Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Re-Directs & Bits of System Check left over


  • Please log in to reply
9 replies to this topic

#1 Sausages

Sausages

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 08 February 2012 - 06:07 PM

Hi,

I have just had the System Check virus. After reading some generic help I have been through unhide.exe, MBAM, AVG scan, super-antispyware scan, rkill & tdss tool. Something hasnt worked though as Im still getting google redirects and MBAM keeps flagging that its had to block an IP address from accessing the computer etc.. also issues shutting down windows properly. MBAM is showing a clean slate after the last two full scans. Running XP.

What should I try next?

Thanks in advance!

Edited by Sausages, 08 February 2012 - 06:10 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 PM

Posted 08 February 2012 - 06:29 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Sausages

Sausages
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 10 February 2012 - 11:59 AM

Thanks! TDSS killer made a detection. Google redirects seem to have stopped. Computer seems to have an issue still with shutting down - it freezes on the "logging out" action. My free trial of the live protection feature on MBAM has just ended so I cant see whether it is still frequently blocking IP addresses....

Here are the logs:

20:22:26.0718 3192 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
20:22:27.0093 3192 ============================================================
20:22:27.0093 3192 Current date / time: 2012/02/09 20:22:27.0093
20:22:27.0093 3192 SystemInfo:
20:22:27.0093 3192
20:22:27.0093 3192 OS Version: 5.1.2600 ServicePack: 3.0
20:22:27.0093 3192 Product type: Workstation
20:22:27.0093 3192 ComputerName: PC1
20:22:27.0093 3192 UserName: (xxxxxxx)
20:22:27.0093 3192 Windows directory: C:\WINDOWS
20:22:27.0093 3192 System windows directory: C:\WINDOWS
20:22:27.0093 3192 Processor architecture: Intel x86
20:22:27.0093 3192 Number of processors: 2
20:22:27.0093 3192 Page size: 0x1000
20:22:27.0093 3192 Boot type: Normal boot
20:22:27.0093 3192 ============================================================
20:22:28.0828 3192 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:22:28.0906 3192 \Device\Harddisk0\DR0:
20:22:28.0906 3192 MBR used
20:22:28.0906 3192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
20:22:28.0953 3192 Initialize success
20:22:28.0953 3192 ============================================================
20:23:23.0812 2088 ============================================================
20:23:23.0812 2088 Scan started
20:23:23.0812 2088 Mode: Manual; TDLFS;
20:23:23.0812 2088 ============================================================
20:23:24.0421 2088 Abiosdsk - ok
20:23:24.0437 2088 abp480n5 - ok
20:23:24.0546 2088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:23:24.0546 2088 ACPI - ok
20:23:24.0593 2088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:23:24.0593 2088 ACPIEC - ok
20:23:24.0609 2088 adpu160m - ok
20:23:24.0640 2088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:23:24.0640 2088 aec - ok
20:23:24.0718 2088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:23:24.0718 2088 AFD - ok
20:23:24.0750 2088 Aha154x - ok
20:23:24.0765 2088 aic78u2 - ok
20:23:24.0781 2088 aic78xx - ok
20:23:24.0796 2088 AliIde - ok
20:23:24.0812 2088 amsint - ok
20:23:24.0843 2088 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:23:24.0859 2088 Arp1394 - ok
20:23:24.0921 2088 arusb(TP-LINK) (a947ff19567c674c6f99369e3f1212bb) C:\WINDOWS\system32\DRIVERS\arusb.sys
20:23:24.0921 2088 arusb(TP-LINK) - ok
20:23:24.0937 2088 asc - ok
20:23:24.0953 2088 asc3350p - ok
20:23:24.0953 2088 asc3550 - ok
20:23:24.0984 2088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:23:24.0984 2088 AsyncMac - ok
20:23:25.0031 2088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:23:25.0031 2088 atapi - ok
20:23:25.0031 2088 Atdisk - ok
20:23:25.0390 2088 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:23:25.0437 2088 ati2mtag - ok
20:23:25.0484 2088 AtiHDAudioService (b2a236dc65e90170a369164384efb460) C:\WINDOWS\system32\drivers\AtihdXP3.sys
20:23:25.0484 2088 AtiHDAudioService - ok
20:23:25.0546 2088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:23:25.0546 2088 Atmarpc - ok
20:23:25.0609 2088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:23:25.0609 2088 audstub - ok
20:23:25.0687 2088 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:23:25.0687 2088 AVGIDSDriver - ok
20:23:25.0718 2088 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:23:25.0718 2088 AVGIDSEH - ok
20:23:25.0750 2088 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:23:25.0750 2088 AVGIDSFilter - ok
20:23:25.0765 2088 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:23:25.0765 2088 AVGIDSShim - ok
20:23:25.0859 2088 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:23:25.0875 2088 Avgldx86 - ok
20:23:25.0921 2088 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:23:25.0921 2088 Avgmfx86 - ok
20:23:25.0937 2088 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:23:25.0937 2088 Avgrkx86 - ok
20:23:26.0000 2088 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:23:26.0015 2088 Avgtdix - ok
20:23:26.0062 2088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:23:26.0062 2088 Beep - ok
20:23:26.0109 2088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:23:26.0109 2088 cbidf2k - ok
20:23:26.0109 2088 cd20xrnt - ok
20:23:26.0156 2088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:23:26.0156 2088 Cdaudio - ok
20:23:26.0203 2088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:23:26.0203 2088 Cdfs - ok
20:23:26.0281 2088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:23:26.0281 2088 Cdrom - ok
20:23:26.0296 2088 Changer - ok
20:23:26.0312 2088 CmdIde - ok
20:23:26.0343 2088 Cpqarray - ok
20:23:26.0359 2088 dac2w2k - ok
20:23:26.0359 2088 dac960nt - ok
20:23:26.0390 2088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:23:26.0390 2088 Disk - ok
20:23:26.0687 2088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:23:26.0703 2088 dmboot - ok
20:23:26.0765 2088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:23:26.0765 2088 dmio - ok
20:23:26.0828 2088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:23:26.0828 2088 dmload - ok
20:23:26.0843 2088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:23:26.0843 2088 DMusic - ok
20:23:26.0859 2088 dpti2o - ok
20:23:26.0875 2088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:23:26.0875 2088 drmkaud - ok
20:23:26.0968 2088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:23:26.0968 2088 Fastfat - ok
20:23:27.0000 2088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:23:27.0000 2088 Fdc - ok
20:23:27.0015 2088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:23:27.0015 2088 Fips - ok
20:23:27.0046 2088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:23:27.0046 2088 Flpydisk - ok
20:23:27.0109 2088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:23:27.0109 2088 FltMgr - ok
20:23:27.0109 2088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:23:27.0125 2088 Fs_Rec - ok
20:23:27.0125 2088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:23:27.0125 2088 Ftdisk - ok
20:23:27.0203 2088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:23:27.0203 2088 GEARAspiWDM - ok
20:23:27.0250 2088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:23:27.0250 2088 Gpc - ok
20:23:27.0343 2088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:23:27.0343 2088 HDAudBus - ok
20:23:27.0390 2088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:23:27.0390 2088 HidUsb - ok
20:23:27.0421 2088 hpn - ok
20:23:27.0453 2088 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
20:23:27.0468 2088 HTCAND32 - ok
20:23:27.0484 2088 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
20:23:27.0500 2088 htcnprot - ok
20:23:27.0562 2088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:23:27.0562 2088 HTTP - ok
20:23:27.0578 2088 i2omgmt - ok
20:23:27.0578 2088 i2omp - ok
20:23:27.0640 2088 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:23:27.0640 2088 i8042prt - ok
20:23:27.0687 2088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:23:27.0687 2088 Imapi - ok
20:23:27.0703 2088 ini910u - ok
20:23:28.0078 2088 IntcAzAudAddService (3000e98f519cf6fda669bae8e47f7b4f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:23:28.0109 2088 IntcAzAudAddService - ok
20:23:28.0187 2088 IntelIde - ok
20:23:28.0234 2088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:23:28.0234 2088 Ip6Fw - ok
20:23:28.0359 2088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:23:28.0359 2088 IpFilterDriver - ok
20:23:28.0421 2088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:23:28.0421 2088 IpInIp - ok
20:23:28.0468 2088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:23:28.0468 2088 IpNat - ok
20:23:28.0500 2088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:23:28.0500 2088 IPSec - ok
20:23:28.0531 2088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:23:28.0531 2088 IRENUM - ok
20:23:28.0546 2088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:23:28.0562 2088 isapnp - ok
20:23:28.0578 2088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:23:28.0578 2088 Kbdclass - ok
20:23:28.0625 2088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:23:28.0625 2088 kmixer - ok
20:23:28.0656 2088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:23:28.0656 2088 KSecDD - ok
20:23:28.0718 2088 Lavasoft Kernexplorer - ok
20:23:28.0937 2088 lbrtfdc - ok
20:23:29.0000 2088 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:23:29.0000 2088 MBAMProtector - ok
20:23:29.0062 2088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:23:29.0062 2088 mnmdd - ok
20:23:29.0140 2088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:23:29.0140 2088 Modem - ok
20:23:29.0281 2088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:23:29.0281 2088 Mouclass - ok
20:23:29.0343 2088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:23:29.0343 2088 MountMgr - ok
20:23:29.0343 2088 mraid35x - ok
20:23:29.0359 2088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:23:29.0359 2088 MRxDAV - ok
20:23:29.0421 2088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:23:29.0421 2088 MRxSmb - ok
20:23:29.0531 2088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:23:29.0531 2088 Msfs - ok
20:23:29.0812 2088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:23:29.0812 2088 MSKSSRV - ok
20:23:29.0843 2088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:23:29.0843 2088 MSPCLOCK - ok
20:23:29.0906 2088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:23:29.0906 2088 MSPQM - ok
20:23:30.0031 2088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:23:30.0031 2088 mssmbios - ok
20:23:30.0109 2088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:23:30.0109 2088 Mup - ok
20:23:30.0125 2088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:23:30.0140 2088 NDIS - ok
20:23:30.0187 2088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:30.0187 2088 NdisTapi - ok
20:23:30.0203 2088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:30.0203 2088 Ndisuio - ok
20:23:30.0218 2088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:30.0218 2088 NdisWan - ok
20:23:30.0265 2088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:30.0265 2088 NDProxy - ok
20:23:30.0281 2088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:30.0281 2088 NetBIOS - ok
20:23:30.0312 2088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:30.0312 2088 NetBT - ok
20:23:30.0343 2088 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:23:30.0343 2088 NIC1394 - ok
20:23:30.0359 2088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:23:30.0359 2088 Npfs - ok
20:23:30.0390 2088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:30.0390 2088 Ntfs - ok
20:23:30.0421 2088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:23:30.0421 2088 Null - ok
20:23:30.0828 2088 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:23:30.0921 2088 nv - ok
20:23:31.0125 2088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:31.0125 2088 NwlnkFlt - ok
20:23:31.0125 2088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:31.0125 2088 NwlnkFwd - ok
20:23:31.0203 2088 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:23:31.0203 2088 ohci1394 - ok
20:23:31.0218 2088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:23:31.0218 2088 Parport - ok
20:23:31.0265 2088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:31.0265 2088 PartMgr - ok
20:23:31.0359 2088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:31.0359 2088 ParVdm - ok
20:23:31.0390 2088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:31.0390 2088 PCI - ok
20:23:31.0406 2088 PCIDump - ok
20:23:31.0421 2088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:23:31.0421 2088 PCIIde - ok
20:23:31.0453 2088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:23:31.0453 2088 Pcmcia - ok
20:23:31.0453 2088 PDCOMP - ok
20:23:31.0468 2088 PDFRAME - ok
20:23:31.0484 2088 PDRELI - ok
20:23:31.0484 2088 PDRFRAME - ok
20:23:31.0500 2088 perc2 - ok
20:23:31.0515 2088 perc2hib - ok
20:23:31.0562 2088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:31.0562 2088 PptpMiniport - ok
20:23:31.0578 2088 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:23:31.0578 2088 Processor - ok
20:23:31.0593 2088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:31.0593 2088 PSched - ok
20:23:31.0609 2088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:31.0609 2088 Ptilink - ok
20:23:31.0609 2088 ql1080 - ok
20:23:31.0671 2088 Ql10wnt - ok
20:23:31.0687 2088 ql12160 - ok
20:23:31.0687 2088 ql1240 - ok
20:23:31.0703 2088 ql1280 - ok
20:23:31.0734 2088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:23:31.0734 2088 RasAcd - ok
20:23:31.0781 2088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:23:31.0781 2088 Rasl2tp - ok
20:23:31.0796 2088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:23:31.0796 2088 RasPppoe - ok
20:23:31.0796 2088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:23:31.0812 2088 Raspti - ok
20:23:31.0843 2088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:23:31.0843 2088 Rdbss - ok
20:23:31.0843 2088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:23:31.0843 2088 RDPCDD - ok
20:23:31.0875 2088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:23:31.0875 2088 rdpdr - ok
20:23:31.0937 2088 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:23:31.0937 2088 RDPWD - ok
20:23:31.0984 2088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:23:31.0984 2088 redbook - ok
20:23:32.0140 2088 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:23:32.0140 2088 SASDIFSV - ok
20:23:32.0203 2088 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:23:32.0203 2088 SASKUTIL - ok
20:23:32.0390 2088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:23:32.0390 2088 Secdrv - ok
20:23:32.0437 2088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:23:32.0437 2088 serenum - ok
20:23:32.0437 2088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:23:32.0453 2088 Serial - ok
20:23:32.0484 2088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:23:32.0484 2088 Sfloppy - ok
20:23:32.0500 2088 Simbad - ok
20:23:32.0515 2088 Sparrow - ok
20:23:32.0531 2088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:23:32.0531 2088 splitter - ok
20:23:32.0546 2088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:23:32.0546 2088 sr - ok
20:23:32.0593 2088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:23:32.0593 2088 Srv - ok
20:23:32.0640 2088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:23:32.0640 2088 swenum - ok
20:23:32.0656 2088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:23:32.0656 2088 swmidi - ok
20:23:32.0671 2088 symc810 - ok
20:23:32.0718 2088 symc8xx - ok
20:23:32.0734 2088 sym_hi - ok
20:23:32.0734 2088 sym_u3 - ok
20:23:32.0765 2088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:23:32.0765 2088 sysaudio - ok
20:23:32.0843 2088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:23:32.0843 2088 Tcpip - ok
20:23:32.0875 2088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:23:32.0875 2088 TDPIPE - ok
20:23:32.0968 2088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:23:32.0968 2088 TDTCP - ok
20:23:33.0046 2088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:23:33.0046 2088 TermDD - ok
20:23:33.0093 2088 TosIde - ok
20:23:33.0125 2088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:23:33.0125 2088 Udfs - ok
20:23:33.0140 2088 ultra - ok
20:23:33.0203 2088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:23:33.0203 2088 Update - ok
20:23:33.0250 2088 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:23:33.0250 2088 USBAAPL - ok
20:23:33.0281 2088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:23:33.0281 2088 usbccgp - ok
20:23:33.0359 2088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:23:33.0359 2088 usbehci - ok
20:23:33.0453 2088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:23:33.0453 2088 usbhub - ok
20:23:33.0500 2088 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:23:33.0500 2088 usbohci - ok
20:23:33.0593 2088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:23:33.0593 2088 usbprint - ok
20:23:33.0625 2088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:23:33.0625 2088 usbscan - ok
20:23:33.0671 2088 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:23:33.0671 2088 usbstor - ok
20:23:33.0687 2088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:23:33.0687 2088 VgaSave - ok
20:23:33.0703 2088 ViaIde - ok
20:23:33.0718 2088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:23:33.0718 2088 VolSnap - ok
20:23:33.0750 2088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:23:33.0750 2088 Wanarp - ok
20:23:33.0796 2088 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:23:33.0796 2088 Wdf01000 - ok
20:23:33.0812 2088 WDICA - ok
20:23:33.0843 2088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:23:33.0843 2088 wdmaud - ok
20:23:33.0906 2088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:23:33.0906 2088 WS2IFSL - ok
20:23:33.0984 2088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:23:33.0984 2088 WudfPf - ok
20:23:34.0078 2088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:23:34.0078 2088 WudfRd - ok
20:23:34.0250 2088 yukonwxp (518c4d4dcb93c88316303694163bbd63) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:23:34.0265 2088 yukonwxp - ok
20:23:34.0421 2088 ZY202_XP (bd6354de4d081de96c79bdb53f55ca82) C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
20:23:34.0437 2088 ZY202_XP - ok
20:23:34.0468 2088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:23:34.0531 2088 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:23:34.0531 2088 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:23:34.0562 2088 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:23:34.0562 2088 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:23:34.0578 2088 Boot (0x1200) (989f7ad12007221a07b289fcc2b16f63) \Device\Harddisk0\DR0\Partition0
20:23:34.0578 2088 \Device\Harddisk0\DR0\Partition0 - ok
20:23:34.0578 2088 ============================================================
20:23:34.0578 2088 Scan finished
20:23:34.0578 2088 ============================================================
20:23:34.0593 3524 Detected object count: 2
20:23:34.0593 3524 Actual detected object count: 2
20:24:16.0812 3524 \Device\Harddisk0\DR0\# - copied to quarantine
20:24:16.0812 3524 \Device\Harddisk0\DR0 - copied to quarantine
20:24:16.0859 3524 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:24:16.0859 3524 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
20:24:16.0859 3524 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
20:24:16.0859 3524 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
20:24:16.0859 3524 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
20:24:16.0859 3524 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
20:24:16.0859 3524 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
20:24:16.0875 3524 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
20:24:16.0875 3524 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
20:24:16.0875 3524 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:24:16.0875 3524 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:24:16.0875 3524 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:24:16.0890 3524 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:24:16.0890 3524 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
20:24:16.0906 3524 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
20:24:16.0906 3524 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
20:24:16.0906 3524 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
20:24:16.0937 3524 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
20:24:16.0953 3524 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
20:24:17.0000 3524 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
20:24:17.0453 3524 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
20:24:17.0468 3524 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
20:24:17.0468 3524 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
20:24:17.0531 3524 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
20:24:17.0578 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:24:17.0578 3524 \Device\Harddisk0\DR0 - ok
20:24:17.0734 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
20:24:17.0734 3524 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:24:17.0734 3524 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

-------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-10 08:09:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 ST3160812AS rev.3.AAE
Running: l5hekvp9.exe; Driver: C:\DOCUME~1\(xxxxxxx)\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA7669F3C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA5A2640]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA766A080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA766A11C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB70E5000, 0x2A12DC, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01262EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 08:08:30
-----------------------------
08:08:30.421 OS Version: Windows 5.1.2600 Service Pack 3
08:08:30.421 Number of processors: 2 586 0x4B02
08:08:30.421 ComputerName: PC1 UserName:
08:08:30.843 Initialize success
08:17:10.406 AVAST engine defs: 12020903
08:18:28.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
08:18:28.046 Disk 0 Vendor: ST3160812AS 3.AAE Size: 152627MB BusType: 3
08:18:28.109 Disk 0 MBR read successfully
08:18:28.109 Disk 0 MBR scan
08:18:28.156 Disk 0 Windows XP default MBR code
08:18:28.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
08:18:28.187 Disk 0 scanning sectors +312560640
08:18:28.468 Disk 0 scanning C:\WINDOWS\system32\drivers
08:19:01.171 Service scanning
08:19:02.046 Modules scanning
08:19:21.390 Disk 0 trace - called modules:
08:19:21.421
08:19:21.828 AVAST engine scan C:\WINDOWS
08:19:52.234 AVAST engine scan C:\WINDOWS\system32
08:23:52.859 AVAST engine scan C:\WINDOWS\system32\drivers
08:24:17.515 AVAST engine scan C:\Documents and Settings\(xxxxxxx)
10:42:53.968 AVAST engine scan C:\Documents and Settings\All Users
10:43:38.468 Scan finished successfully
16:40:07.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\(xxxxxxx)\Desktop\MBR.dat"
16:40:07.109 The log file has been saved successfully to "C:\Documents and Settings\(xxxxxxx)\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 PM

Posted 11 February 2012 - 12:21 AM

I want you to run TDSSkiller once again

DELETE -TDSSfilesystem-do not skip it

Post the TDSSkiller log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Sausages

Sausages
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 11 February 2012 - 09:37 AM

Thanks again. This time TDSSK didnt detect anything so no option to delete, skip quarantine etc..? Nothing unusual to report during any of the scans. Here are the logs you requested:

TDSSK:

12:41:52.0390 2952 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
12:41:52.0875 2952 ============================================================
12:41:52.0875 2952 Current date / time: 2012/02/11 12:41:52.0875
12:41:52.0875 2952 SystemInfo:
12:41:52.0875 2952
12:41:52.0875 2952 OS Version: 5.1.2600 ServicePack: 3.0
12:41:52.0875 2952 Product type: Workstation
12:41:52.0875 2952 ComputerName: PC1
12:41:52.0890 2952 UserName: (********)
12:41:52.0890 2952 Windows directory: C:\WINDOWS
12:41:52.0890 2952 System windows directory: C:\WINDOWS
12:41:52.0890 2952 Processor architecture: Intel x86
12:41:52.0890 2952 Number of processors: 2
12:41:52.0890 2952 Page size: 0x1000
12:41:52.0890 2952 Boot type: Normal boot
12:41:52.0890 2952 ============================================================
12:41:54.0031 2952 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:41:54.0093 2952 \Device\Harddisk0\DR0:
12:41:54.0093 2952 MBR used
12:41:54.0093 2952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:41:54.0125 2952 Initialize success
12:41:54.0125 2952 ============================================================
12:41:58.0468 3180 ============================================================
12:41:58.0468 3180 Scan started
12:41:58.0468 3180 Mode: Manual; TDLFS;
12:41:58.0468 3180 ============================================================
12:41:59.0234 3180 Abiosdsk - ok
12:41:59.0265 3180 abp480n5 - ok
12:41:59.0359 3180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:41:59.0359 3180 ACPI - ok
12:41:59.0421 3180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:41:59.0421 3180 ACPIEC - ok
12:41:59.0437 3180 adpu160m - ok
12:41:59.0515 3180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:41:59.0515 3180 aec - ok
12:41:59.0562 3180 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:41:59.0578 3180 AFD - ok
12:41:59.0578 3180 Aha154x - ok
12:41:59.0593 3180 aic78u2 - ok
12:41:59.0609 3180 aic78xx - ok
12:41:59.0625 3180 AliIde - ok
12:41:59.0640 3180 amsint - ok
12:41:59.0656 3180 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:41:59.0671 3180 Arp1394 - ok
12:41:59.0703 3180 arusb(TP-LINK) (a947ff19567c674c6f99369e3f1212bb) C:\WINDOWS\system32\DRIVERS\arusb.sys
12:41:59.0703 3180 arusb(TP-LINK) - ok
12:41:59.0718 3180 asc - ok
12:41:59.0718 3180 asc3350p - ok
12:41:59.0734 3180 asc3550 - ok
12:41:59.0765 3180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:41:59.0765 3180 AsyncMac - ok
12:41:59.0796 3180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:41:59.0796 3180 atapi - ok
12:41:59.0796 3180 Atdisk - ok
12:42:00.0000 3180 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:42:00.0046 3180 ati2mtag - ok
12:42:00.0093 3180 AtiHDAudioService (b2a236dc65e90170a369164384efb460) C:\WINDOWS\system32\drivers\AtihdXP3.sys
12:42:00.0093 3180 AtiHDAudioService - ok
12:42:00.0125 3180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:42:00.0125 3180 Atmarpc - ok
12:42:00.0156 3180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:42:00.0156 3180 audstub - ok
12:42:00.0187 3180 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:42:00.0187 3180 AVGIDSDriver - ok
12:42:00.0203 3180 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:42:00.0203 3180 AVGIDSEH - ok
12:42:00.0218 3180 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:42:00.0218 3180 AVGIDSFilter - ok
12:42:00.0234 3180 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:42:00.0250 3180 AVGIDSShim - ok
12:42:00.0265 3180 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:42:00.0265 3180 Avgldx86 - ok
12:42:00.0281 3180 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:42:00.0281 3180 Avgmfx86 - ok
12:42:00.0296 3180 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:42:00.0296 3180 Avgrkx86 - ok
12:42:00.0312 3180 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:42:00.0328 3180 Avgtdix - ok
12:42:00.0359 3180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:42:00.0359 3180 Beep - ok
12:42:00.0390 3180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:42:00.0390 3180 cbidf2k - ok
12:42:00.0406 3180 cd20xrnt - ok
12:42:00.0421 3180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:42:00.0421 3180 Cdaudio - ok
12:42:00.0453 3180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:42:00.0453 3180 Cdfs - ok
12:42:00.0468 3180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:42:00.0484 3180 Cdrom - ok
12:42:00.0484 3180 Changer - ok
12:42:00.0500 3180 CmdIde - ok
12:42:00.0531 3180 Cpqarray - ok
12:42:00.0546 3180 dac2w2k - ok
12:42:00.0562 3180 dac960nt - ok
12:42:00.0578 3180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:42:00.0578 3180 Disk - ok
12:42:00.0609 3180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:42:00.0625 3180 dmboot - ok
12:42:00.0640 3180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:42:00.0640 3180 dmio - ok
12:42:00.0640 3180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:42:00.0640 3180 dmload - ok
12:42:00.0671 3180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:42:00.0671 3180 DMusic - ok
12:42:00.0687 3180 dpti2o - ok
12:42:00.0703 3180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:42:00.0703 3180 drmkaud - ok
12:42:00.0750 3180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:42:00.0750 3180 Fastfat - ok
12:42:00.0781 3180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:42:00.0796 3180 Fdc - ok
12:42:00.0796 3180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:42:00.0796 3180 Fips - ok
12:42:00.0812 3180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:42:00.0812 3180 Flpydisk - ok
12:42:00.0859 3180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:42:00.0859 3180 FltMgr - ok
12:42:00.0859 3180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:42:00.0875 3180 Fs_Rec - ok
12:42:00.0875 3180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:42:00.0875 3180 Ftdisk - ok
12:42:00.0906 3180 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:42:00.0906 3180 GEARAspiWDM - ok
12:42:00.0937 3180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:42:00.0937 3180 Gpc - ok
12:42:00.0968 3180 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:42:00.0968 3180 HDAudBus - ok
12:42:01.0000 3180 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:42:01.0000 3180 HidUsb - ok
12:42:01.0015 3180 hpn - ok
12:42:01.0078 3180 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
12:42:01.0078 3180 HTCAND32 - ok
12:42:01.0109 3180 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
12:42:01.0109 3180 htcnprot - ok
12:42:01.0140 3180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:42:01.0140 3180 HTTP - ok
12:42:01.0156 3180 i2omgmt - ok
12:42:01.0156 3180 i2omp - ok
12:42:01.0203 3180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:42:01.0203 3180 i8042prt - ok
12:42:01.0218 3180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:42:01.0218 3180 Imapi - ok
12:42:01.0234 3180 ini910u - ok
12:42:01.0359 3180 IntcAzAudAddService (3000e98f519cf6fda669bae8e47f7b4f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:42:01.0390 3180 IntcAzAudAddService - ok
12:42:01.0406 3180 IntelIde - ok
12:42:01.0437 3180 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:42:01.0437 3180 Ip6Fw - ok
12:42:01.0453 3180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:42:01.0453 3180 IpFilterDriver - ok
12:42:01.0484 3180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:42:01.0484 3180 IpInIp - ok
12:42:01.0515 3180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:42:01.0515 3180 IpNat - ok
12:42:01.0531 3180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:42:01.0531 3180 IPSec - ok
12:42:01.0546 3180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:42:01.0546 3180 IRENUM - ok
12:42:01.0578 3180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:42:01.0578 3180 isapnp - ok
12:42:01.0593 3180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:42:01.0593 3180 Kbdclass - ok
12:42:01.0609 3180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:42:01.0609 3180 kmixer - ok
12:42:01.0640 3180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:42:01.0640 3180 KSecDD - ok
12:42:01.0656 3180 Lavasoft Kernexplorer - ok
12:42:01.0671 3180 lbrtfdc - ok
12:42:01.0718 3180 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:42:01.0718 3180 MBAMProtector - ok
12:42:01.0750 3180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:42:01.0750 3180 mnmdd - ok
12:42:01.0796 3180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:42:01.0796 3180 Modem - ok
12:42:01.0812 3180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:42:01.0812 3180 Mouclass - ok
12:42:01.0843 3180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:42:01.0843 3180 MountMgr - ok
12:42:01.0859 3180 mraid35x - ok
12:42:01.0859 3180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:42:01.0875 3180 MRxDAV - ok
12:42:01.0906 3180 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:42:01.0906 3180 MRxSmb - ok
12:42:01.0921 3180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:42:01.0937 3180 Msfs - ok
12:42:01.0968 3180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:42:01.0968 3180 MSKSSRV - ok
12:42:01.0984 3180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:42:01.0984 3180 MSPCLOCK - ok
12:42:02.0000 3180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:42:02.0000 3180 MSPQM - ok
12:42:02.0031 3180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:42:02.0031 3180 mssmbios - ok
12:42:02.0078 3180 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:42:02.0078 3180 Mup - ok
12:42:02.0125 3180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:42:02.0125 3180 NDIS - ok
12:42:02.0140 3180 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:42:02.0140 3180 NdisTapi - ok
12:42:02.0171 3180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:42:02.0171 3180 Ndisuio - ok
12:42:02.0187 3180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:42:02.0187 3180 NdisWan - ok
12:42:02.0218 3180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:42:02.0218 3180 NDProxy - ok
12:42:02.0234 3180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:42:02.0234 3180 NetBIOS - ok
12:42:02.0265 3180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:42:02.0265 3180 NetBT - ok
12:42:02.0312 3180 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:42:02.0312 3180 NIC1394 - ok
12:42:02.0328 3180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:42:02.0328 3180 Npfs - ok
12:42:02.0343 3180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:42:02.0359 3180 Ntfs - ok
12:42:02.0375 3180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:42:02.0375 3180 Null - ok
12:42:02.0718 3180 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:42:02.0812 3180 nv - ok
12:42:02.0843 3180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:42:02.0859 3180 NwlnkFlt - ok
12:42:02.0859 3180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:42:02.0859 3180 NwlnkFwd - ok
12:42:02.0890 3180 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:42:02.0890 3180 ohci1394 - ok
12:42:02.0921 3180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:42:02.0921 3180 Parport - ok
12:42:02.0937 3180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:42:02.0937 3180 PartMgr - ok
12:42:02.0968 3180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:42:02.0968 3180 ParVdm - ok
12:42:03.0031 3180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:42:03.0031 3180 PCI - ok
12:42:03.0046 3180 PCIDump - ok
12:42:03.0109 3180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:42:03.0109 3180 PCIIde - ok
12:42:03.0187 3180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:42:03.0203 3180 Pcmcia - ok
12:42:03.0234 3180 PDCOMP - ok
12:42:03.0250 3180 PDFRAME - ok
12:42:03.0250 3180 PDRELI - ok
12:42:03.0265 3180 PDRFRAME - ok
12:42:03.0281 3180 perc2 - ok
12:42:03.0281 3180 perc2hib - ok
12:42:03.0328 3180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:42:03.0328 3180 PptpMiniport - ok
12:42:03.0343 3180 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:42:03.0343 3180 Processor - ok
12:42:03.0359 3180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:42:03.0359 3180 PSched - ok
12:42:03.0375 3180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:42:03.0375 3180 Ptilink - ok
12:42:03.0390 3180 ql1080 - ok
12:42:03.0390 3180 Ql10wnt - ok
12:42:03.0406 3180 ql12160 - ok
12:42:03.0421 3180 ql1240 - ok
12:42:03.0421 3180 ql1280 - ok
12:42:03.0453 3180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:42:03.0453 3180 RasAcd - ok
12:42:03.0484 3180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:42:03.0484 3180 Rasl2tp - ok
12:42:03.0500 3180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:42:03.0500 3180 RasPppoe - ok
12:42:03.0515 3180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:42:03.0515 3180 Raspti - ok
12:42:03.0531 3180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:42:03.0531 3180 Rdbss - ok
12:42:03.0562 3180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:42:03.0562 3180 RDPCDD - ok
12:42:03.0593 3180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:42:03.0593 3180 rdpdr - ok
12:42:03.0625 3180 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:42:03.0640 3180 RDPWD - ok
12:42:03.0671 3180 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:42:03.0671 3180 redbook - ok
12:42:03.0750 3180 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:42:03.0750 3180 SASDIFSV - ok
12:42:03.0750 3180 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:42:03.0750 3180 SASKUTIL - ok
12:42:03.0828 3180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:42:03.0828 3180 Secdrv - ok
12:42:03.0859 3180 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:42:03.0859 3180 serenum - ok
12:42:03.0859 3180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:42:03.0859 3180 Serial - ok
12:42:03.0890 3180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:42:03.0890 3180 Sfloppy - ok
12:42:03.0906 3180 Simbad - ok
12:42:03.0921 3180 Sparrow - ok
12:42:03.0953 3180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:42:03.0953 3180 splitter - ok
12:42:03.0968 3180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:42:03.0968 3180 sr - ok
12:42:03.0984 3180 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:42:04.0000 3180 Srv - ok
12:42:04.0015 3180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:42:04.0015 3180 swenum - ok
12:42:04.0031 3180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:42:04.0031 3180 swmidi - ok
12:42:04.0046 3180 symc810 - ok
12:42:04.0062 3180 symc8xx - ok
12:42:04.0062 3180 sym_hi - ok
12:42:04.0078 3180 sym_u3 - ok
12:42:04.0109 3180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:42:04.0109 3180 sysaudio - ok
12:42:04.0156 3180 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:42:04.0156 3180 Tcpip - ok
12:42:04.0171 3180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:42:04.0171 3180 TDPIPE - ok
12:42:04.0187 3180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:42:04.0187 3180 TDTCP - ok
12:42:04.0218 3180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:42:04.0218 3180 TermDD - ok
12:42:04.0234 3180 TosIde - ok
12:42:04.0265 3180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:42:04.0265 3180 Udfs - ok
12:42:04.0281 3180 ultra - ok
12:42:04.0312 3180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:42:04.0328 3180 Update - ok
12:42:04.0343 3180 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:42:04.0343 3180 USBAAPL - ok
12:42:04.0375 3180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:42:04.0375 3180 usbccgp - ok
12:42:04.0390 3180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:42:04.0390 3180 usbehci - ok
12:42:04.0421 3180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:42:04.0437 3180 usbhub - ok
12:42:04.0453 3180 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:42:04.0453 3180 usbohci - ok
12:42:04.0484 3180 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:42:04.0484 3180 usbprint - ok
12:42:04.0484 3180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:42:04.0484 3180 usbscan - ok
12:42:04.0515 3180 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:42:04.0515 3180 usbstor - ok
12:42:04.0515 3180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:42:04.0531 3180 VgaSave - ok
12:42:04.0531 3180 ViaIde - ok
12:42:04.0546 3180 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:42:04.0546 3180 VolSnap - ok
12:42:04.0578 3180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:42:04.0578 3180 Wanarp - ok
12:42:04.0625 3180 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:42:04.0625 3180 Wdf01000 - ok
12:42:04.0625 3180 WDICA - ok
12:42:04.0656 3180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:42:04.0656 3180 wdmaud - ok
12:42:04.0718 3180 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:42:04.0718 3180 WS2IFSL - ok
12:42:04.0750 3180 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:42:04.0750 3180 WudfPf - ok
12:42:04.0765 3180 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:42:04.0781 3180 WudfRd - ok
12:42:04.0828 3180 yukonwxp (518c4d4dcb93c88316303694163bbd63) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:42:04.0828 3180 yukonwxp - ok
12:42:04.0875 3180 ZY202_XP (bd6354de4d081de96c79bdb53f55ca82) C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
12:42:04.0890 3180 ZY202_XP - ok
12:42:04.0968 3180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:42:05.0234 3180 \Device\Harddisk0\DR0 - ok
12:42:05.0234 3180 Boot (0x1200) (989f7ad12007221a07b289fcc2b16f63) \Device\Harddisk0\DR0\Partition0
12:42:05.0234 3180 \Device\Harddisk0\DR0\Partition0 - ok
12:42:05.0234 3180 ============================================================
12:42:05.0234 3180 Scan finished
12:42:05.0234 3180 ============================================================
12:42:05.0250 3160 Detected object count: 0
12:42:05.0250 3160 Actual detected object count: 0



-----------------------------------------------------------------------------------------------------------------------------

ESET results:


C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.YOB trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.02.2012_20.22.27\mbr0000\tdlfs0000\tsk0018.dta a variant of Win32/Kryptik.ZQI trojan cleaned by deleting - quarantined



----------------------------------------------------------------------------------------------------------------------------------------------------------------


Mini Toolbox results:


MiniToolBox by Farbar Version: 18-01-2012
Ran by (*******) (administrator) on 11-02-2012 at 14:24:37
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
TP-LINK Wireless N Adapter = Wireless Network Connection 2 (Connected)
Generic Marvell Yukon Chipset based Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : pc1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Generic Marvell Yukon Chipset based Ethernet Controller

Physical Address. . . . . . . . . : 00-19-21-5C-45-15



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : TP-LINK Wireless N Adapter

Physical Address. . . . . . . . . : 74-EA-3A-8F-29-DE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.107

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 11 February 2012 12:36:24

Lease Expires . . . . . . . . . . : 12 February 2012 12:36:24

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.66.147, 173.194.66.99, 173.194.66.103, 173.194.66.104
173.194.66.105, 173.194.66.106



Pinging google.com [209.85.147.105] with 32 bytes of data:



Reply from 209.85.147.105: bytes=32 time=55ms TTL=54

Reply from 209.85.147.105: bytes=32 time=57ms TTL=54



Ping statistics for 209.85.147.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 57ms, Average = 56ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=145ms TTL=44

Reply from 98.139.183.24: bytes=32 time=161ms TTL=45



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 145ms, Maximum = 161ms, Average = 153ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time=5ms TTL=128

Reply from 127.0.0.1: bytes=32 time=-5ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 5ms, Maximum = -5ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 21 5c 45 15 ...... Generic Marvell Yukon Chipset based Ethernet Controller - Packet Scheduler Miniport
0x10004 ...74 ea 3a 8f 29 de ...... TP-LINK Wireless N Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.107 192.168.1.107 20
192.168.1.0 255.255.255.0 192.168.1.107 192.168.1.107 20
192.168.1.107 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.107 192.168.1.107 20
224.0.0.0 240.0.0.0 192.168.1.107 192.168.1.107 20
255.255.255.255 255.255.255.255 192.168.1.107 2 1
255.255.255.255 255.255.255.255 192.168.1.107 192.168.1.107 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/08/2012 10:47:20 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 8.0.0.4325, faulting module unknown, version 0.0.0.0, fault address 0x00c08c67.
Processing media-specific event for [firefox.exe!ws!]

Error: (02/08/2012 10:46:43 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 8.0.0.4325, faulting module unknown, version 0.0.0.0, fault address 0x00c08c67.
Processing media-specific event for [firefox.exe!ws!]

Error: (02/05/2012 09:05:22 PM) (Source: MsiInstaller) (User: (*******))(*******)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Office 2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/05/2012 09:05:19 PM) (Source: MsiInstaller) (User: (*******))(*******)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM.

Error: (01/20/2012 08:17:21 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0001055f.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/10/2012 11:28:48 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00036dab.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/10/2012 09:42:09 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/10/2012 08:23:09 PM) (Source: Application Error) (User: )
Description: Faulting application services.exe, version 5.1.2600.5755, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00065848.
Processing media-specific event for [services.exe!ws!]

Error: (01/10/2012 08:22:06 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003729b.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/10/2012 03:04:40 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Office 2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (02/09/2012 08:14:54 PM) (Source: System Error) (User: )
Description: Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000.

Error: (02/09/2012 08:13:47 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error:
%%1053

Error: (02/09/2012 08:13:47 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

Error: (02/09/2012 08:13:46 PM) (Source: DCOM) (User: (*******))
Description: DCOM got error "%%1053" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (02/09/2012 08:12:44 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (02/09/2012 08:10:50 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.107 on the
Network Card with network address 74EA3A8F29DE.

Error: (02/05/2012 09:09:38 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Error: (02/05/2012 09:09:38 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Error: (02/05/2012 09:05:29 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8024002d: Office 2003 Service Pack 3 (SP3).

Error: (01/10/2012 03:04:45 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8024002d: Office 2003 Service Pack 3 (SP3).


Microsoft Office Sessions:
=========================
Error: (02/08/2012 10:47:20 PM) (Source: Application Error)(User: )
Description: firefox.exe8.0.0.4325unknown0.0.0.000c08c67

Error: (02/08/2012 10:46:43 PM) (Source: Application Error)(User: )
Description: firefox.exe8.0.0.4325unknown0.0.0.000c08c67

Error: (02/05/2012 09:05:22 PM) (Source: MsiInstaller)(User: (*******))(*******)
Description: Microsoft Office Professional Edition 2003Office 2003 Service Pack 3 (SP3): MAINSP31603(NULL)

Error: (02/05/2012 09:05:19 PM) (Source: MsiInstaller)(User: (*******))(*******)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM.(NULL)(NULL)(NULL)

Error: (01/20/2012 08:17:21 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.60550001055f

Error: (01/10/2012 11:28:48 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.605500036dab

Error: (01/10/2012 09:42:09 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (01/10/2012 08:23:09 PM) (Source: Application Error)(User: )
Description: services.exe5.1.2600.5755kernel32.dll5.1.2600.578100065848

Error: (01/10/2012 08:22:06 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.60550003729b

Error: (01/10/2012 03:04:40 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft Office Professional Edition 2003Office 2003 Service Pack 3 (SP3): MAINSP31603(NULL)


=========================== Installed Programs ============================

µTorrent (Version: 2.0.4)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9 (Version: 9.0.0)
AMD APP SDK Runtime (Version: 2.4.650.9)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO Codecs (Version: 10.0.0.40103)
ATI Catalyst Install Manager (Version: 3.0.829.0)
ATI Problem Report Wizard (Version: 3.0.812.0)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0524.2259.39378)
Catalyst Control Center Graphics Previews Common (Version: 2011.0524.2259.39378)
Catalyst Control Center InstallProxy (Version: 2011.0524.2259.39378)
ccc-utility (Version: 2011.0524.2259.39378)
CCC Help English (Version: 2011.0524.2258.39378)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.1.5.0)
EPSON Easy Photo Print (Version: 1.2.2.0)
EPSON File Manager (Version: 1.1.0.0)
EPSON Image Clip Palette (Version: 1.02.00)
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON Web-To-Page
ESDX3800 User's Guide
ESET Online Scanner v3
Facebook Plug-In
Football Manager 2010 (Version: 10.0.0.0)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.005)
HTC Sync (Version: 3.0.5517)
iTunes (Version: 10.5.0.142)
Korean Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Games for Windows - LIVE (Version: 3.0.89.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.0.19.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 8.0 (x86 en-GB) (Version: 8.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nikon Message Center 2 (Version: 2.0.1)
Nikon Movie Editor (Version: 2.2.1)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Panorama Perfect Lite version 1.6.2 (Version: 1.6.2)
Picture Control Utility (Version: 1.3.0)
PIF DESIGNER
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: )
Remote Control USB Driver (Version: 2.3.2.317)
Samsung RAW Converter 3 (Version: 3)
Sky Broadband (Version: 1.0.0)
Sky Broadband Browser Branding (Version: 1.0.0)
SopCast 3.2.9 (Version: 3.2.9)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1142)
TP-LINK Wireless Client Utility (Version: 2.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Veetle TV 0.9.18 (Version: 0.9.18)
ViewNX 2 (Version: 2.2.1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 2047.48 MB
Available physical RAM: 1433.71 MB
Total Pagefile: 5986.44 MB
Available Pagefile: 5205.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.73 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:41.14 GB) NTFS

========================= Users: ========================================

User accounts for \\PC1

Administrator Guest HelpAssistant
(*******) SUPPORT_388945a0 UpdatusUser


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 PM

Posted 11 February 2012 - 09:56 AM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#7 Sausages

Sausages
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 11 February 2012 - 10:06 AM

Not sure if this was of concern/interest to you anyway - so ignore if its not. But to explain one of the errors shown in the mini toolbox results:
Error: (02/05/2012 09:05:19 PM) (Source: MsiInstaller) (User: (*******))(*******)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM.

It seems Im missing a file (pro11.msi) that it needs to install SP3. Its pointing to a network address at work where it is licensed to and this home computer is not part of that network. So I dont think its an 'issue' as such.

Sorry - just seen your new post. Will get onto that now.... (thanks)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 PM

Posted 11 February 2012 - 10:29 AM

:thumbup2:

#9 Sausages

Sausages
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 11 February 2012 - 12:09 PM

Computer seems great now, including the power down issue. Really appreciate your help on this, it's good that some people spend their time and technical knowledge on doing some good!

One question, what antivirus/anti malware products do you recommend? Preferably free, I've currently got avg and MBAM but I don't think the free version of MBAM gives live protection.? Also have free SAS but again, not sure if I'm missing something? Im looking for a combination of program's that will give me solid protection.

Thanks again.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 PM

Posted 11 February 2012 - 04:03 PM

Thanks for your appreciation :)

AVG and MBAM works great

Update AVG and run scan with super antispyware and mbam frequently

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users