Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Virus on windows 7. startup and google redirect again. Please help


  • Please log in to reply
12 replies to this topic

#1 amedcalf

amedcalf

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 28 September 2011 - 01:23 PM

Hi,

I am having major problems with my Toshiba Laptop that is running 64 bit Windows 7.

I think I have been infected with a major virus as my computer keeps switching itself off, goes into windows repair when restarting, Some programs seem to just dissappear. Google re-direct as well.

I am also having alot of problems in dowloading and installing windows updates. These keep failing.

I have re-installed windows several times but this doesn't seem to have made any difference.

I have run Super antispyware, but this didn't seem to make any difference.

I am getting really annoyed now as I have been trying to fix this for about a week with no effect.

I can eventually get into windows to use the computer but it takes ages to do anything.

All your help will be really appreciated.

Kind Regards

Allan

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 28 September 2011 - 01:43 PM

Hello,plese run these 2 for now...

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 28 September 2011 - 04:37 PM

Hi boopme,

Thanks for the quick response.

Minitoolbox results :-

MiniToolBox by Farbar
Ran by HOME (administrator) on 28-09-2011 at 22:22:47
Windows 7 Home Premium (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : HOME-TOSH
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : EE-39-DF-5B-E3-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : E8-39-DF-5B-E3-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::49f7:c62e:48e5:467c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 28 September 2011 19:08:37
Lease Expires . . . . . . . . . . : 29 September 2011 19:08:42
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 434649567
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-12-76-B3-00-26-6C-7A-BA-ED
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:18ea:192f:9268:2128(Preferred)
Link-local IPv6 Address . . . . . : fe80::18ea:192f:9268:2128%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.169.147
209.85.169.103
209.85.169.99
209.85.169.106
209.85.169.104
209.85.169.105


Pinging google.com [209.85.169.104] with 32 bytes of data:
Reply from 209.85.169.104: bytes=32 time=40ms TTL=49
Reply from 209.85.169.104: bytes=32 time=43ms TTL=49

Ping statistics for 209.85.169.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 43ms, Average = 41ms
Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=115ms TTL=48
Reply from 67.195.160.76: bytes=32 time=115ms TTL=48

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 115ms, Maximum = 115ms, Average = 115ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...ee 39 df 5b e3 b0 ......Microsoft Virtual WiFi Miniport Adapter
12...e8 39 df 5b e3 b0 ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 281
192.168.1.64 255.255.255.255 On-link 192.168.1.64 281
192.168.1.255 255.255.255.255 On-link 192.168.1.64 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fb:18ea:192f:9268:2128/128
On-link
12 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::18ea:192f:9268:2128/128
On-link
12 281 fe80::49f7:c62e:48e5:467c/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/28/2011 04:39:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: NBService.exe, version: 4.2.3.100, time stamp: 0x4a8c0725
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73ca6a34
Faulting process id: 0x66c
Faulting application start time: 0xNBService.exe0
Faulting application path: NBService.exe1
Faulting module path: NBService.exe2
Report Id: NBService.exe3

Error: (09/28/2011 03:58:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: 0.6589358195100744.exe, version: 0.0.0.0, time stamp: 0x4d028901
Faulting module name: 0.6589358195100744.exe, version: 0.0.0.0, time stamp: 0x4d028901
Exception code: 0xc0000005
Fault offset: 0x000039d6
Faulting process id: 0x1a04
Faulting application start time: 0x0.6589358195100744.exe0
Faulting application path: 0.6589358195100744.exe1
Faulting module path: 0.6589358195100744.exe2
Report Id: 0.6589358195100744.exe3

Error: (09/28/2011 03:46:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x4e8324ef
Faulting module name: setup.exe, version: 0.0.0.0, time stamp: 0x4e8324ef
Exception code: 0xc0000005
Fault offset: 0x000022c3
Faulting process id: 0x934
Faulting application start time: 0xsetup.exe_unknown0
Faulting application path: setup.exe_unknown1
Faulting module path: setup.exe_unknown2
Report Id: setup.exe_unknown3

Error: (09/28/2011 07:44:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/28/2011 07:44:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/28/2011 07:44:13 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/28/2011 07:39:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/28/2011 07:31:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: NBService.exe, version: 4.2.3.100, time stamp: 0x4a8c0725
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74196a34
Faulting process id: 0x610
Faulting application start time: 0xNBService.exe0
Faulting application path: NBService.exe1
Faulting module path: NBService.exe2
Report Id: NBService.exe3

Error: (09/28/2011 07:30:09 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/28/2011 07:19:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (09/28/2011 07:48:22 PM) (Source: Microsoft-Windows-DNS-Client) (User: HOME)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 07:09:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 07:09:06 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 07:09:04 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 07:09:04 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 07:08:58 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 07:08:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 07:07:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 06:33:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/28/2011 06:26:24 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (09/28/2011 04:39:24 PM) (Source: Application Error)(User: )
Description: NBService.exe4.2.3.1004a8c0725unknown0.0.0.000000000c000000573ca6a3466c01cc7df489104cb1c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exeunknown09f955ee-e9e8-11e0-8a74-00266c7abaed

Error: (09/28/2011 03:58:05 PM) (Source: Application Error)(User: )
Description: 0.6589358195100744.exe0.0.0.04d0289010.6589358195100744.exe0.0.0.04d028901c0000005000039d61a0401cc7def04820c82C:\Windows\TEMP\0.6589358195100744.exeC:\Windows\TEMP\0.6589358195100744.exe44b5d095-e9e2-11e0-a07f-00266c7abaed

Error: (09/28/2011 03:46:49 PM) (Source: Application Error)(User: )
Description: setup.exe_unknown0.0.0.04e8324efsetup.exe0.0.0.04e8324efc0000005000022c393401cc7ded723ee4e8C:\Windows\TEMP\ospdym\setup.exeC:\Windows\TEMP\ospdym\setup.exeb18019b7-e9e0-11e0-a07f-00266c7abaed

Error: (09/28/2011 07:44:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/28/2011 07:44:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/28/2011 07:44:13 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/28/2011 07:39:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/28/2011 07:31:54 AM) (Source: Application Error)(User: )
Description: NBService.exe4.2.3.1004a8c0725unknown0.0.0.000000000c000000574196a3461001cc7da80643a807c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exeunknown8e0bca2f-e99b-11e0-9759-00266c7abaed

Error: (09/28/2011 07:30:09 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/28/2011 07:19:11 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Reader 9.4.6 (Version: 9.4.6)
Advertising Center (Version: 0.0.0.2)
Amazon.co.uk
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Atheros Driver Installation Program (Version: 5.2)
Auslogics Disk Defrag (Version: version 3.2)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Bing Bar (Version: 5.0.1401.0)
Bing Bar Platform (Version: 5.0.1399.0)
BT NetProtect Plus (Version: 10.5.240)
Chuzzle Deluxe (Version: 2.2.0.82)
Conexant HD Audio (Version: 4.111.0.64)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
eBay (Version: 1.1.9)
FATE (Version: 2.2.0.82)
Free Window Registry Repair
ImagXpress (Version: 7.0.74.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel® Matrix Storage Manager
Java™ 6 Update 17 (Version: 6.0.170)
Jewel Quest II (Version: 2.2.0.82)
Junk Mail filter update (Version: 14.0.8089.726)
LEGO Universe
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 2.0.271.0)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero BackItUp (Version: 5.2.21001)
Nero BackItUp and Burn (Version: 1.2.0030)
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights (Version: 3.6.26001)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express (Version: 9.6.16000)
Nero Express Help (Version: 9.4.34.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero RescueAgent (Version: 2.6.25002)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.37.100)
NeroExpress (Version: 9.4.34.100)
neroxml (Version: 1.0.0)
Penguins! (Version: 2.2.0.82)
Photo Service - powered by myphotobook (Version: 1.0.7-279)
Photo Service - powered by myphotobook (Version: 1.0.7)
Plants vs. Zombies (Version: 2.2.0.82)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.82)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.152)
SUPERAntiSpyware (Version: 5.0.1128)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toshiba Assist (Version: 3.00.11)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA ConfigFree (Version: 8.0.28)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Hardware Setup (Version: 2.00.06)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Manuals (Version: 10.01)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.4.9)
TOSHIBA Online Product Information (Version: 2.09.0001)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 x64)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Supervisor Password (Version: 2.00.03)
Toshiba TEMPRO (Version: 3.30)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TRORMCLauncher (Version: )
TRORMCLauncher (Version: 1.0.0.9)
WildTangent Games (Version: 1.0.0.80)
WildTangent ORB Game Console
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Zuma Deluxe (Version: 2.2.0.82)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 2939.97 MB
Available physical RAM: 1713.73 MB
Total Pagefile: 5878.09 MB
Available Pagefile: 3912.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.24 MB

========================= Partitions: =====================================

1 Drive c: (WINDOWS) (Fixed) (Total:116.21 GB) (Free:83.3 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:116.28 GB) (Free:109.22 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-TOSH

Administrator Guest HOME

========================= Minidump Files ==================================

No minidump file found

**** End of log ****




TDSS Killer results :-

22:27:24.0106 5992 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
22:27:24.0854 5992 ============================================================
22:27:24.0854 5992 Current date / time: 2011/09/28 22:27:24.0854
22:27:24.0854 5992 SystemInfo:
22:27:24.0854 5992
22:27:24.0854 5992 OS Version: 6.1.7600 ServicePack: 0.0
22:27:24.0854 5992 Product type: Workstation
22:27:24.0854 5992 ComputerName: HOME-TOSH
22:27:24.0854 5992 UserName: HOME
22:27:24.0854 5992 Windows directory: C:\Windows
22:27:24.0854 5992 System windows directory: C:\Windows
22:27:24.0854 5992 Running under WOW64
22:27:24.0854 5992 Processor architecture: Intel x64
22:27:24.0854 5992 Number of processors: 2
22:27:24.0854 5992 Page size: 0x1000
22:27:24.0854 5992 Boot type: Normal boot
22:27:24.0854 5992 ============================================================
22:27:25.0619 5992 Initialize success
22:27:40.0314 4348 ============================================================
22:27:40.0314 4348 Scan started
22:27:40.0314 4348 Mode: Manual;
22:27:40.0314 4348 ============================================================
22:27:41.0406 4348 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:27:41.0422 4348 1394ohci - ok
22:27:41.0546 4348 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:27:41.0562 4348 ACPI - ok
22:27:41.0671 4348 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:27:41.0687 4348 AcpiPmi - ok
22:27:41.0812 4348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:27:41.0858 4348 adp94xx - ok
22:27:41.0983 4348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:27:42.0014 4348 adpahci - ok
22:27:42.0108 4348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:27:42.0124 4348 adpu320 - ok
22:27:42.0280 4348 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
22:27:42.0295 4348 AFD - ok
22:27:42.0404 4348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:27:42.0404 4348 agp440 - ok
22:27:42.0451 4348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:27:42.0467 4348 aliide - ok
22:27:42.0545 4348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:27:42.0560 4348 amdide - ok
22:27:42.0638 4348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:27:42.0654 4348 AmdK8 - ok
22:27:42.0732 4348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:27:42.0732 4348 AmdPPM - ok
22:27:42.0794 4348 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
22:27:42.0810 4348 amdsata - ok
22:27:42.0872 4348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:27:42.0888 4348 amdsbs - ok
22:27:42.0950 4348 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\DRIVERS\amdxata.sys
22:27:43.0013 4348 amdxata - ok
22:27:43.0060 4348 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:27:43.0060 4348 AppID - ok
22:27:43.0106 4348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:27:43.0122 4348 arc - ok
22:27:43.0138 4348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:27:43.0153 4348 arcsas - ok
22:27:43.0231 4348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:43.0231 4348 AsyncMac - ok
22:27:43.0372 4348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:27:43.0387 4348 atapi - ok
22:27:43.0450 4348 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
22:27:43.0621 4348 athr - ok
22:27:43.0762 4348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:27:43.0793 4348 b06bdrv - ok
22:27:43.0855 4348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:27:43.0871 4348 b57nd60a - ok
22:27:43.0933 4348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:27:43.0933 4348 Beep - ok
22:27:44.0089 4348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:27:44.0089 4348 blbdrive - ok
22:27:44.0230 4348 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
22:27:44.0245 4348 bowser - ok
22:27:44.0308 4348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:27:44.0323 4348 BrFiltLo - ok
22:27:44.0432 4348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:27:44.0432 4348 BrFiltUp - ok
22:27:44.0573 4348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:27:44.0588 4348 Brserid - ok
22:27:44.0604 4348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:27:44.0604 4348 BrSerWdm - ok
22:27:44.0729 4348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:27:44.0729 4348 BrUsbMdm - ok
22:27:44.0744 4348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:27:44.0760 4348 BrUsbSer - ok
22:27:44.0776 4348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:27:44.0776 4348 BTHMODEM - ok
22:27:44.0885 4348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:27:44.0885 4348 cdfs - ok
22:27:44.0947 4348 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:27:44.0947 4348 cdrom - ok
22:27:45.0088 4348 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
22:27:45.0197 4348 cfwids - ok
22:27:45.0322 4348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:27:45.0337 4348 circlass - ok
22:27:45.0478 4348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:27:45.0478 4348 CLFS - ok
22:27:45.0556 4348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:27:45.0571 4348 CmBatt - ok
22:27:45.0602 4348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:27:45.0618 4348 cmdide - ok
22:27:45.0758 4348 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:27:45.0774 4348 CNG - ok
22:27:45.0899 4348 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
22:27:45.0977 4348 CnxtHdAudService - ok
22:27:46.0070 4348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:27:46.0086 4348 Compbatt - ok
22:27:46.0148 4348 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:27:46.0164 4348 CompositeBus - ok
22:27:46.0320 4348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:27:46.0320 4348 crcdisk - ok
22:27:46.0476 4348 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
22:27:46.0476 4348 DfsC - ok
22:27:46.0523 4348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:27:46.0523 4348 discache - ok
22:27:46.0554 4348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:27:46.0570 4348 Disk - ok
22:27:46.0694 4348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:27:46.0694 4348 drmkaud - ok
22:27:46.0772 4348 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
22:27:46.0804 4348 DXGKrnl - ok
22:27:46.0991 4348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:27:47.0116 4348 ebdrv - ok
22:27:47.0272 4348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:27:47.0287 4348 elxstor - ok
22:27:47.0334 4348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:27:47.0334 4348 ErrDev - ok
22:27:47.0474 4348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:27:47.0474 4348 exfat - ok
22:27:47.0490 4348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:27:47.0506 4348 fastfat - ok
22:27:47.0615 4348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:27:47.0630 4348 fdc - ok
22:27:47.0724 4348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:27:47.0740 4348 FileInfo - ok
22:27:47.0771 4348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:27:47.0771 4348 Filetrace - ok
22:27:47.0818 4348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:27:47.0833 4348 flpydisk - ok
22:27:47.0864 4348 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:27:47.0880 4348 FltMgr - ok
22:27:47.0927 4348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:27:47.0942 4348 FsDepends - ok
22:27:48.0067 4348 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:27:48.0067 4348 Fs_Rec - ok
22:27:48.0114 4348 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
22:27:48.0114 4348 fvevol - ok
22:27:48.0254 4348 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
22:27:48.0301 4348 FwLnk - ok
22:27:48.0348 4348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:27:48.0364 4348 gagp30kx - ok
22:27:48.0473 4348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:27:48.0488 4348 hcw85cir - ok
22:27:48.0613 4348 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:27:48.0691 4348 HdAudAddService - ok
22:27:48.0738 4348 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:27:48.0738 4348 HDAudBus - ok
22:27:48.0785 4348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:27:48.0785 4348 HidBatt - ok
22:27:48.0816 4348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:27:48.0832 4348 HidBth - ok
22:27:48.0847 4348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:27:48.0863 4348 HidIr - ok
22:27:48.0910 4348 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:27:48.0910 4348 HidUsb - ok
22:27:49.0034 4348 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:27:49.0050 4348 HpSAMD - ok
22:27:49.0097 4348 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:27:49.0112 4348 HTTP - ok
22:27:49.0206 4348 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:27:49.0206 4348 hwpolicy - ok
22:27:49.0237 4348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:27:49.0253 4348 i8042prt - ok
22:27:49.0315 4348 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
22:27:49.0315 4348 iaStor - ok
22:27:49.0362 4348 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
22:27:49.0378 4348 iaStorV - ok
22:27:49.0705 4348 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:27:50.0017 4348 igfx - ok
22:27:50.0126 4348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:27:50.0126 4348 iirsp - ok
22:27:50.0189 4348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:27:50.0189 4348 intelide - ok
22:27:50.0220 4348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:27:50.0220 4348 intelppm - ok
22:27:50.0267 4348 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:50.0267 4348 IpFilterDriver - ok
22:27:50.0314 4348 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:27:50.0329 4348 IPMIDRV - ok
22:27:50.0376 4348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:27:50.0376 4348 IPNAT - ok
22:27:50.0392 4348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:27:50.0392 4348 IRENUM - ok
22:27:50.0423 4348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:27:50.0423 4348 isapnp - ok
22:27:50.0438 4348 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:27:50.0454 4348 iScsiPrt - ok
22:27:50.0470 4348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:50.0485 4348 kbdclass - ok
22:27:50.0501 4348 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:27:50.0516 4348 kbdhid - ok
22:27:50.0548 4348 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:27:50.0548 4348 KSecDD - ok
22:27:50.0594 4348 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
22:27:50.0594 4348 KSecPkg - ok
22:27:50.0641 4348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:27:50.0641 4348 ksthunk - ok
22:27:50.0657 4348 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:27:50.0704 4348 L1C - ok
22:27:50.0828 4348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:27:50.0828 4348 lltdio - ok
22:27:50.0875 4348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:27:50.0891 4348 LSI_FC - ok
22:27:50.0969 4348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:27:50.0969 4348 LSI_SAS - ok
22:27:51.0016 4348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:27:51.0031 4348 LSI_SAS2 - ok
22:27:51.0062 4348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:27:51.0078 4348 LSI_SCSI - ok
22:27:51.0203 4348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:27:51.0203 4348 luafv - ok
22:27:51.0390 4348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:27:51.0406 4348 megasas - ok
22:27:51.0452 4348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:27:51.0468 4348 MegaSR - ok
22:27:51.0593 4348 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
22:27:51.0593 4348 mfeapfk - ok
22:27:51.0733 4348 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
22:27:51.0842 4348 mfeavfk - ok
22:27:51.0967 4348 mfeavfk01 - ok
22:27:52.0108 4348 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
22:27:52.0186 4348 mfefirek - ok
22:27:52.0342 4348 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
22:27:52.0451 4348 mfehidk - ok
22:27:52.0576 4348 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
22:27:52.0638 4348 mfenlfk - ok
22:27:52.0716 4348 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
22:27:52.0794 4348 mferkdet - ok
22:27:52.0919 4348 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
22:27:52.0997 4348 mfewfpk - ok
22:27:53.0106 4348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:27:53.0106 4348 Modem - ok
22:27:53.0246 4348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:27:53.0246 4348 monitor - ok
22:27:53.0278 4348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:27:53.0293 4348 mouclass - ok
22:27:53.0324 4348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:27:53.0340 4348 mouhid - ok
22:27:53.0434 4348 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:27:53.0434 4348 mountmgr - ok
22:27:53.0480 4348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\DRIVERS\mpio.sys
22:27:53.0527 4348 mpio - ok
22:27:53.0574 4348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:27:53.0574 4348 mpsdrv - ok
22:27:53.0652 4348 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:27:53.0668 4348 MRxDAV - ok
22:27:53.0714 4348 mrxsmb (ab5892797c4114640ba333949568de8c) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:53.0714 4348 mrxsmb - ok
22:27:53.0777 4348 mrxsmb10 (81a38f7aeeb265634b05ae5f3f29fbc4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:53.0792 4348 mrxsmb10 - ok
22:27:53.0902 4348 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:53.0902 4348 mrxsmb20 - ok
22:27:53.0948 4348 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:27:53.0964 4348 msahci - ok
22:27:54.0026 4348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\DRIVERS\msdsm.sys
22:27:54.0089 4348 msdsm - ok
22:27:54.0167 4348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:27:54.0167 4348 Msfs - ok
22:27:54.0214 4348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:27:54.0214 4348 mshidkmdf - ok
22:27:54.0276 4348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:27:54.0276 4348 msisadrv - ok
22:27:54.0416 4348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:27:54.0416 4348 MSKSSRV - ok
22:27:54.0463 4348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:54.0463 4348 MSPCLOCK - ok
22:27:54.0494 4348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:27:54.0510 4348 MSPQM - ok
22:27:54.0572 4348 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:27:54.0588 4348 MsRPC - ok
22:27:54.0682 4348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:27:54.0682 4348 mssmbios - ok
22:27:54.0728 4348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:27:54.0728 4348 MSTEE - ok
22:27:54.0822 4348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:27:54.0838 4348 MTConfig - ok
22:27:54.0869 4348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:27:54.0869 4348 Mup - ok
22:27:55.0025 4348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:27:55.0025 4348 NativeWifiP - ok
22:27:55.0150 4348 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:27:55.0181 4348 NDIS - ok
22:27:55.0306 4348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:27:55.0306 4348 NdisCap - ok
22:27:55.0337 4348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:55.0337 4348 NdisTapi - ok
22:27:55.0430 4348 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:55.0446 4348 Ndisuio - ok
22:27:55.0477 4348 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:55.0493 4348 NdisWan - ok
22:27:55.0586 4348 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:27:55.0602 4348 NDProxy - ok
22:27:55.0727 4348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:27:55.0727 4348 NetBIOS - ok
22:27:55.0836 4348 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:27:55.0852 4348 NetBT - ok
22:27:56.0008 4348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:27:56.0023 4348 nfrd960 - ok
22:27:56.0148 4348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:27:56.0148 4348 Npfs - ok
22:27:56.0179 4348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:27:56.0179 4348 nsiproxy - ok
22:27:56.0257 4348 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
22:27:56.0304 4348 Ntfs - ok
22:27:56.0398 4348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:27:56.0398 4348 Null - ok
22:27:56.0491 4348 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
22:27:56.0507 4348 nvraid - ok
22:27:56.0585 4348 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
22:27:56.0600 4348 nvstor - ok
22:27:56.0647 4348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:27:56.0663 4348 nv_agp - ok
22:27:56.0678 4348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:27:56.0694 4348 ohci1394 - ok
22:27:56.0756 4348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:27:56.0772 4348 Parport - ok
22:27:56.0803 4348 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:27:56.0803 4348 partmgr - ok
22:27:56.0944 4348 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:27:56.0944 4348 pci - ok
22:27:57.0068 4348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:27:57.0068 4348 pciide - ok
22:27:57.0162 4348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:27:57.0178 4348 pcmcia - ok
22:27:57.0287 4348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:27:57.0287 4348 pcw - ok
22:27:57.0334 4348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:27:57.0380 4348 PEAUTH - ok
22:27:57.0521 4348 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:27:57.0521 4348 PptpMiniport - ok
22:27:57.0568 4348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:27:57.0568 4348 Processor - ok
22:27:57.0646 4348 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:27:57.0646 4348 Psched - ok
22:27:57.0724 4348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:27:57.0817 4348 ql2300 - ok
22:27:57.0926 4348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:27:57.0926 4348 ql40xx - ok
22:27:58.0020 4348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:27:58.0020 4348 QWAVEdrv - ok
22:27:58.0129 4348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:27:58.0129 4348 RasAcd - ok
22:27:58.0192 4348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:58.0192 4348 RasAgileVpn - ok
22:27:58.0301 4348 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:58.0301 4348 Rasl2tp - ok
22:27:58.0379 4348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:58.0379 4348 RasPppoe - ok
22:27:58.0457 4348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:27:58.0457 4348 RasSstp - ok
22:27:58.0504 4348 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:27:58.0504 4348 rdbss - ok
22:27:58.0582 4348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:27:58.0597 4348 rdpbus - ok
22:27:58.0613 4348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:58.0628 4348 RDPCDD - ok
22:27:58.0691 4348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:27:58.0691 4348 RDPENCDD - ok
22:27:58.0738 4348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:27:58.0753 4348 RDPREFMP - ok
22:27:58.0784 4348 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:27:58.0800 4348 RDPWD - ok
22:27:58.0847 4348 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:27:58.0847 4348 rdyboost - ok
22:27:58.0972 4348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:27:58.0972 4348 rspndr - ok
22:27:59.0112 4348 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
22:27:59.0112 4348 RSUSBSTOR - ok
22:27:59.0190 4348 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:27:59.0190 4348 SASDIFSV - ok
22:27:59.0221 4348 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:27:59.0221 4348 SASKUTIL - ok
22:27:59.0346 4348 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:27:59.0346 4348 sbp2port - ok
22:27:59.0408 4348 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:27:59.0408 4348 scfilter - ok
22:27:59.0502 4348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:27:59.0502 4348 secdrv - ok
22:27:59.0642 4348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:27:59.0642 4348 Serenum - ok
22:27:59.0689 4348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:27:59.0705 4348 Serial - ok
22:27:59.0798 4348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:27:59.0798 4348 sermouse - ok
22:27:59.0892 4348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:27:59.0908 4348 sffdisk - ok
22:27:59.0923 4348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:27:59.0939 4348 sffp_mmc - ok
22:27:59.0970 4348 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:27:59.0970 4348 sffp_sd - ok
22:28:00.0017 4348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:28:00.0017 4348 sfloppy - ok
22:28:00.0095 4348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:28:00.0110 4348 SiSRaid2 - ok
22:28:00.0142 4348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:28:00.0157 4348 SiSRaid4 - ok
22:28:00.0188 4348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:28:00.0204 4348 Smb - ok
22:28:00.0251 4348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:28:00.0251 4348 spldr - ok
22:28:00.0313 4348 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
22:28:00.0313 4348 srv - ok
22:28:00.0360 4348 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
22:28:00.0376 4348 srv2 - ok
22:28:00.0391 4348 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
22:28:00.0407 4348 srvnet - ok
22:28:00.0454 4348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:28:00.0454 4348 stexstor - ok
22:28:00.0485 4348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:28:00.0500 4348 swenum - ok
22:28:00.0563 4348 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
22:28:00.0625 4348 SynTP - ok
22:28:00.0719 4348 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
22:28:00.0781 4348 Tcpip - ok
22:28:00.0922 4348 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
22:28:00.0953 4348 TCPIP6 - ok
22:28:01.0062 4348 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:28:01.0078 4348 tcpipreg - ok
22:28:01.0202 4348 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:28:01.0265 4348 tdcmdpst - ok
22:28:01.0312 4348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:28:01.0312 4348 TDPIPE - ok
22:28:01.0343 4348 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:28:01.0343 4348 TDTCP - ok
22:28:01.0436 4348 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:28:01.0452 4348 tdx - ok
22:28:01.0577 4348 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:28:01.0592 4348 TermDD - ok
22:28:01.0795 4348 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:28:01.0795 4348 tssecsrv - ok
22:28:01.0811 4348 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:28:01.0826 4348 tunnel - ok
22:28:01.0936 4348 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:28:01.0982 4348 TVALZ - ok
22:28:02.0014 4348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:28:02.0029 4348 uagp35 - ok
22:28:02.0107 4348 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:28:02.0107 4348 udfs - ok
22:28:02.0216 4348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:28:02.0232 4348 uliagpkx - ok
22:28:02.0294 4348 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:28:02.0294 4348 umbus - ok
22:28:02.0341 4348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:28:02.0341 4348 UmPass - ok
22:28:02.0466 4348 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:28:02.0482 4348 usbaudio - ok
22:28:02.0528 4348 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:28:02.0544 4348 usbccgp - ok
22:28:02.0638 4348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:28:02.0653 4348 usbcir - ok
22:28:02.0794 4348 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
22:28:02.0794 4348 usbehci - ok
22:28:02.0856 4348 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
22:28:02.0872 4348 usbhub - ok
22:28:02.0965 4348 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:28:02.0981 4348 usbohci - ok
22:28:02.0996 4348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:28:03.0012 4348 usbprint - ok
22:28:03.0028 4348 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:28:03.0043 4348 USBSTOR - ok
22:28:03.0074 4348 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:28:03.0074 4348 usbuhci - ok
22:28:03.0137 4348 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
22:28:03.0152 4348 usbvideo - ok
22:28:03.0293 4348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:28:03.0293 4348 vdrvroot - ok
22:28:03.0340 4348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:28:03.0355 4348 vga - ok
22:28:03.0464 4348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:28:03.0464 4348 VgaSave - ok
22:28:03.0511 4348 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:28:03.0527 4348 vhdmp - ok
22:28:03.0542 4348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:28:03.0558 4348 viaide - ok
22:28:03.0589 4348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\DRIVERS\volmgr.sys
22:28:03.0620 4348 volmgr - ok
22:28:03.0667 4348 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:28:03.0667 4348 volmgrx - ok
22:28:03.0698 4348 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:28:03.0714 4348 volsnap - ok
22:28:03.0745 4348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:28:03.0761 4348 vsmraid - ok
22:28:03.0776 4348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:28:03.0776 4348 vwifibus - ok
22:28:03.0792 4348 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:28:03.0792 4348 vwififlt - ok
22:28:03.0808 4348 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:28:03.0808 4348 vwifimp - ok
22:28:03.0932 4348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:28:03.0948 4348 WacomPen - ok
22:28:03.0995 4348 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:28:03.0995 4348 WANARP - ok
22:28:04.0010 4348 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:28:04.0010 4348 Wanarpv6 - ok
22:28:04.0073 4348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:28:04.0088 4348 Wd - ok
22:28:04.0182 4348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:28:04.0213 4348 Wdf01000 - ok
22:28:04.0291 4348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:28:04.0291 4348 WfpLwf - ok
22:28:04.0354 4348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:28:04.0354 4348 WIMMount - ok
22:28:04.0541 4348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:28:04.0556 4348 WmiAcpi - ok
22:28:04.0697 4348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:28:04.0697 4348 ws2ifsl - ok
22:28:04.0837 4348 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:28:04.0853 4348 WudfPf - ok
22:28:04.0900 4348 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:28:04.0915 4348 WUDFRd - ok
22:28:04.0978 4348 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
22:28:04.0993 4348 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
22:28:04.0993 4348 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
22:28:05.0009 4348 Boot (0x1200) (dbd42ea87640ddff4ad85ad6db47d148) \Device\Harddisk0\DR0\Partition0
22:28:05.0009 4348 \Device\Harddisk0\DR0\Partition0 - ok
22:28:05.0024 4348 Boot (0x1200) (68940da91f4f91d95be816d03b3032c6) \Device\Harddisk0\DR0\Partition1
22:28:05.0024 4348 \Device\Harddisk0\DR0\Partition1 - ok
22:28:05.0024 4348 ============================================================
22:28:05.0024 4348 Scan finished
22:28:05.0024 4348 ============================================================
22:28:05.0040 2264 Detected object count: 1
22:28:05.0040 2264 Actual detected object count: 1
22:29:01.0231 2264 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
22:29:01.0231 2264 \Device\Harddisk0\DR0 - ok
22:29:01.0231 2264 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
22:29:20.0653 4720 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 28 September 2011 - 08:06 PM

OK, that was a big find for your issue. You need a rebooy after that if you have not.
We need to update some things and run another scan ti be sure.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

>>>
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 29 September 2011 - 05:53 AM

Hi again boopme,

I would first like to thank for for taking the time to help me out.

Below are the results.

Malwarebytes results :-

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7826

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/09/2011 10:17:03
mbam-log-2011-09-29 (10-17-03).txt

Scan type: Quick scan
Objects scanned: 178041
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 25

Memory Processes Infected:
c:\Users\HOME\AppData\Roaming\Ikagta\utuwa.exe (Backdoor.IRCBot) -> 112 -> Unloaded process successfully.
c:\Windows\Temp\0.20194772804402084.exe (Exploit.Drop.2) -> 3792 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6A8D9B28-6B09-EB41-A044-E3E751CB0EA7} (Backdoor.IRCBot) -> Value: {6A8D9B28-6B09-EB41-A044-E3E751CB0EA7} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent (Exploit.Drop.2) -> Value: MozillaAgent -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\syte821.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\HOME\AppData\Roaming\Ikagta\utuwa.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache3427734229197704072.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache7096625464396233248.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.08241380363631523.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.08418998465607486.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.13208959603660175.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.17902142200956606.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.20194772804402084.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.29179472850956867.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.30254475383452306.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.1968631581892224.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.2575560816411192.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4119161616917274.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4202383197649274.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4864560624751547.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.5182567333907974.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.5250268473518601.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.5751637760009051.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.5864442011119684.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.5897859097987395.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.6589358195100744.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.7185486238069022.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.8485309414305497.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.9987058496049042.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.842968008924086.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.


ESET Result :-

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wufa.exe a variant of Win32/Kryptik.TFZ trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2950ec10-14037227 a variant of Win32/Kryptik.TIH trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\60f263a7-50147ad8 Java/Agent.DP trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\39c350eb-5d6f73de probably a variant of Java/Agent.DP trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\39c350eb-62979fc6 probably a variant of Java/Agent.DP trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\4be1d4f3-11ebb3cc probably a variant of Java/Agent.DP trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\545adf9-13d5bc9b a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\545adf9-2854d0aa a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache1472643676381761689.tmp a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache2513001834201911738.tmp a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache3601625606341178293.tmp a variant of Win32/Kryptik.TIH trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache3919806733068101070.tmp a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache4016210417323633064.tmp a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache4996666613615011378.tmp a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache5797016116078095332.tmp a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache7569856441589789402.tmp a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined
C:\Windows\Temp\jar_cache9014030269085811185.tmp a variant of Win32/Kryptik.TFI trojan cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 29 September 2011 - 09:08 PM

OK, this looks good now. How is it running? I have a concern for you to consider

(Trojan.SpyEyes)
This has stolen your passwords anso have these but these are more dangerous.
c:\Users\HOME\AppData\Roaming\Ikagta\utuwa.exe (Backdoor.IRCBot) ->
c:\Windows\Temp\jar_cache3427734229197704072.tmp (Backdoor.Bot)

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 30 September 2011 - 04:30 AM

Its running really good now, all winbdows updates are going through and it no longer shuts down.

Starts up fine as well.

The two programs you mentioned

c:\Users\HOME\AppData\Roaming\Ikagta\utuwa.exe (Backdoor.IRCBot) ->
c:\Windows\Temp\jar_cache3427734229197704072.tmp (Backdoor.Bot)

had been trying to access computer but Mcafee was blocking them from sending and receiving. Dont know if this has made any difference.

I did get an email from ebay saying about unusual activity and they made me change my password. Will have to go to bank and let them know though.

Think I may go with trying to clean this computer as I cannot afford to change it.

Thanks Allan

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 30 September 2011 - 10:21 AM

Hello,thats a good thing that it was blocked. Just to b e clear its not changing the PC its reinstalling the OS,free.

You still have 2 security flaws to update. Java and Adobe Reader.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional




After all that is done you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 30 September 2011 - 10:56 AM

Hi,

New restore point done and all old ones have been deleted.

Java and Adobe have been updated.

Is there anything else that will need to be done.

Thanks so much for all your help on this, I really appreciate the time you have taken to help me. (my kids say a big thank you as well :) )

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 30 September 2011 - 03:16 PM

Send me a fresh baked carrot cake.. :woot:

Looks good here. Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 30 September 2011 - 05:41 PM

Restore point created and old ones are history.

:)

If you lived closer I would send you a carrot cake :)

Will there be any need to re-install windows ?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 01 October 2011 - 08:58 PM

Hello, It all looks good now. If i didn't say it earlier change all passwords and you are OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 04 October 2011 - 11:09 AM

Thanks soo much for all your help.

I appreciate the time you have taken to help sort out my problem.

If only I could was able to help people out the same way you do.

Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users