Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Which virus do I have?


  • Please log in to reply
3 replies to this topic

#1 neon_crossing

neon_crossing

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 08 April 2012 - 10:21 PM

Hi I think I am infected with Malware.
I cannot identify which virus it might be.
Whenever I try to install any antivirus software 'Malwarebytes/Spybot/Hijackthis' it comes up saying 'memory is too full'

Any idea which malware virus this might be and also any idea on how to attack the problem of not being able to install any of those programs?

cheers,

-NC

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:24 PM

Posted 08 April 2012 - 10:24 PM

Hello and welcome... lets try these,,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.





Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 neon_crossing

neon_crossing
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 10 April 2012 - 06:59 AM

MiniToolBox:


MiniToolBox by Farbar Version: 18-01-2012
Ran by BG (administrator) on 10-04-2012 at 21:15:55
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


TDSSKiller Log:


21:19:35.0656 1920 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
21:19:35.0656 1920 ============================================================
21:19:35.0656 1920 Current date / time: 2012/04/10 21:19:35.0656
21:19:35.0656 1920 SystemInfo:
21:19:35.0656 1920
21:19:35.0656 1920 OS Version: 5.1.2600 ServicePack: 3.0
21:19:35.0656 1920 Product type: Workstation
21:19:35.0656 1920 ComputerName: CRAIBREN
21:19:35.0656 1920 UserName: BG
21:19:35.0656 1920 Windows directory: C:\WINDOWS
21:19:35.0656 1920 System windows directory: C:\WINDOWS
21:19:35.0656 1920 Processor architecture: Intel x86
21:19:35.0656 1920 Number of processors: 2
21:19:35.0656 1920 Page size: 0x1000
21:19:35.0656 1920 Boot type: Safe boot with network
21:19:35.0656 1920 ============================================================
21:19:37.0015 1920 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:19:37.0015 1920 Drive \Device\Harddisk3\DR4 - Size: 0x3D9080000 (15.39 Gb), SectorSize: 0x200, Cylinders: 0x7D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:19:37.0015 1920 \Device\Harddisk0\DR0:
21:19:37.0015 1920 MBR used
21:19:37.0015 1920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
21:19:37.0015 1920 \Device\Harddisk3\DR4:
21:19:37.0031 1920 MBR used
21:19:37.0031 1920 \Device\Harddisk3\DR4\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1EC6400
21:19:37.0046 1920 Initialize success
21:19:37.0046 1920 ============================================================
21:19:38.0109 1936 ============================================================
21:19:38.0109 1936 Scan started
21:19:38.0109 1936 Mode: Manual;
21:19:38.0109 1936 ============================================================
21:19:38.0609 1936 Abiosdsk - ok
21:19:38.0625 1936 abp480n5 - ok
21:19:38.0656 1936 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:19:38.0656 1936 ACPI - ok
21:19:38.0687 1936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:19:38.0687 1936 ACPIEC - ok
21:19:38.0703 1936 adpu160m - ok
21:19:38.0750 1936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:19:38.0765 1936 aec - ok
21:19:38.0781 1936 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:19:38.0781 1936 AFD - ok
21:19:38.0796 1936 Aha154x - ok
21:19:38.0812 1936 aic78u2 - ok
21:19:38.0843 1936 aic78xx - ok
21:19:38.0875 1936 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:19:38.0875 1936 Alerter - ok
21:19:38.0890 1936 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:19:38.0890 1936 ALG - ok
21:19:38.0906 1936 AliIde - ok
21:19:38.0921 1936 amsint - ok
21:19:39.0000 1936 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:19:39.0000 1936 Apple Mobile Device - ok
21:19:39.0015 1936 AppMgmt - ok
21:19:39.0046 1936 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:19:39.0046 1936 Arp1394 - ok
21:19:39.0062 1936 asc - ok
21:19:39.0078 1936 asc3350p - ok
21:19:39.0093 1936 asc3550 - ok
21:19:39.0125 1936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:19:39.0125 1936 AsyncMac - ok
21:19:39.0156 1936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:19:39.0156 1936 atapi - ok
21:19:39.0171 1936 Atdisk - ok
21:19:39.0203 1936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:19:39.0203 1936 Atmarpc - ok
21:19:39.0218 1936 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:19:39.0218 1936 AudioSrv - ok
21:19:39.0250 1936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:19:39.0250 1936 audstub - ok
21:19:39.0296 1936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:19:39.0296 1936 Beep - ok
21:19:39.0328 1936 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:19:39.0390 1936 BITS - ok
21:19:39.0453 1936 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
21:19:39.0453 1936 Bonjour Service - ok
21:19:39.0484 1936 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:19:39.0484 1936 Browser - ok
21:19:39.0515 1936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:19:39.0515 1936 cbidf2k - ok
21:19:39.0531 1936 cd20xrnt - ok
21:19:39.0562 1936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:19:39.0562 1936 Cdaudio - ok
21:19:39.0593 1936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:19:39.0593 1936 Cdfs - ok
21:19:39.0609 1936 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:19:39.0625 1936 Cdrom - ok
21:19:39.0625 1936 Changer - ok
21:19:39.0671 1936 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe
21:19:39.0671 1936 cisvc - ok
21:19:39.0671 1936 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:19:39.0687 1936 ClipSrv - ok
21:19:39.0703 1936 CmdIde - ok
21:19:39.0718 1936 COMSysApp - ok
21:19:39.0765 1936 Cpqarray - ok
21:19:39.0781 1936 cqcpu - ok
21:19:39.0812 1936 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:19:39.0812 1936 CryptSvc - ok
21:19:39.0828 1936 dac2w2k - ok
21:19:39.0843 1936 dac960nt - ok
21:19:39.0906 1936 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:19:39.0906 1936 DcomLaunch - ok
21:19:39.0937 1936 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:19:39.0937 1936 Dhcp - ok
21:19:39.0953 1936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:19:39.0953 1936 Disk - ok
21:19:39.0968 1936 dmadmin - ok
21:19:40.0015 1936 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:19:40.0015 1936 dmboot - ok
21:19:40.0031 1936 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:19:40.0031 1936 dmio - ok
21:19:40.0062 1936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:19:40.0062 1936 dmload - ok
21:19:40.0078 1936 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:19:40.0078 1936 dmserver - ok
21:19:40.0125 1936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:19:40.0125 1936 DMusic - ok
21:19:40.0140 1936 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:19:40.0156 1936 Dnscache - ok
21:19:40.0187 1936 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:19:40.0187 1936 Dot3svc - ok
21:19:40.0203 1936 dpti2o - ok
21:19:40.0234 1936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:40.0234 1936 drmkaud - ok
21:19:40.0250 1936 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:19:40.0265 1936 EapHost - ok
21:19:40.0281 1936 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:19:40.0281 1936 ERSvc - ok
21:19:40.0328 1936 ES lite Service (5f72d08b4848e7e425273cef1627eb56) C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
21:19:40.0328 1936 ES lite Service - ok
21:19:40.0359 1936 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:19:40.0375 1936 Eventlog - ok
21:19:40.0406 1936 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
21:19:40.0421 1936 EventSystem - ok
21:19:40.0437 1936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:40.0437 1936 Fastfat - ok
21:19:40.0468 1936 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:19:40.0468 1936 FastUserSwitchingCompatibility - ok
21:19:40.0500 1936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:19:40.0500 1936 Fdc - ok
21:19:40.0515 1936 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:19:40.0515 1936 Fips - ok
21:19:40.0531 1936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:19:40.0531 1936 Flpydisk - ok
21:19:40.0562 1936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:19:40.0578 1936 FltMgr - ok
21:19:40.0593 1936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:40.0593 1936 Fs_Rec - ok
21:19:40.0609 1936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:40.0609 1936 Ftdisk - ok
21:19:40.0640 1936 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
21:19:41.0218 1936 gdrv - ok
21:19:41.0281 1936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:19:41.0281 1936 GEARAspiWDM - ok
21:19:41.0296 1936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:41.0296 1936 Gpc - ok
21:19:41.0390 1936 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:41.0390 1936 gupdate - ok
21:19:41.0406 1936 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:41.0406 1936 gupdatem - ok
21:19:41.0453 1936 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:19:41.0453 1936 HDAudBus - ok
21:19:41.0515 1936 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:19:41.0515 1936 helpsvc - ok
21:19:41.0531 1936 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:19:41.0531 1936 HidServ - ok
21:19:41.0546 1936 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:41.0546 1936 hidusb - ok
21:19:41.0609 1936 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:19:41.0609 1936 hkmsvc - ok
21:19:41.0625 1936 hpn - ok
21:19:41.0640 1936 hpt3xx - ok
21:19:41.0671 1936 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:41.0687 1936 HTTP - ok
21:19:41.0703 1936 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:19:41.0718 1936 HTTPFilter - ok
21:19:41.0718 1936 i2omgmt - ok
21:19:41.0750 1936 i2omp - ok
21:19:41.0781 1936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:19:41.0781 1936 i8042prt - ok
21:19:41.0906 1936 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:19:42.0000 1936 ialm - ok
21:19:42.0015 1936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:19:42.0015 1936 Imapi - ok
21:19:42.0031 1936 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
21:19:42.0046 1936 ImapiService - ok
21:19:42.0062 1936 ini910u - ok
21:19:42.0187 1936 IntcAzAudAddService (db589671e0c403d65884cf0b50600fcd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:19:42.0265 1936 IntcAzAudAddService - ok
21:19:42.0281 1936 IntelIde - ok
21:19:42.0296 1936 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:19:42.0296 1936 intelppm - ok
21:19:42.0328 1936 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:19:42.0328 1936 ip6fw - ok
21:19:42.0359 1936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:19:42.0359 1936 IpFilterDriver - ok
21:19:42.0375 1936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:19:42.0375 1936 IpInIp - ok
21:19:42.0406 1936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:19:42.0406 1936 IpNat - ok
21:19:42.0468 1936 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
21:19:42.0484 1936 iPod Service - ok
21:19:42.0500 1936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:19:42.0500 1936 IPSec - ok
21:19:42.0531 1936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:19:42.0531 1936 IRENUM - ok
21:19:42.0562 1936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:19:42.0562 1936 isapnp - ok
21:19:42.0656 1936 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
21:19:42.0656 1936 JavaQuickStarterService - ok
21:19:42.0671 1936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:19:42.0671 1936 Kbdclass - ok
21:19:42.0687 1936 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:19:42.0687 1936 kbdhid - ok
21:19:42.0734 1936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:19:42.0734 1936 kmixer - ok
21:19:42.0765 1936 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:19:42.0765 1936 KSecDD - ok
21:19:42.0796 1936 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:19:42.0812 1936 lanmanserver - ok
21:19:42.0843 1936 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:19:42.0843 1936 lanmanworkstation - ok
21:19:42.0859 1936 lbrtfdc - ok
21:19:42.0906 1936 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:19:42.0906 1936 LmHosts - ok
21:19:42.0937 1936 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:19:42.0937 1936 Messenger - ok
21:19:42.0953 1936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:19:42.0953 1936 mnmdd - ok
21:19:42.0984 1936 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
21:19:42.0984 1936 mnmsrvc - ok
21:19:43.0000 1936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:19:43.0000 1936 Modem - ok
21:19:43.0015 1936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:19:43.0015 1936 Mouclass - ok
21:19:43.0046 1936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:19:43.0046 1936 mouhid - ok
21:19:43.0062 1936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:19:43.0062 1936 MountMgr - ok
21:19:43.0078 1936 mraid35x - ok
21:19:43.0109 1936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:19:43.0109 1936 MRxDAV - ok
21:19:43.0140 1936 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:19:43.0156 1936 MRxSmb - ok
21:19:43.0171 1936 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
21:19:43.0171 1936 MSDTC - ok
21:19:43.0203 1936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:19:43.0203 1936 Msfs - ok
21:19:43.0203 1936 MSIServer - ok
21:19:43.0250 1936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:19:43.0250 1936 MSKSSRV - ok
21:19:43.0281 1936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:19:43.0281 1936 MSPCLOCK - ok
21:19:43.0296 1936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:19:43.0296 1936 MSPQM - ok
21:19:43.0328 1936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:19:43.0328 1936 mssmbios - ok
21:19:43.0359 1936 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:19:43.0359 1936 Mup - ok
21:19:43.0406 1936 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:19:43.0406 1936 napagent - ok
21:19:43.0437 1936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:19:43.0437 1936 NDIS - ok
21:19:43.0453 1936 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:19:43.0453 1936 NdisTapi - ok
21:19:43.0484 1936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:19:43.0484 1936 Ndisuio - ok
21:19:43.0500 1936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:43.0500 1936 NdisWan - ok
21:19:43.0531 1936 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:19:43.0531 1936 NDProxy - ok
21:19:43.0562 1936 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
21:19:43.0562 1936 Netaapl - ok
21:19:43.0578 1936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:19:43.0578 1936 NetBIOS - ok
21:19:43.0609 1936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:19:43.0609 1936 NetBT - ok
21:19:43.0656 1936 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:19:43.0656 1936 NetDDE - ok
21:19:43.0671 1936 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:19:43.0671 1936 NetDDEdsdm - ok
21:19:43.0703 1936 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:19:43.0703 1936 Netlogon - ok
21:19:43.0734 1936 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:19:43.0734 1936 Netman - ok
21:19:43.0750 1936 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:19:43.0750 1936 NIC1394 - ok
21:19:43.0796 1936 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:19:43.0796 1936 Nla - ok
21:19:43.0859 1936 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:19:43.0875 1936 NMIndexingService - ok
21:19:43.0890 1936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:19:43.0890 1936 Npfs - ok
21:19:43.0906 1936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:19:43.0921 1936 Ntfs - ok
21:19:43.0953 1936 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:19:43.0953 1936 NtLmSsp - ok
21:19:43.0968 1936 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:19:43.0984 1936 NtmsSvc - ok
21:19:44.0015 1936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:19:44.0015 1936 Null - ok
21:19:44.0031 1936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:19:44.0031 1936 NwlnkFlt - ok
21:19:44.0046 1936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:19:44.0046 1936 NwlnkFwd - ok
21:19:44.0078 1936 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:19:44.0093 1936 ohci1394 - ok
21:19:44.0156 1936 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:44.0156 1936 ose - ok
21:19:44.0281 1936 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:19:44.0343 1936 osppsvc - ok
21:19:44.0375 1936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:19:44.0375 1936 Parport - ok
21:19:44.0406 1936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:19:44.0406 1936 PartMgr - ok
21:19:44.0437 1936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:19:44.0437 1936 ParVdm - ok
21:19:44.0453 1936 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:19:44.0453 1936 PCI - ok
21:19:44.0468 1936 PCIDump - ok
21:19:44.0500 1936 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:19:44.0500 1936 PCIIde - ok
21:19:44.0515 1936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:19:44.0531 1936 Pcmcia - ok
21:19:44.0531 1936 PDCOMP - ok
21:19:44.0562 1936 PDFRAME - ok
21:19:44.0578 1936 PDRELI - ok
21:19:44.0609 1936 PDRFRAME - ok
21:19:44.0625 1936 perc2 - ok
21:19:44.0640 1936 perc2hib - ok
21:19:44.0718 1936 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:19:44.0718 1936 PlugPlay - ok
21:19:44.0750 1936 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
21:19:44.0750 1936 PolicyAgent - ok
21:19:44.0765 1936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:19:44.0765 1936 PptpMiniport - ok
21:19:44.0781 1936 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:19:44.0781 1936 Processor - ok
21:19:44.0796 1936 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:19:44.0812 1936 ProtectedStorage - ok
21:19:44.0828 1936 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:19:44.0828 1936 PSched - ok
21:19:44.0843 1936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:19:44.0843 1936 Ptilink - ok
21:19:44.0890 1936 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:19:44.0890 1936 PxHelp20 - ok
21:19:44.0906 1936 ql1080 - ok
21:19:44.0921 1936 Ql10wnt - ok
21:19:44.0953 1936 ql12160 - ok
21:19:44.0968 1936 ql1240 - ok
21:19:44.0984 1936 ql1280 - ok
21:19:45.0015 1936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:19:45.0015 1936 RasAcd - ok
21:19:45.0046 1936 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:19:45.0046 1936 RasAuto - ok
21:19:45.0062 1936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:19:45.0062 1936 Rasl2tp - ok
21:19:45.0093 1936 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:19:45.0093 1936 RasMan - ok
21:19:45.0125 1936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:19:45.0125 1936 RasPppoe - ok
21:19:45.0140 1936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:19:45.0140 1936 Raspti - ok
21:19:45.0171 1936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:19:45.0171 1936 Rdbss - ok
21:19:45.0187 1936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:19:45.0187 1936 RDPCDD - ok
21:19:45.0234 1936 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:19:45.0234 1936 RDPWD - ok
21:19:45.0265 1936 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:19:45.0265 1936 RDSessMgr - ok
21:19:45.0296 1936 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:19:45.0296 1936 redbook - ok
21:19:45.0343 1936 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:19:45.0343 1936 RemoteAccess - ok
21:19:45.0359 1936 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
21:19:45.0359 1936 RpcLocator - ok
21:19:45.0406 1936 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:19:45.0406 1936 RpcSs - ok
21:19:45.0421 1936 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
21:19:45.0421 1936 RSVP - ok
21:19:45.0468 1936 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:19:45.0468 1936 RTLE8023xp - ok
21:19:45.0500 1936 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:19:45.0500 1936 SamSs - ok
21:19:45.0515 1936 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:19:45.0531 1936 SCardSvr - ok
21:19:45.0546 1936 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:19:45.0562 1936 Schedule - ok
21:19:45.0609 1936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:19:45.0609 1936 Secdrv - ok
21:19:45.0625 1936 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:19:45.0625 1936 seclogon - ok
21:19:45.0656 1936 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:19:45.0656 1936 SENS - ok
21:19:45.0671 1936 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:19:45.0671 1936 serenum - ok
21:19:45.0687 1936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:19:45.0687 1936 Serial - ok
21:19:45.0718 1936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:19:45.0718 1936 Sfloppy - ok
21:19:45.0750 1936 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:19:45.0750 1936 SharedAccess - ok
21:19:45.0781 1936 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:19:45.0796 1936 ShellHWDetection - ok
21:19:45.0796 1936 Simbad - ok
21:19:45.0828 1936 Sparrow - ok
21:19:45.0859 1936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:19:45.0859 1936 splitter - ok
21:19:45.0890 1936 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:19:45.0890 1936 Spooler - ok
21:19:45.0906 1936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:19:45.0906 1936 sr - ok
21:19:45.0937 1936 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
21:19:45.0953 1936 srservice - ok
21:19:45.0984 1936 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:19:46.0000 1936 Srv - ok
21:19:46.0031 1936 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:19:46.0031 1936 SSDPSRV - ok
21:19:46.0062 1936 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:19:46.0062 1936 stisvc - ok
21:19:46.0078 1936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:19:46.0078 1936 swenum - ok
21:19:46.0109 1936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:19:46.0109 1936 swmidi - ok
21:19:46.0125 1936 SwPrv - ok
21:19:46.0156 1936 symc810 - ok
21:19:46.0171 1936 symc8xx - ok
21:19:46.0203 1936 sym_hi - ok
21:19:46.0218 1936 sym_u3 - ok
21:19:46.0250 1936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:19:46.0250 1936 sysaudio - ok
21:19:46.0281 1936 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:19:46.0281 1936 SysmonLog - ok
21:19:46.0312 1936 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:19:46.0312 1936 TapiSrv - ok
21:19:46.0343 1936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:19:46.0343 1936 Tcpip - ok
21:19:46.0375 1936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:19:46.0375 1936 TDPIPE - ok
21:19:46.0406 1936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:19:46.0406 1936 TDTCP - ok
21:19:46.0406 1936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:19:46.0421 1936 TermDD - ok
21:19:46.0453 1936 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:19:46.0453 1936 TermService - ok
21:19:46.0484 1936 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:19:46.0484 1936 Themes - ok
21:19:46.0500 1936 TosIde - ok
21:19:46.0531 1936 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:19:46.0531 1936 TrkWks - ok
21:19:46.0562 1936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:19:46.0562 1936 Udfs - ok
21:19:46.0593 1936 ultra - ok
21:19:46.0640 1936 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
21:19:46.0640 1936 UMWdf - ok
21:19:46.0671 1936 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:19:46.0671 1936 Update - ok
21:19:46.0687 1936 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:19:46.0703 1936 upnphost - ok
21:19:46.0718 1936 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:19:46.0718 1936 UPS - ok
21:19:46.0750 1936 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:19:46.0750 1936 USBAAPL - ok
21:19:46.0781 1936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:19:46.0781 1936 usbccgp - ok
21:19:46.0796 1936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:19:46.0796 1936 usbehci - ok
21:19:46.0812 1936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:19:46.0812 1936 usbhub - ok
21:19:46.0828 1936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:19:46.0828 1936 usbprint - ok
21:19:46.0859 1936 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:19:46.0859 1936 usbscan - ok
21:19:46.0890 1936 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:19:46.0890 1936 usbstor - ok
21:19:46.0906 1936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:19:46.0906 1936 usbuhci - ok
21:19:46.0921 1936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:19:46.0921 1936 VgaSave - ok
21:19:46.0937 1936 ViaIde - ok
21:19:46.0968 1936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:19:46.0968 1936 VolSnap - ok
21:19:47.0000 1936 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:19:47.0000 1936 VSS - ok
21:19:47.0031 1936 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
21:19:47.0031 1936 W32Time - ok
21:19:47.0062 1936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:47.0062 1936 Wanarp - ok
21:19:47.0109 1936 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:19:47.0109 1936 Wdf01000 - ok
21:19:47.0125 1936 WDICA - ok
21:19:47.0156 1936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:19:47.0156 1936 wdmaud - ok
21:19:47.0187 1936 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:19:47.0203 1936 WebClient - ok
21:19:47.0234 1936 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:19:47.0234 1936 winmgmt - ok
21:19:47.0296 1936 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
21:19:47.0296 1936 WmdmPmSN - ok
21:19:47.0328 1936 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:19:47.0343 1936 WmiApSrv - ok
21:19:47.0359 1936 WSearch - ok
21:19:47.0421 1936 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:19:47.0421 1936 wuauserv - ok
21:19:47.0453 1936 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:19:47.0453 1936 WZCSVC - ok
21:19:47.0484 1936 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:19:47.0484 1936 xmlprov - ok
21:19:47.0531 1936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:19:47.0640 1936 \Device\Harddisk0\DR0 - ok
21:19:47.0640 1936 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR4
21:19:47.0656 1936 \Device\Harddisk3\DR4 - ok
21:19:47.0671 1936 Boot (0x1200) (525d9c8b331f55740c6c5df5c921a881) \Device\Harddisk0\DR0\Partition0
21:19:47.0671 1936 \Device\Harddisk0\DR0\Partition0 - ok
21:19:47.0687 1936 Boot (0x1200) (70f3a0b4f8d6b2efcf34e5584fbe86c4) \Device\Harddisk3\DR4\Partition0
21:19:47.0687 1936 \Device\Harddisk3\DR4\Partition0 - ok
21:19:47.0703 1936 ============================================================
21:19:47.0703 1936 Scan finished
21:19:47.0703 1936 ============================================================
21:19:47.0734 1928 Detected object count: 0
21:19:47.0734 1928 Actual detected object count: 0

aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 21:23:25
-----------------------------
21:23:25.703 OS Version: Windows 5.1.2600 Service Pack 3
21:23:25.703 Number of processors: 2 586 0x170A
21:23:25.703 ComputerName: CRAIBREN UserName: BG
21:23:26.359 Initialize success
21:23:47.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:23:47.343 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
21:23:47.359 Disk 0 MBR read successfully
21:23:47.375 Disk 0 MBR scan
21:23:47.390 Disk 0 Windows XP default MBR code
21:23:47.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
21:23:47.421 Disk 0 scanning sectors +268414020
21:23:47.484 Disk 0 scanning C:\WINDOWS\system32\drivers
21:23:51.828 Service scanning
21:23:57.656 Modules scanning
21:24:00.109 Disk 0 trace - called modules:
21:24:00.156 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:24:00.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a188908]
21:24:00.187 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\0000005b[0x8a1899e8]
21:24:00.203 5 ACPI.sys[f74f7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a189d98]
21:24:00.250 Scan finished successfully
21:24:08.390 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
21:24:08.437 The log file has been saved successfully to "G:\aswMBR.txt"




Let me know what you think.

I purchased Kaspersky and it will not let me install it because it thinks I am infected.

Also I cannot seem to get Kaspersky's own virus removal tool to work, keeps calling it a corrupted file.

I have been able to install malwarebytes & spybot and everytime I do a malwarebytes scan and fix the files when I restart they all seem to come back.

I really need some help!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:24 PM

Posted 10 April 2012 - 12:38 PM

Well so far it wasn't a Tdss rootkit. Unfortunately you cut off the Mini Log at
========================= Hosts content: =================================

The TDSS log starts there.



Some infections change settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

FixNCR.reg

insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.

Edited by boopme, 10 April 2012 - 12:40 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users