008 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:11:58.0484 3008 usbprint - ok
22:11:58.0531 3008 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:11:58.0531 3008 usbscan - ok
22:11:58.0593 3008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:11:58.0593 3008 USBSTOR - ok
22:11:58.0656 3008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:11:58.0656 3008 VgaSave - ok
22:11:58.0671 3008 ViaIde - ok
22:11:58.0750 3008 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:11:58.0750 3008 VolSnap - ok
22:11:58.0906 3008 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:11:59.0000 3008 VSS - ok
22:11:59.0156 3008 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:11:59.0156 3008 W32Time - ok
22:11:59.0218 3008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:11:59.0218 3008 Wanarp - ok
22:11:59.0312 3008 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:11:59.0312 3008 WDC_SAM - ok
22:11:59.0421 3008 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
22:11:59.0421 3008 WDDMService - ok
22:11:59.0500 3008 WDICA - ok
22:11:59.0562 3008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:11:59.0562 3008 wdmaud - ok
22:11:59.0671 3008 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
22:11:59.0687 3008 WDSmartWareBackgroundService - ok
22:11:59.0812 3008 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:11:59.0828 3008 WebClient - ok
22:11:59.0921 3008 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:11:59.0921 3008 winmgmt - ok
22:12:00.0031 3008 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
22:12:00.0046 3008 WmdmPmSN - ok
22:12:00.0125 3008 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:12:00.0140 3008 Wmi - ok
22:12:00.0281 3008 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:12:00.0281 3008 WmiAcpi - ok
22:12:00.0328 3008 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:12:00.0328 3008 WmiApSrv - ok
22:12:00.0453 3008 WMP54Gv4SVC (e8c30ef9bbc6ddb71f0f77fa3a96515f) C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
22:12:00.0453 3008 WMP54Gv4SVC - ok
22:12:00.0562 3008 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:12:00.0578 3008 WMPNetworkSvc - ok
22:12:00.0734 3008 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:12:00.0796 3008 wuauserv - ok
22:12:01.0078 3008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:12:01.0078 3008 WudfPf - ok
22:12:01.0203 3008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:12:01.0203 3008 WudfRd - ok
22:12:01.0312 3008 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:12:01.0328 3008 WudfSvc - ok
22:12:01.0468 3008 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:12:01.0484 3008 WZCSVC - ok
22:12:01.0625 3008 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:12:01.0640 3008 xmlprov - ok
22:12:01.0718 3008 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:12:01.0953 3008 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:12:01.0953 3008 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:12:01.0984 3008 Boot (0x1200) (ed52df560f8861415ab92c5f371e4db5) \Device\Harddisk0\DR0\Partition0
22:12:01.0984 3008 \Device\Harddisk0\DR0\Partition0 - ok
22:12:01.0984 3008 ============================================================
22:12:01.0984 3008 Scan finished
22:12:01.0984 3008 ============================================================
22:12:01.0984 3592 Detected object count: 2
22:12:01.0984 3592 Actual detected object count: 2
22:12:29.0703 3592 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
22:12:31.0156 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\@ - copied to quarantine
22:12:31.0156 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\cfg.ini - copied to quarantine
22:12:31.0187 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\Desktop.ini - copied to quarantine
22:12:31.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\L\bwyvradi - copied to quarantine
22:12:31.0515 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\oemid - copied to quarantine
22:12:31.0531 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\00000001.@ - copied to quarantine
22:12:31.0609 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\00000002.@ - copied to quarantine
22:12:31.0640 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\00000004.@ - copied to quarantine
22:12:31.0671 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\80000000.@ - copied to quarantine
22:12:31.0703 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\80000004.@ - copied to quarantine
22:12:31.0781 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\80000032.@ - copied to quarantine
22:12:31.0828 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\version - copied to quarantine
22:12:33.0578 3592 Backup copy found, using it..
22:12:33.0640 3592 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
22:12:42.0265 3592 C:\WINDOWS\$NtUninstallKB42316$\2659399333 - will be deleted on reboot
22:12:42.0265 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\@ - will be deleted on reboot
22:12:42.0265 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\cfg.ini - will be deleted on reboot
22:12:42.0265 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\Desktop.ini - will be deleted on reboot
22:12:42.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\oemid - will be deleted on reboot
22:12:42.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\00000001.@ - will be deleted on reboot
22:12:42.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\00000002.@ - will be deleted on reboot
22:12:42.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\00000004.@ - will be deleted on reboot
22:12:42.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\80000000.@ - will be deleted on reboot
22:12:42.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\80000004.@ - will be deleted on reboot
22:12:42.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\U\80000032.@ - will be deleted on reboot
22:12:42.0437 3592 C:\WINDOWS\$NtUninstallKB42316$\3706747324\version - will be deleted on reboot
22:12:42.0453 3592 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:12:42.0453 3592 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:12:42.0453 3592 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:13:07.0750 3584 Deinitialize success

MBAM log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kyle :: KYLE-66DB7EE3FE [administrator]

3/26/2012 10:28:10 PM
mbam-log-2012-03-26 (22-28-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214552
Time elapsed: 18 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 27 March 2012 - 01:55 PM

Ok, I;m not sure we are clear yet. Delete TDSS off the desktop and rub a new copy this way.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 Kyle88

Kyle88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 28 March 2012 - 12:47 AM

Okay, new copy of TDSSKiller did not need to reboot the computer, and the Fix it tool ran fine with no problems.

New TDSSKiller log:
22:25:23.0000 2620 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:25:23.0609 2620 ============================================================
22:25:23.0609 2620 Current date / time: 2012/03/27 22:25:23.0609
22:25:23.0609 2620 SystemInfo:
22:25:23.0609 2620
22:25:23.0609 2620 OS Version: 5.1.2600 ServicePack: 3.0
22:25:23.0609 2620 Product type: Workstation
22:25:23.0609 2620 ComputerName: KYLE-66DB7EE3FE
22:25:23.0609 2620 UserName: Kyle
22:25:23.0609 2620 Windows directory: C:\WINDOWS
22:25:23.0609 2620 System windows directory: C:\WINDOWS
22:25:23.0609 2620 Processor architecture: Intel x86
22:25:23.0609 2620 Number of processors: 2
22:25:23.0609 2620 Page size: 0x1000
22:25:23.0609 2620 Boot type: Normal boot
22:25:23.0609 2620 ============================================================
22:25:25.0531 2620 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:25:25.0531 2620 \Device\Harddisk0\DR0:
22:25:25.0531 2620 MBR used
22:25:25.0531 2620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
22:25:25.0578 2620 Initialize success
22:25:25.0578 2620 ============================================================
22:26:02.0453 3136 ============================================================
22:26:02.0453 3136 Scan started
22:26:02.0453 3136 Mode: Manual; TDLFS;
22:26:02.0453 3136 ============================================================
22:26:02.0750 3136 Abiosdsk - ok
22:26:02.0812 3136 abp480n5 - ok
22:26:02.0859 3136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:26:02.0875 3136 ACPI - ok
22:26:02.0921 3136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:26:02.0921 3136 ACPIEC - ok
22:26:02.0953 3136 adpu160m - ok
22:26:03.0046 3136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:26:03.0046 3136 aec - ok
22:26:03.0109 3136 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:26:03.0140 3136 AegisP - ok
22:26:03.0203 3136 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:26:03.0218 3136 AFD - ok
22:26:03.0234 3136 Aha154x - ok
22:26:03.0265 3136 aic78u2 - ok
22:26:03.0265 3136 aic78xx - ok
22:26:03.0312 3136 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:26:03.0312 3136 Alerter - ok
22:26:03.0343 3136 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:26:03.0343 3136 ALG - ok
22:26:03.0359 3136 AliIde - ok
22:26:03.0453 3136 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:26:03.0484 3136 Ambfilt - ok
22:26:03.0578 3136 amsint - ok
22:26:03.0687 3136 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:26:03.0687 3136 Apple Mobile Device - ok
22:26:03.0796 3136 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:26:03.0812 3136 AppMgmt - ok
22:26:03.0906 3136 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:26:03.0906 3136 Arp1394 - ok
22:26:03.0937 3136 asc - ok
22:26:03.0937 3136 asc3350p - ok
22:26:03.0953 3136 asc3550 - ok
22:26:04.0078 3136 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:26:04.0093 3136 aspnet_state - ok
22:26:04.0156 3136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:26:04.0156 3136 AsyncMac - ok
22:26:04.0218 3136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:26:04.0218 3136 atapi - ok
22:26:04.0234 3136 Atdisk - ok
22:26:04.0296 3136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:26:04.0296 3136 Atmarpc - ok
22:26:04.0421 3136 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:26:04.0421 3136 AudioSrv - ok
22:26:04.0468 3136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:26:04.0468 3136 audstub - ok
22:26:04.0500 3136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:26:04.0515 3136 Beep - ok
22:26:04.0578 3136 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:26:04.0578 3136 BITS - ok
22:26:04.0718 3136 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:26:04.0734 3136 Bonjour Service - ok
22:26:04.0875 3136 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:26:04.0875 3136 Browser - ok
22:26:04.0921 3136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:26:04.0921 3136 cbidf2k - ok
22:26:04.0921 3136 cd20xrnt - ok
22:26:04.0968 3136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:26:04.0968 3136 Cdaudio - ok
22:26:05.0015 3136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:26:05.0015 3136 Cdfs - ok
22:26:05.0031 3136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:26:05.0062 3136 Cdrom - ok
22:26:05.0062 3136 Changer - ok
22:26:05.0093 3136 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:26:05.0109 3136 CiSvc - ok
22:26:05.0125 3136 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:26:05.0125 3136 ClipSrv - ok
22:26:05.0234 3136 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:05.0265 3136 clr_optimization_v2.0.50727_32 - ok
22:26:05.0312 3136 CmdIde - ok
22:26:05.0328 3136 COMSysApp - ok
22:26:05.0343 3136 Cpqarray - ok
22:26:05.0406 3136 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:26:05.0406 3136 CryptSvc - ok
22:26:05.0421 3136 dac2w2k - ok
22:26:05.0437 3136 dac960nt - ok
22:26:05.0500 3136 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:26:05.0500 3136 DcomLaunch - ok
22:26:05.0609 3136 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:26:05.0625 3136 Dhcp - ok
22:26:05.0671 3136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:26:05.0671 3136 Disk - ok
22:26:05.0687 3136 dmadmin - ok
22:26:05.0765 3136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:26:05.0828 3136 dmboot - ok
22:26:05.0968 3136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:26:05.0968 3136 dmio - ok
22:26:06.0031 3136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:26:06.0031 3136 dmload - ok
22:26:06.0093 3136 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:26:06.0093 3136 dmserver - ok
22:26:06.0140 3136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:26:06.0140 3136 DMusic - ok
22:26:06.0203 3136 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:26:06.0218 3136 Dnscache - ok
22:26:06.0265 3136 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:26:06.0265 3136 Dot3svc - ok
22:26:06.0312 3136 dpti2o - ok
22:26:06.0343 3136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:26:06.0343 3136 drmkaud - ok
22:26:06.0453 3136 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:26:06.0453 3136 EapHost - ok
22:26:06.0531 3136 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
22:26:06.0578 3136 ehRecvr - ok
22:26:06.0625 3136 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
22:26:06.0656 3136 ehSched - ok
22:26:06.0765 3136 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:26:06.0765 3136 ERSvc - ok
22:26:06.0812 3136 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:26:06.0843 3136 Eventlog - ok
22:26:06.0906 3136 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:26:06.0906 3136 EventSystem - ok
22:26:06.0984 3136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:26:06.0984 3136 Fastfat - ok
22:26:07.0031 3136 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:26:07.0046 3136 FastUserSwitchingCompatibility - ok
22:26:07.0093 3136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:26:07.0093 3136 Fdc - ok
22:26:07.0109 3136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:26:07.0109 3136 Fips - ok
22:26:07.0125 3136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:26:07.0125 3136 Flpydisk - ok
22:26:07.0171 3136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:26:07.0187 3136 FltMgr - ok
22:26:07.0281 3136 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:26:07.0281 3136 FontCache3.0.0.0 - ok
22:26:07.0375 3136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:26:07.0375 3136 Fs_Rec - ok
22:26:07.0406 3136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:26:07.0406 3136 Ftdisk - ok
22:26:07.0468 3136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:26:07.0468 3136 GEARAspiWDM - ok
22:26:07.0531 3136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:26:07.0531 3136 Gpc - ok
22:26:07.0578 3136 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
22:26:07.0578 3136 GTNDIS5 - ok
22:26:07.0625 3136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:26:07.0625 3136 HDAudBus - ok
22:26:07.0687 3136 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:26:07.0687 3136 helpsvc - ok
22:26:07.0750 3136 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:26:07.0750 3136 HidServ - ok
22:26:07.0828 3136 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:26:07.0828 3136 HidUsb - ok
22:26:07.0875 3136 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:26:07.0875 3136 hkmsvc - ok
22:26:07.0906 3136 hpn - ok
22:26:07.0953 3136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:26:07.0984 3136 HTTP - ok
22:26:08.0093 3136 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:26:08.0093 3136 HTTPFilter - ok
22:26:08.0109 3136 i2omgmt - ok
22:26:08.0125 3136 i2omp - ok
22:26:08.0156 3136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:26:08.0171 3136 i8042prt - ok
22:26:08.0312 3136 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:26:08.0343 3136 idsvc - ok
22:26:08.0484 3136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:26:08.0484 3136 Imapi - ok
22:26:08.0546 3136 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:26:08.0546 3136 ImapiService - ok
22:26:08.0578 3136 ini910u - ok
22:26:08.0796 3136 IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:26:08.0828 3136 IntcAzAudAddService - ok
22:26:08.0906 3136 IntelIde - ok
22:26:08.0953 3136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:26:08.0953 3136 Ip6Fw - ok
22:26:09.0000 3136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:26:09.0015 3136 IpFilterDriver - ok
22:26:09.0062 3136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:26:09.0062 3136 IpInIp - ok
22:26:09.0125 3136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:26:09.0140 3136 IpNat - ok
22:26:09.0250 3136 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
22:26:09.0265 3136 iPod Service - ok
22:26:09.0421 3136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:26:09.0437 3136 IPSec - ok
22:26:09.0484 3136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:26:09.0484 3136 IRENUM - ok
22:26:09.0515 3136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:26:09.0515 3136 isapnp - ok
22:26:09.0625 3136 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
22:26:09.0625 3136 JavaQuickStarterService - ok
22:26:09.0734 3136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:26:09.0734 3136 Kbdclass - ok
22:26:09.0781 3136 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:26:09.0781 3136 kbdhid - ok
22:26:09.0843 3136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:26:09.0859 3136 kmixer - ok
22:26:09.0921 3136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:26:09.0953 3136 KSecDD - ok
22:26:10.0015 3136 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:26:10.0031 3136 lanmanserver - ok
22:26:10.0078 3136 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:26:10.0109 3136 lanmanworkstation - ok
22:26:10.0140 3136 lbrtfdc - ok
22:26:10.0187 3136 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:26:10.0187 3136 LmHosts - ok
22:26:10.0234 3136 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
22:26:10.0265 3136 McrdSvc - ok
22:26:10.0343 3136 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:26:10.0343 3136 Messenger - ok
22:26:10.0375 3136 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
22:26:10.0375 3136 MHN - ok
22:26:10.0437 3136 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:26:10.0437 3136 MHNDRV - ok
22:26:10.0546 3136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:26:10.0546 3136 mnmdd - ok
22:26:10.0578 3136 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:26:10.0578 3136 mnmsrvc - ok
22:26:10.0625 3136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:26:10.0640 3136 Modem - ok
22:26:10.0703 3136 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:26:10.0734 3136 Monfilt - ok
22:26:10.0875 3136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:26:10.0875 3136 Mouclass - ok
22:26:10.0921 3136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:26:10.0921 3136 mouhid - ok
22:26:10.0968 3136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:26:10.0968 3136 MountMgr - ok
22:26:11.0015 3136 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:26:11.0015 3136 MpFilter - ok
22:26:11.0093 3136 MpKsl4fa5432e (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{874D5D7D-7C34-46BE-AF30-C99E569EA7DE}\MpKsl4fa5432e.sys
22:26:11.0093 3136 MpKsl4fa5432e - ok
22:26:11.0171 3136 mraid35x - ok
22:26:11.0234 3136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:26:11.0234 3136 MRxDAV - ok
22:26:11.0703 3136 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:26:11.0734 3136 MRxSmb - ok
22:26:11.0859 3136 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:26:11.0859 3136 MSDTC - ok
22:26:11.0921 3136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:26:11.0921 3136 Msfs - ok
22:26:11.0937 3136 MSIServer - ok
22:26:11.0968 3136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:26:11.0968 3136 MSKSSRV - ok
22:26:12.0078 3136 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
22:26:12.0078 3136 MsMpSvc - ok
22:26:12.0171 3136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:26:12.0171 3136 MSPCLOCK - ok
22:26:12.0234 3136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:26:12.0234 3136 MSPQM - ok
22:26:12.0296 3136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:26:12.0296 3136 mssmbios - ok
22:26:12.0343 3136 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:26:12.0375 3136 Mup - ok
22:26:12.0421 3136 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:26:12.0437 3136 napagent - ok
22:26:12.0500 3136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:26:12.0515 3136 NDIS - ok
22:26:12.0609 3136 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:26:12.0625 3136 NdisTapi - ok
22:26:12.0671 3136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:26:12.0671 3136 Ndisuio - ok
22:26:12.0703 3136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:26:12.0703 3136 NdisWan - ok
22:26:12.0750 3136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:26:12.0765 3136 NDProxy - ok
22:26:12.0781 3136 NecUsb3 - ok
22:26:12.0828 3136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:26:12.0828 3136 NetBIOS - ok
22:26:12.0843 3136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:26:12.0875 3136 NetBT - ok
22:26:13.0000 3136 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:26:13.0000 3136 NetDDE - ok
22:26:13.0000 3136 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:26:13.0000 3136 NetDDEdsdm - ok
22:26:13.0140 3136 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:26:13.0140 3136 Netlogon - ok
22:26:13.0187 3136 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:26:13.0187 3136 Netman - ok
22:26:13.0328 3136 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:13.0328 3136 NetTcpPortSharing - ok
22:26:13.0437 3136 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:26:13.0437 3136 NIC1394 - ok
22:26:13.0500 3136 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:26:13.0500 3136 Nla - ok
22:26:13.0546 3136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:26:13.0546 3136 Npfs - ok
22:26:13.0578 3136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:26:13.0593 3136 Ntfs - ok
22:26:13.0687 3136 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:26:13.0687 3136 NtLmSsp - ok
22:26:13.0796 3136 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:26:13.0812 3136 NtmsSvc - ok
22:26:13.0937 3136 NTSIM (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\system32\irmon.dll
22:26:13.0953 3136 NTSIM - ok
22:26:14.0000 3136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:26:14.0000 3136 Null - ok
22:26:14.0437 3136 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:26:15.0812 3136 nv - ok
22:26:15.0968 3136 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
22:26:15.0968 3136 NVSvc - ok
22:26:16.0156 3136 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:26:16.0218 3136 nvUpdatusService - ok
22:26:16.0359 3136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:26:16.0359 3136 NwlnkFlt - ok
22:26:16.0375 3136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:26:16.0375 3136 NwlnkFwd - ok
22:26:16.0437 3136 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:26:16.0437 3136 ohci1394 - ok
22:26:16.0484 3136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:26:16.0484 3136 Parport - ok
22:26:16.0531 3136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:26:16.0531 3136 PartMgr - ok
22:26:16.0625 3136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:26:16.0625 3136 ParVdm - ok
22:26:16.0703 3136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:26:16.0703 3136 PCI - ok
22:26:16.0718 3136 PCIDump - ok
22:26:16.0781 3136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:26:16.0781 3136 PCIIde - ok
22:26:16.0859 3136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:26:16.0859 3136 Pcmcia - ok
22:26:16.0937 3136 PDCOMP - ok
22:26:16.0953 3136 PDFRAME - ok
22:26:17.0015 3136 PDRELI - ok
22:26:17.0031 3136 PDRFRAME - ok
22:26:17.0046 3136 perc2 - ok
22:26:17.0062 3136 perc2hib - ok
22:26:17.0125 3136 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:26:17.0125 3136 PlugPlay - ok
22:26:17.0140 3136 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:26:17.0140 3136 PolicyAgent - ok
22:26:17.0203 3136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:26:17.0218 3136 PptpMiniport - ok
22:26:17.0234 3136 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:26:17.0234 3136 Processor - ok
22:26:17.0265 3136 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:26:17.0265 3136 ProtectedStorage - ok
22:26:17.0328 3136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:26:17.0328 3136 PSched - ok
22:26:17.0359 3136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:26:17.0359 3136 Ptilink - ok
22:26:17.0390 3136 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:26:17.0406 3136 PxHelp20 - ok
22:26:17.0421 3136 ql1080 - ok
22:26:17.0421 3136 Ql10wnt - ok
22:26:17.0437 3136 ql12160 - ok
22:26:17.0453 3136 ql1240 - ok
22:26:17.0453 3136 ql1280 - ok
22:26:17.0515 3136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:26:17.0515 3136 RasAcd - ok
22:26:17.0562 3136 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:26:17.0562 3136 RasAuto - ok
22:26:17.0671 3136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:26:17.0687 3136 Rasl2tp - ok
22:26:17.0734 3136 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:26:17.0750 3136 RasMan - ok
22:26:17.0875 3136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:26:17.0875 3136 RasPppoe - ok
22:26:17.0906 3136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:26:17.0921 3136 Raspti - ok
22:26:18.0000 3136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:26:18.0031 3136 Rdbss - ok
22:26:18.0109 3136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:26:18.0109 3136 RDPCDD - ok
22:26:18.0171 3136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:26:18.0171 3136 rdpdr - ok
22:26:18.0234 3136 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:26:18.0250 3136 RDPWD - ok
22:26:18.0312 3136 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:26:18.0328 3136 RDSessMgr - ok
22:26:18.0453 3136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:26:18.0484 3136 redbook - ok
22:26:18.0531 3136 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:26:18.0531 3136 RemoteAccess - ok
22:26:18.0593 3136 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:26:18.0593 3136 RemoteRegistry - ok
22:26:18.0640 3136 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:26:18.0656 3136 RpcLocator - ok
22:26:18.0781 3136 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:26:18.0781 3136 RpcSs - ok
22:26:18.0890 3136 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:26:18.0890 3136 RSVP - ok
22:26:18.0968 3136 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
22:26:18.0984 3136 RT61 - ok
22:26:19.0140 3136 RTLE8023xp (71439e5bf872a91db450641be445f51c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:26:19.0140 3136 RTLE8023xp - ok
22:26:19.0203 3136 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:26:19.0203 3136 SamSs - ok
22:26:19.0250 3136 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:26:19.0250 3136 SCardSvr - ok
22:26:19.0359 3136 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:26:19.0359 3136 Schedule - ok
22:26:19.0421 3136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:26:19.0421 3136 Secdrv - ok
22:26:19.0453 3136 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:26:19.0453 3136 seclogon - ok
22:26:19.0500 3136 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:26:19.0500 3136 SENS - ok
22:26:19.0578 3136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:26:19.0578 3136 serenum - ok
22:26:19.0593 3136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:26:19.0625 3136 Serial - ok
22:26:19.0656 3136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:26:19.0656 3136 Sfloppy - ok
22:26:19.0718 3136 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:26:19.0718 3136 SharedAccess - ok
22:26:19.0812 3136 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:26:19.0812 3136 ShellHWDetection - ok
22:26:19.0828 3136 Simbad - ok
22:26:19.0843 3136 Sparrow - ok
22:26:19.0890 3136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:26:19.0890 3136 splitter - ok
22:26:19.0953 3136 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:26:19.0968 3136 Spooler - ok
22:26:20.0031 3136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:26:20.0031 3136 sr - ok
22:26:20.0093 3136 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:26:20.0093 3136 srservice - ok
22:26:20.0187 3136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:26:20.0218 3136 Srv - ok
22:26:20.0296 3136 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:26:20.0296 3136 SSDPSRV - ok
22:26:20.0359 3136 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:26:20.0359 3136 stisvc - ok
22:26:20.0421 3136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:26:20.0421 3136 swenum - ok
22:26:20.0468 3136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:26:20.0468 3136 swmidi - ok
22:26:20.0484 3136 SwPrv - ok
22:26:20.0500 3136 symc810 - ok
22:26:20.0500 3136 symc8xx - ok
22:26:20.0515 3136 sym_hi - ok
22:26:20.0531 3136 sym_u3 - ok
22:26:20.0546 3136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:26:20.0546 3136 sysaudio - ok
22:26:20.0593 3136 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:26:20.0593 3136 SysmonLog - ok
22:26:20.0656 3136 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:26:20.0671 3136 TapiSrv - ok
22:26:20.0750 3136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:26:20.0781 3136 Tcpip - ok
22:26:20.0906 3136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:26:20.0906 3136 TDPIPE - ok
22:26:20.0953 3136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:26:20.0953 3136 TDTCP - ok
22:26:20.0984 3136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:26:20.0984 3136 TermDD - ok
22:26:21.0015 3136 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:26:21.0031 3136 TermService - ok
22:26:21.0093 3136 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:26:21.0093 3136 Themes - ok
22:26:21.0140 3136 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:26:21.0140 3136 TlntSvr - ok
22:26:21.0218 3136 TosIde - ok
22:26:21.0250 3136 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:26:21.0250 3136 TrkWks - ok
22:26:21.0484 3136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:26:21.0484 3136 Udfs - ok
22:26:21.0734 3136 ultra - ok
22:26:21.0890 3136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:26:21.0890 3136 Update - ok
22:26:21.0953 3136 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:26:21.0968 3136 upnphost - ok
22:26:22.0015 3136 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:26:22.0015 3136 UPS - ok
22:26:22.0046 3136 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:26:22.0078 3136 USBAAPL - ok
22:26:22.0109 3136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:26:22.0125 3136 usbccgp - ok
22:26:22.0156 3136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:26:22.0156 3136 usbehci - ok
22:26:22.0203 3136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:26:22.0203 3136 usbhub - ok
22:26:22.0218 3136 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:26:22.0218 3136 usbohci - ok
22:26:22.0265 3136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:26:22.0296 3136 usbprint - ok
22:26:22.0343 3136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:26:22.0343 3136 usbscan - ok
22:26:22.0390 3136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:26:22.0390 3136 USBSTOR - ok
22:26:22.0437 3136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:26:22.0437 3136 VgaSave - ok
22:26:22.0453 3136 ViaIde - ok
22:26:22.0468 3136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:26:22.0468 3136 VolSnap - ok
22:26:22.0515 3136 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:26:22.0531 3136 VSS - ok
22:26:22.0656 3136 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:26:22.0671 3136 W32Time - ok
22:26:22.0718 3136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:26:22.0718 3136 Wanarp - ok
22:26:22.0859 3136 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:26:22.0890 3136 WDC_SAM - ok
22:26:23.0000 3136 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
22:26:23.0015 3136 WDDMService - ok
22:26:23.0109 3136 WDICA - ok
22:26:23.0203 3136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:26:23.0203 3136 wdmaud - ok
22:26:23.0328 3136 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
22:26:23.0343 3136 WDSmartWareBackgroundService - ok
22:26:23.0453 3136 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:26:23.0453 3136 WebClient - ok
22:26:23.0546 3136 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:26:23.0546 3136 winmgmt - ok
22:26:23.0640 3136 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
22:26:23.0656 3136 WmdmPmSN - ok
22:26:23.0750 3136 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:26:23.0750 3136 Wmi - ok
22:26:23.0875 3136 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:26:23.0875 3136 WmiAcpi - ok
22:26:23.0921 3136 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:26:23.0921 3136 WmiApSrv - ok
22:26:24.0015 3136 WMP54Gv4SVC (e8c30ef9bbc6ddb71f0f77fa3a96515f) C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
22:26:24.0015 3136 WMP54Gv4SVC - ok
22:26:24.0125 3136 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:26:24.0359 3136 WMPNetworkSvc - ok
22:26:24.0500 3136 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:26:24.0500 3136 wuauserv - ok
22:26:24.0562 3136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:26:24.0609 3136 WudfPf - ok
22:26:24.0625 3136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:26:24.0656 3136 WudfRd - ok
22:26:24.0687 3136 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:26:24.0703 3136 WudfSvc - ok
22:26:24.0765 3136 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:26:24.0781 3136 WZCSVC - ok
22:26:24.0906 3136 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:26:24.0906 3136 xmlprov - ok
22:26:24.0921 3136 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:26:25.0109 3136 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:26:25.0109 3136 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:26:25.0109 3136 Boot (0x1200) (ed52df560f8861415ab92c5f371e4db5) \Device\Harddisk0\DR0\Partition0
22:26:25.0109 3136 \Device\Harddisk0\DR0\Partition0 - ok
22:26:25.0109 3136 ============================================================
22:26:25.0109 3136 Scan finished
22:26:25.0109 3136 ============================================================
22:26:25.0125 3196 Detected object count: 1
22:26:25.0125 3196 Actual detected object count: 1
22:28:01.0656 3196 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:28:01.0656 3196 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:28:12.0546 1428 Deinitialize success

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 28 March 2012 - 12:41 PM

There was no option to Cure??

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 Kyle88

Kyle88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 28 March 2012 - 07:25 PM

There was the option to cure the "suspicious object", but I interpreted your directions to suggest that I should "leave it as it is".

"When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). *>Let the options as it is and click Continue<*"

In other words, it had automatically selected "skip", so i left it as it was and skipped it. The drop-down menu had cure on it, but that would not be leaving it as it was, so I got confused.

Do you still want me to do the FixTDSS.exe method?

The link on how to turn off XP system restore leads me to a Norton site that has no directions on how to turn off system restore. It just says "Enabling and disabling windows system restore" in big bold letters with no directions lol. Sorry for being a pain.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 28 March 2012 - 07:32 PM

Ok, that is correct ..suspicious objects (Skip, by default).

But I want you to run Fix TDDS as ot di not say " suspicious" in the log. Not your fault.

I am sorry I don' see the link.

The link on how to turn off XP system restore leads me


Looks like we may have a 0access rootkit.

Edited by boopme, 28 March 2012 - 07:34 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 Kyle88

Kyle88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 29 March 2012 - 07:35 PM

Ok I looked up how to turn off windows system restore and did so. Then I ran the FixTDSS tool. Odd thing is, when the computer restarted and the tool started scanning, my Microsoft Security Essentials suspended 3 Trojans. When the FixTDSS tool was done scanning it said "Backdoor.Tidserv has not been found on your computer". Then I had Security Essentials remove the 3 Trojans it found.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 29 March 2012 - 08:04 PM

Ok thats good that rootkits Tdss and zeroaccess are gone.
What trojans were found.
I want to take one more look for rootkits,this is not long.

Machine must be runnning better now.

Please download aswMBR ( 511KB ) to your desktop.
[list]
[*]Double click the aswMBR.exe icon to run it
[*]Click the Scan button to start the scan
[*]On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
[/list
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#11 Kyle88

Kyle88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 March 2012 - 01:41 AM

I don't remember the name of the Trojans found by Security Essentials, but it said it was able to remove them. My computer is running much better now.

aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 23:25:08
-----------------------------
23:25:08.671 OS Version: Windows 5.1.2600 Service Pack 3
23:25:08.671 Number of processors: 2 586 0x6B02
23:25:08.671 ComputerName: KYLE-66DB7EE3FE UserName: Kyle
23:25:09.515 Initialize success
23:26:48.234 AVAST engine defs: 12033000
23:27:14.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
23:27:14.843 Disk 0 Vendor: WDC_WD2000BB-22GUC0 08.02D08 Size: 190781MB BusType: 3
23:27:14.859 Disk 0 MBR read successfully
23:27:14.859 Disk 0 MBR scan
23:27:14.906 Disk 0 Windows XP default MBR code
23:27:14.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset 63
23:27:14.906 Disk 0 scanning sectors +390700800
23:27:15.000 Disk 0 scanning C:\WINDOWS\system32\drivers
23:27:29.640 Service scanning
23:27:39.906 Service MpKsl6b1a2eb4 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D592D69-ED7A-42AD-9CF9-00E0636FAD04}\MpKsl6b1a2eb4.sys **LOCKED** 32
23:27:55.359 Modules scanning
23:28:00.250 Disk 0 trace - called modules:
23:28:00.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:28:00.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a667ab8]
23:28:00.281 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000060[0x8a6dd9a8]
23:28:00.281 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x8a66ad98]
23:28:00.609 AVAST engine scan C:\WINDOWS
23:28:23.828 AVAST engine scan C:\WINDOWS\system32
23:30:29.312 File: C:\WINDOWS\system32\USB3Sw32.dll **INFECTED** Win32:Malware-gen
23:32:03.609 AVAST engine scan C:\WINDOWS\system32\drivers
23:32:23.109 AVAST engine scan C:\Documents and Settings\Kyle
23:34:51.015 AVAST engine scan C:\Documents and Settings\All Users
23:35:29.125 Scan finished successfully
23:35:52.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kyle\Desktop\MBR.dat"
23:35:52.984 The log file has been saved successfully to "C:\Documents and Settings\Kyle\Desktop\aswMBR.txt"

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 30 March 2012 - 10:34 AM

Ok looks good.. we can mop up.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.




Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#13 Kyle88

Kyle88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 02 April 2012 - 12:39 PM

Thank you for all of your help. You went above and beyond. I appreciate it.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:12 AM

Posted 02 April 2012 - 08:11 PM

You're welcome and thanks for coming by.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#15 Hexious

Hexious

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 18 July 2012 - 09:11 PM

Hello. I'm new here too and I have the same problem. I have completed the first step and plan on continuin with the next. But here are my results from MiniToolBox.

MiniToolBox by Farbar Version: 15-07-2012
Ran by Kurai Hexious (administrator) on 18-07-2012 at 22:01:04
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kurai
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 98-4B-E1-96-67-4F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 88-9F-FA-44-36-AF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::618a:a2c0:ca78:6a41%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.27(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 18, 2012 8:04:58 PM
Lease Expires . . . . . . . . . . : Thursday, July 19, 2012 8:05:01 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 193503226
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C4-5E-20-88-9F-FA-44-36-AF
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.westell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.226.200] with 32 bytes of data:
Reply from 74.125.226.200: bytes=32 time=77ms TTL=55
Reply from 74.125.226.200: bytes=32 time=78ms TTL=55

Ping statistics for 74.125.226.200:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 77ms, Maximum = 78ms, Average = 77ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=106ms TTL=48
Reply from 98.139.183.24: bytes=32 time=117ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 106ms, Maximum = 117ms, Average = 111ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...98 4b e1 96 67 4f ......Realtek PCIe FE Family Controller
10...88 9f fa 44 36 af ......Atheros AR9285 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.27 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.27 281
192.168.1.27 255.255.255.255 On-link 192.168.1.27 281
192.168.1.255 255.255.255.255 On-link 192.168.1.27 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.27 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.27 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::618a:a2c0:ca78:6a41/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/18/2012 08:10:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000005
Fault offset: 0x0000000000019f6f
Faulting process id: 0x11a4
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (07/18/2012 06:00:46 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Adobe Shockwave Player 11.5 -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/18/2012 06:00:46 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Adobe Shockwave Player 11.5 -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/18/2012 06:00:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000005
Fault offset: 0x0000000000019f6f
Faulting process id: 0x424
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (07/18/2012 08:12:52 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Adobe Shockwave Player 11.5 -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/18/2012 08:12:52 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Adobe Shockwave Player 11.5 -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/18/2012 01:00:04 AM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000005
Fault offset: 0x0000000000019f6f
Faulting process id: 0x13f4
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (07/18/2012 00:23:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000005
Fault offset: 0x0000000000019f6f
Faulting process id: 0x10f8
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (07/18/2012 00:09:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000005
Fault offset: 0x0000000000019f6f
Faulting process id: 0x6b8
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (07/17/2012 09:20:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74dcc9f1
Faulting process id: 0x1e0c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (07/18/2012 08:04:39 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff96000341987, 0xfffff8800706cfe0, 0x0000000000000000)C:\Windows\MEMORY.DMP071812-78780-01

Error: (07/18/2012 08:04:21 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:00:54 PM on ?7/?18/?2012 was unexpected.

Error: (07/18/2012 05:42:09 PM) (Source: Service Control Manager) (User: )
Description: Group Policy Client

Error: (07/18/2012 05:41:34 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/18/2012 05:10:33 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/18/2012 00:31:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2596666).

Error: (07/18/2012 00:31:01 AM) (Source: Service Control Manager) (User: )
Description: Windows Installer%%1053

Error: (07/18/2012 00:31:01 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Installer

Error: (07/18/2012 00:31:01 AM) (Source: DCOM) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (07/17/2012 11:21:20 PM) (Source: Service Control Manager) (User: )
Description: BHDrvx64


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.3.0.3670)
Adobe Download Assistant (Version: 1.2)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Amazon Browser Bar (Version: 3.0.0.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 9.2)
ATI Catalyst Install Manager (Version: 3.0.790.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.0.609.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.0.5350)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0929.2212.37971)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0929.2212.37971)
Catalyst Control Center InstallProxy (Version: 2010.0929.2212.37971)
Catalyst Control Center Localization All (Version: 2010.0929.2212.37971)
ccc-core-static (Version: 2010.0929.2212.37971)
ccc-utility64 (Version: 2010.0929.2212.37971)
CCC Help Chinese Standard (Version: 2010.0929.2211.37971)
CCC Help Chinese Traditional (Version: 2010.0929.2211.37971)
CCC Help Czech (Version: 2010.0929.2211.37971)
CCC Help Danish (Version: 2010.0929.2211.37971)
CCC Help Dutch (Version: 2010.0929.2211.37971)
CCC Help English (Version: 2010.0929.2211.37971)
CCC Help Finnish (Version: 2010.0929.2211.37971)
CCC Help French (Version: 2010.0929.2211.37971)
CCC Help German (Version: 2010.0929.2211.37971)
CCC Help Greek (Version: 2010.0929.2211.37971)
CCC Help Hungarian (Version: 2010.0929.2211.37971)
CCC Help Italian (Version: 2010.0929.2211.37971)
CCC Help Japanese (Version: 2010.0929.2211.37971)
CCC Help Korean (Version: 2010.0929.2211.37971)
CCC Help Norwegian (Version: 2010.0929.2211.37971)
CCC Help Polish (Version: 2010.0929.2211.37971)
CCC Help Portuguese (Version: 2010.0929.2211.37971)
CCC Help Russian (Version: 2010.0929.2211.37971)
CCC Help Spanish (Version: 2010.0929.2211.37971)
CCC Help Swedish (Version: 2010.0929.2211.37971)
CCC Help Thai (Version: 2010.0929.2211.37971)
CCC Help Turkish (Version: 2010.0929.2211.37971)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Crawler Toolbar
CyberLink DVD Suite (Version: 7.0.3320)
CyberLink MediaShow (Version: 5.0.1920)
CyberLink PowerDVD 9 (Version: 9.0.1.4604)
CyberLink YouCam (Version: 3.2.3321)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
Dropbox (Version: 1.4.7)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
Glary Utilities 2.40.0.1326 (Version: 2.40.0.1326)
Google Chrome (Version: 20.0.1132.57)
Google Update Helper (Version: 1.3.21.115)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.4.0.0)
HP Games (Version: 1.0.1.5)
HP MovieStore (Version: 1.0.023)
HP MovieStore (Version: 2.0.2)
HP Photo Creations (Version: 1.0.0.4042)
HP Power Manager (Version: 1.1.2)
HP Quick Launch (Version: 2.3.6)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP Software Framework (Version: 4.0.108.1)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.10.0)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 31 (Version: 6.0.310)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.3220)
LightScribe System Software (Version: 1.18.20.1)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Monopoly Here & Now Edition (Version: 1.0.18.272)
Mozilla Firefox (3.6.14) (Version: 3.6.14 (en-US))
Mozilla Firefox 14.0 (x86 en-US) (Version: 14.0)
Mozilla Maintenance Service (Version: 14.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Norton 360 (Version: 6.2.1.5)
Norton Online Backup (Version: 2.1.17869)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.7717)
PictureMover (Version: 3.5.0.33)
Plants vs. Zombies (Version: 2.2.0.95)
Playboost Gamebar (Version: 1.1.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4419)
PowerDirector (Version: 8.0.3320)
QuickTime (Version: 7.72.80.56)
Quixley_v3b Toolbar (Version: 6.5.2.8)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6206)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30120)
Recovery Manager (Version: 5.5.3223)
RoxioNow Player (Version: 1.9.5.101)
RtVOsd (Version: 1.0.6)
SiteRanker (Version: 1.0.0.20)
Skype Toolbars (Version: 5.2.4170)
Skype™ 5.2 (Version: 5.2.113)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
THE GAME OF LIFE - Path to Success (remove only)
Times Reader (Version: 2.055)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Veoh Giraffic Video Accelerator (Version: 0.86.246.230)
Veoh Web Player (Version: 1.1.2.0000)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VLC media player 1.1.10 (Version: 1.1.10)
Watchtower Library 2011 - español (Version: 13.0)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.25)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 2810.9 MB
Available physical RAM: 1329.67 MB
Total Pagefile: 5620 MB
Available Pagefile: 3736.62 MB
Total Virtual: 4095.88 MB
Available Virtual: 3937.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:278.6 GB) (Free:143.06 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:19.19 GB) (Free:2.79 GB) NTFS
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\KURAI

Administrator Guest Kurai Hexious

========================= Minidump Files ==================================

No minidump file found


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users