Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A New Infection?


  • Please log in to reply
9 replies to this topic

#1 redglare

redglare

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 07 May 2012 - 09:16 PM

I recognize the first sign of what is a virus or malware on my computer and wish to get assistance to fix it. The first symptom I notice is that my task bar and Windows Explorer windows frame are tan instead of the normal blue. I've seen this before and what usually follows is opening webpages becomes slower and slower and then unusable. Please help me repair what's wrong.

I've run AVG and Super Antispyware. Both applications find lots of issues, but the change in color of the task
bar and IE windows is an indication something is still there. How can I properly repair the issue?

Thanks, RedGlare

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:16 AM

Posted 07 May 2012 - 10:02 PM

Hello redglare.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 07 May 2012 - 11:30 PM

Thank you for your reply with offer to help. Attached are the three reports you requested. When I ran TDSSKiller it did need to reboot.

Thanks, RedGlare

MiniToolBox by Farbar Version: 18-01-2012
Ran by Dad (administrator) on 07-05-2012 at 22:44:35
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:60020

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [THETICK2]. Some commands may not be available.
Unspecified error



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : thetick2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 04-4B-80-80-80-03

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, May 07, 2012 1:23:19 PM

Lease Expires . . . . . . . . . . : Tuesday, May 08, 2012 1:23:19 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.227.46, 74.125.227.40, 74.125.227.35, 74.125.227.38
74.125.227.33, 74.125.227.39, 74.125.227.32, 74.125.227.34, 74.125.227.37
74.125.227.36, 74.125.227.41



Pinging google.com [74.125.227.32] with 32 bytes of data:



Reply from 74.125.227.32: bytes=32 time=19ms TTL=54

Reply from 74.125.227.32: bytes=32 time=14ms TTL=54



Ping statistics for 74.125.227.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 19ms, Average = 16ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=102ms TTL=50

Reply from 72.30.38.140: bytes=32 time=77ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 77ms, Maximum = 102ms, Average = 89ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...04 4b 80 80 80 03 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.6 192.168.1.6 20
192.168.1.0 255.255.255.0 192.168.1.6 192.168.1.6 20
192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.6 192.168.1.6 20
224.0.0.0 240.0.0.0 192.168.1.6 192.168.1.6 20
255.255.255.255 255.255.255.255 192.168.1.6 192.168.1.6 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/04/2012 11:47:26 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (05/04/2012 11:46:02 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (05/04/2012 11:46:00 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/04/2012 11:45:55 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/03/2012 11:30:55 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System ran out of memory during its internal processing, at line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Error: (05/03/2012 09:23:29 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (05/03/2012 09:23:29 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (05/02/2012 09:24:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (05/02/2012 09:24:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (05/01/2012 09:06:01 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (05/07/2012 10:51:11 PM) (Source: DCOM) (User: Dad)
Description: The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

Error: (05/07/2012 10:50:41 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated with the following error:
%%8

Error: (05/07/2012 10:50:41 PM) (Source: DCOM) (User: Dad)
Description: The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

Error: (05/07/2012 10:50:11 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated with the following error:
%%8

Error: (05/07/2012 10:50:11 PM) (Source: DCOM) (User: Dad)
Description: The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

Error: (05/07/2012 10:49:41 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated with the following error:
%%8

Error: (05/07/2012 10:49:40 PM) (Source: DCOM) (User: Dad)
Description: The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

Error: (05/07/2012 10:49:10 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated with the following error:
%%8

Error: (05/07/2012 10:49:10 PM) (Source: DCOM) (User: Dad)
Description: The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

Error: (05/07/2012 10:48:40 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated with the following error:
%%8


Microsoft Office Sessions:
=========================
Error: (05/04/2012 11:47:26 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (05/04/2012 11:46:02 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (05/04/2012 11:46:00 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/04/2012 11:45:55 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/03/2012 11:30:55 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007000E

Error: (05/03/2012 09:23:29 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (05/03/2012 09:23:29 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (05/02/2012 09:24:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (05/02/2012 09:24:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (05/01/2012 09:06:01 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================

18 Wheels of Steel Extreme Trucker (Version: 1.00.0000)
18 Wheels of Steel Extreme Trucker (Version: 2.2.0.95)
18 Wheels of Steel: American Long Haul (Version: )
18 WoS Extreme Trucker 2 (Version: 1.00.0000)
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)
Adobe Acrobat 6.0.1 Professional (Version: 006.000.001)
Adobe Acrobat and Reader 6.0.3 Update (Version: 6.0.3)
Adobe Acrobat and Reader 6.0.4 Update (Version: 6.0.4)
Adobe Acrobat and Reader 6.0.5 Update (Version: 6.0.5)
Adobe Acrobat and Reader 6.0.6 Update (Version: 6.0.6)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager (Version: 1.6.2.97)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
AGEIA PhysX v6.10.25 (Version: 6.10.25)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression 5
Ashampoo Burning Studio 6 FREE v.6.80 (Version: 6.8.0)
Athlon 64 Processor Driver (Version: 1.2.2.2)
AutoCAD LT 2008 - English (Version: 17.1.51.0)
Autodesk DWF Viewer 7 (Version: 7.2.0)
AVG 2012 (Version: 12.0.2171)
AVG 2012 (Version: 12.0.2425)
AVG 2012 (Version: 2012.0.2171)
Babylon toolbar
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2™
Battlefield 2: Special Forces
Bonjour (Version: 3.0.0.10)
Bus Driver (Version: 2.2.0.95)
CCleaner (Version: 3.18)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Comcast High-Speed Internet Install Wizard
Construction Destruction
CoreAAC
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct Show Ogg Vorbis Filter (remove only)
Eighteen Wheels of Steel Haulin' (Version: 2.2.0.95)
Eighteen Wheels of Steel: Extreme Trucker 2 (Version: 2.2.0.97)
EPSON Print CD (Version: 1.50.000)
EPSON Printer Software
EPSON Scan
EPSON Stylus Photo RX580 Scanner Driver Update
EPSON Stylus Photo RX580 User's Guide
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
File Type Assistant
FlatOut (Version: 2.2.0.98)
GameSpy Arcade
Garbage Truck Simulator (remove only)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.4.2)
German Truck Simulator 1.32 (Version: 1.32)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.111)
HAL 9000 [Console] Basic Screen Saver
HAL 9000 [Full Screen] Basic Screen Saver
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
IrfanView (remove only) (Version: 4.28)
Ironclads High Seas (Version: 2.2.0.97)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
John Deere Drive Green (Version: 1.00.0000)
Logitech QuickCam (Version: 11.10.2030)
Logitech® Camera Driver
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MPEG2 Codec(libmpeg2/mad)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
MVision (Version: 11.10.2030)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527)
PunkBuster for Battlefield 1942
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roblox for Dad
SoundMAX (Version: 5.10.01.4530)
SUPERAntiSpyware (Version: 4.48.1000)
swMSM (Version: 12.0.0.1)
Team Factor (remove only)
Timez Attack Launcher (Version: L)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Installer for WildTangent Games App
VC 9.0 Runtime (Version: 1.0.0)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM (Version: 8.0.50727.762)
VLC media player 2.0.0 (Version: 2.0.0)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.5318)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Version: 4.0.5.14)
WildTangent ORB Game Console
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Wings Over Europe (Version: v04.23.06)
WinRAR 4.10 (32-bit) (Version: 4.10.0)
Xfire (remove only)
Yahoo! Software Update
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 84%
Total physical RAM: 2046.42 MB
Available physical RAM: 322.62 MB
Total Pagefile: 3939.3 MB
Available Pagefile: 1478.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.75 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:127.99 GB) (Free:67.27 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Dad Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****


22:53:37.0671 11196 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:53:39.0671 11196 ============================================================
22:53:39.0671 11196 Current date / time: 2012/05/07 22:53:39.0671
22:53:39.0671 11196 SystemInfo:
22:53:39.0671 11196
22:53:39.0671 11196 OS Version: 5.1.2600 ServicePack: 3.0
22:53:39.0671 11196 Product type: Workstation
22:53:39.0671 11196 ComputerName: THETICK2
22:53:39.0671 11196 UserName: Dad
22:53:39.0671 11196 Windows directory: C:\WINDOWS
22:53:39.0671 11196 System windows directory: C:\WINDOWS
22:53:39.0671 11196 Processor architecture: Intel x86
22:53:39.0671 11196 Number of processors: 2
22:53:39.0671 11196 Page size: 0x1000
22:53:39.0671 11196 Boot type: Normal boot
22:53:39.0671 11196 ============================================================
22:53:43.0859 11196 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:53:43.0875 11196 ============================================================
22:53:43.0875 11196 \Device\Harddisk0\DR0:
22:53:43.0875 11196 MBR partitions:
22:53:43.0875 11196 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
22:53:43.0875 11196 ============================================================
22:53:43.0906 11196 C: <-> \Device\Harddisk0\DR0\Partition0
22:53:43.0906 11196 ============================================================
22:53:43.0906 11196 Initialize success
22:53:43.0906 11196 ============================================================
22:54:11.0640 12136 ============================================================
22:54:11.0640 12136 Scan started
22:54:11.0640 12136 Mode: Manual; TDLFS;
22:54:11.0640 12136 ============================================================
22:54:11.0765 12136 Abiosdsk - ok
22:54:11.0765 12136 abp480n5 - ok
22:54:11.0812 12136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:54:11.0812 12136 ACPI - ok
22:54:11.0859 12136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:54:11.0859 12136 ACPIEC - ok
22:54:11.0890 12136 ADIHdAudAddService (8ce0a2c740e6e2683b4def4e485ea331) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:54:11.0890 12136 ADIHdAudAddService - ok
22:54:11.0890 12136 adpu160m - ok
22:54:11.0906 12136 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
22:54:11.0906 12136 AEAudio - ok
22:54:11.0921 12136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:54:11.0921 12136 aec - ok
22:54:11.0937 12136 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
22:54:11.0937 12136 Afc - ok
22:54:12.0000 12136 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:54:12.0000 12136 AFD - ok
22:54:12.0000 12136 Aha154x - ok
22:54:12.0000 12136 aic78u2 - ok
22:54:12.0015 12136 aic78xx - ok
22:54:12.0046 12136 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:54:12.0062 12136 Alerter - ok
22:54:12.0062 12136 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:54:12.0062 12136 ALG - ok
22:54:12.0078 12136 AliIde - ok
22:54:12.0078 12136 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:54:12.0093 12136 AmdK8 - ok
22:54:12.0093 12136 amsint - ok
22:54:12.0234 12136 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:54:12.0234 12136 Apple Mobile Device - ok
22:54:12.0265 12136 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:54:12.0265 12136 AppMgmt - ok
22:54:12.0265 12136 asc - ok
22:54:12.0281 12136 asc3350p - ok
22:54:12.0281 12136 asc3550 - ok
22:54:12.0375 12136 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:54:12.0437 12136 aspnet_state - ok
22:54:12.0484 12136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:54:12.0484 12136 AsyncMac - ok
22:54:12.0484 12136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:54:12.0484 12136 atapi - ok
22:54:12.0484 12136 Atdisk - ok
22:54:12.0515 12136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:54:12.0515 12136 Atmarpc - ok
22:54:12.0546 12136 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:54:12.0546 12136 AudioSrv - ok
22:54:12.0562 12136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:54:12.0562 12136 audstub - ok
22:54:12.0593 12136 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
22:54:12.0593 12136 Autodesk Licensing Service - ok
22:54:12.0984 12136 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
22:54:13.0078 12136 AVGIDSAgent - ok
22:54:13.0171 12136 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
22:54:13.0171 12136 AVGIDSDriver - ok
22:54:13.0187 12136 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
22:54:13.0187 12136 AVGIDSFilter - ok
22:54:13.0203 12136 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
22:54:13.0203 12136 AVGIDSHX - ok
22:54:13.0218 12136 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
22:54:13.0218 12136 AVGIDSShim - ok
22:54:13.0265 12136 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:54:13.0265 12136 Avgldx86 - ok
22:54:13.0281 12136 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:54:13.0281 12136 Avgmfx86 - ok
22:54:13.0312 12136 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:54:13.0312 12136 Avgrkx86 - ok
22:54:13.0328 12136 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:54:13.0328 12136 Avgtdix - ok
22:54:13.0359 12136 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:54:13.0359 12136 avgwd - ok
22:54:13.0390 12136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:54:13.0390 12136 Beep - ok
22:54:13.0421 12136 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:54:13.0500 12136 BITS - ok
22:54:13.0546 12136 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:54:13.0562 12136 Bonjour Service - ok
22:54:13.0593 12136 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:54:13.0593 12136 Browser - ok
22:54:13.0703 12136 catchme - ok
22:54:13.0750 12136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:54:13.0750 12136 cbidf2k - ok
22:54:13.0781 12136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:54:13.0796 12136 CCDECODE - ok
22:54:13.0796 12136 cd20xrnt - ok
22:54:13.0812 12136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:54:13.0812 12136 Cdaudio - ok
22:54:13.0843 12136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:54:13.0843 12136 Cdfs - ok
22:54:13.0937 12136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:54:13.0937 12136 Cdrom - ok
22:54:13.0937 12136 Changer - ok
22:54:14.0031 12136 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:54:14.0031 12136 cisvc - ok
22:54:14.0046 12136 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:54:14.0046 12136 ClipSrv - ok
22:54:14.0109 12136 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:14.0125 12136 clr_optimization_v2.0.50727_32 - ok
22:54:14.0125 12136 CmdIde - ok
22:54:14.0140 12136 COMSysApp - ok
22:54:14.0156 12136 Cpqarray - ok
22:54:14.0203 12136 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:54:14.0203 12136 CryptSvc - ok
22:54:14.0203 12136 dac2w2k - ok
22:54:14.0203 12136 dac960nt - ok
22:54:14.0265 12136 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:54:14.0265 12136 DcomLaunch - ok
22:54:14.0281 12136 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:54:14.0281 12136 Dhcp - ok
22:54:14.0281 12136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:54:14.0281 12136 Disk - ok
22:54:14.0281 12136 dmadmin - ok
22:54:14.0359 12136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:54:14.0359 12136 dmboot - ok
22:54:14.0375 12136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:54:14.0375 12136 dmio - ok
22:54:14.0375 12136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:54:14.0375 12136 dmload - ok
22:54:14.0390 12136 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:54:14.0390 12136 dmserver - ok
22:54:14.0437 12136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:54:14.0437 12136 DMusic - ok
22:54:14.0453 12136 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:54:14.0453 12136 Dnscache - ok
22:54:14.0484 12136 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:54:14.0484 12136 Dot3svc - ok
22:54:14.0500 12136 dpti2o - ok
22:54:14.0500 12136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:54:14.0500 12136 drmkaud - ok
22:54:14.0500 12136 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:54:14.0500 12136 EapHost - ok
22:54:14.0515 12136 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:54:14.0515 12136 ERSvc - ok
22:54:14.0640 12136 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:54:14.0640 12136 Eventlog - ok
22:54:14.0718 12136 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:54:14.0718 12136 EventSystem - ok
22:54:14.0734 12136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:54:14.0734 12136 Fastfat - ok
22:54:14.0796 12136 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:54:14.0796 12136 FastUserSwitchingCompatibility - ok
22:54:14.0812 12136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:54:14.0812 12136 Fdc - ok
22:54:14.0828 12136 FilterService (ed6c44547540e7892a1c34fd4bd35a53) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
22:54:14.0828 12136 FilterService - ok
22:54:14.0843 12136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:54:14.0843 12136 Fips - ok
22:54:14.0843 12136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:54:14.0843 12136 Flpydisk - ok
22:54:14.0859 12136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:54:14.0859 12136 FltMgr - ok
22:54:14.0906 12136 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:54:14.0906 12136 FontCache3.0.0.0 - ok
22:54:14.0937 12136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:54:14.0937 12136 Fs_Rec - ok
22:54:14.0953 12136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:54:14.0953 12136 Ftdisk - ok
22:54:15.0015 12136 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
22:54:15.0015 12136 GameConsoleService - ok
22:54:15.0031 12136 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
22:54:15.0046 12136 GamesAppService - ok
22:54:15.0062 12136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:54:15.0062 12136 GEARAspiWDM - ok
22:54:15.0078 12136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:54:15.0078 12136 Gpc - ok
22:54:15.0093 12136 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
22:54:15.0093 12136 grmnusb - ok
22:54:15.0156 12136 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:15.0171 12136 gupdate - ok
22:54:15.0171 12136 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:15.0171 12136 gupdatem - ok
22:54:15.0171 12136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:54:15.0187 12136 HDAudBus - ok
22:54:15.0203 12136 helpsvc - ok
22:54:15.0234 12136 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:54:15.0234 12136 HidServ - ok
22:54:15.0250 12136 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:54:15.0250 12136 HidUsb - ok
22:54:15.0265 12136 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:54:15.0265 12136 hkmsvc - ok
22:54:15.0265 12136 hpn - ok
22:54:15.0281 12136 hpt3xx - ok
22:54:15.0312 12136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:54:15.0328 12136 HTTP - ok
22:54:15.0343 12136 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:54:15.0343 12136 HTTPFilter - ok
22:54:15.0343 12136 i2omgmt - ok
22:54:15.0343 12136 i2omp - ok
22:54:15.0375 12136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:54:15.0375 12136 i8042prt - ok
22:54:15.0421 12136 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:54:15.0421 12136 IDriverT - ok
22:54:15.0484 12136 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:54:15.0500 12136 idsvc - ok
22:54:15.0500 12136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
22:54:15.0500 12136 Imapi - ok
22:54:15.0546 12136 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:54:15.0546 12136 ImapiService - ok
22:54:15.0546 12136 ini910u - ok
22:54:15.0562 12136 IntelIde - ok
22:54:15.0609 12136 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:54:15.0609 12136 ip6fw - ok
22:54:15.0640 12136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:54:15.0640 12136 IpFilterDriver - ok
22:54:15.0656 12136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:54:15.0656 12136 IpInIp - ok
22:54:15.0671 12136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:54:15.0671 12136 IpNat - ok
22:54:15.0718 12136 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
22:54:15.0718 12136 iPod Service - ok
22:54:15.0734 12136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:54:15.0734 12136 IPSec - ok
22:54:15.0765 12136 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
22:54:15.0781 12136 irda - ok
22:54:15.0796 12136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:54:15.0796 12136 IRENUM - ok
22:54:15.0812 12136 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
22:54:15.0812 12136 Irmon - ok
22:54:15.0828 12136 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
22:54:15.0828 12136 irsir - ok
22:54:15.0875 12136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:54:15.0906 12136 isapnp - ok
22:54:15.0937 12136 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
22:54:15.0937 12136 ISWKL - ok
22:54:15.0984 12136 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
22:54:15.0984 12136 IswSvc - ok
22:54:16.0062 12136 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
22:54:16.0078 12136 JavaQuickStarterService - ok
22:54:16.0078 12136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:54:16.0078 12136 Kbdclass - ok
22:54:16.0093 12136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:54:16.0093 12136 kmixer - ok
22:54:16.0109 12136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:54:16.0140 12136 KSecDD - ok
22:54:16.0171 12136 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:54:16.0171 12136 lanmanserver - ok
22:54:16.0187 12136 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:54:16.0187 12136 lanmanworkstation - ok
22:54:16.0203 12136 lbrtfdc - ok
22:54:16.0281 12136 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:54:16.0281 12136 LmHosts - ok
22:54:16.0281 12136 lmimirr - ok
22:54:16.0343 12136 Lvckap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
22:54:16.0375 12136 Lvckap - ok
22:54:16.0437 12136 LVCOMSer (14e4cc4d46169759d874f57604ea6be5) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
22:54:16.0437 12136 LVCOMSer - ok
22:54:16.0562 12136 lvmvdrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
22:54:16.0609 12136 lvmvdrv - ok
22:54:16.0718 12136 lvpopflt (92990b040b68632cc3f80a742d163937) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
22:54:16.0750 12136 lvpopflt - ok
22:54:16.0796 12136 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
22:54:16.0796 12136 LVPr2Mon - ok
22:54:16.0796 12136 LVPrcSrv (b2d04e813ba12ab179daf0b9fdecba3d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
22:54:16.0796 12136 LVPrcSrv - ok
22:54:16.0812 12136 LVSrvLauncher (a7a2ef5000007ca361da1e2b99df8c57) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
22:54:16.0828 12136 LVSrvLauncher - ok
22:54:16.0890 12136 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\system32\drivers\LVUSBSta.sys
22:54:16.0890 12136 LVUSBSta - ok
22:54:17.0000 12136 LVUVC (b0dfee7da5e6d04762e25e355d94d8b5) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
22:54:17.0062 12136 LVUVC - ok
22:54:17.0109 12136 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:54:17.0109 12136 Messenger - ok
22:54:17.0156 12136 Microsoft SharePoint Workspace Audit Service - ok
22:54:17.0171 12136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:54:17.0171 12136 mnmdd - ok
22:54:17.0187 12136 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
22:54:17.0203 12136 mnmsrvc - ok
22:54:17.0250 12136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:54:17.0250 12136 Modem - ok
22:54:17.0250 12136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:54:17.0250 12136 Mouclass - ok
22:54:17.0250 12136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:54:17.0250 12136 MountMgr - ok
22:54:17.0281 12136 mraid35x - ok
22:54:17.0328 12136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:54:17.0375 12136 MRxDAV - ok
22:54:17.0406 12136 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:54:17.0421 12136 MRxSmb - ok
22:54:17.0421 12136 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
22:54:17.0421 12136 MSDTC - ok
22:54:17.0437 12136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:54:17.0437 12136 Msfs - ok
22:54:17.0437 12136 MSIServer - ok
22:54:17.0484 12136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:54:17.0484 12136 MSKSSRV - ok
22:54:17.0500 12136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:54:17.0500 12136 MSPCLOCK - ok
22:54:17.0500 12136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:54:17.0500 12136 MSPQM - ok
22:54:17.0578 12136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:54:17.0578 12136 mssmbios - ok
22:54:17.0609 12136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:54:17.0609 12136 MSTEE - ok
22:54:17.0640 12136 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:54:17.0640 12136 MTsensor - ok
22:54:17.0671 12136 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:54:17.0671 12136 Mup - ok
22:54:17.0703 12136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:54:17.0703 12136 NABTSFEC - ok
22:54:17.0734 12136 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:54:17.0750 12136 napagent - ok
22:54:17.0750 12136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:54:17.0750 12136 NDIS - ok
22:54:17.0781 12136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:54:17.0781 12136 NdisIP - ok
22:54:17.0796 12136 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:54:17.0796 12136 NdisTapi - ok
22:54:17.0812 12136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:54:17.0812 12136 Ndisuio - ok
22:54:17.0828 12136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:54:17.0828 12136 NdisWan - ok
22:54:17.0875 12136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:54:17.0875 12136 NDProxy - ok
22:54:17.0890 12136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:54:17.0890 12136 NetBIOS - ok
22:54:17.0906 12136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:54:17.0921 12136 NetBT - ok
22:54:17.0921 12136 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:54:17.0921 12136 NetDDE - ok
22:54:17.0937 12136 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:54:17.0937 12136 NetDDEdsdm - ok
22:54:17.0984 12136 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:17.0984 12136 Netlogon - ok
22:54:18.0015 12136 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:54:18.0015 12136 Netman - ok
22:54:18.0062 12136 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:54:18.0062 12136 NetTcpPortSharing - ok
22:54:18.0093 12136 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:54:18.0109 12136 Nla - ok
22:54:18.0125 12136 nosGetPlusHelper (431ada51e9d032f533548688ce5a2a24) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
22:54:18.0125 12136 nosGetPlusHelper - ok
22:54:18.0156 12136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:54:18.0156 12136 Npfs - ok
22:54:18.0171 12136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:54:18.0171 12136 Ntfs - ok
22:54:18.0187 12136 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:54:18.0187 12136 NtLmSsp - ok
22:54:18.0203 12136 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:54:18.0203 12136 NtmsSvc - ok
22:54:18.0218 12136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:54:18.0234 12136 Null - ok
22:54:18.0484 12136 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:54:18.0703 12136 nv - ok
22:54:18.0750 12136 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
22:54:18.0750 12136 nvata - ok
22:54:18.0765 12136 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:54:18.0765 12136 NVENETFD - ok
22:54:18.0812 12136 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:54:18.0828 12136 nvnetbus - ok
22:54:18.0828 12136 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
22:54:18.0843 12136 nvsvc - ok
22:54:18.0843 12136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:54:18.0843 12136 NwlnkFlt - ok
22:54:18.0859 12136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:54:18.0859 12136 NwlnkFwd - ok
22:54:18.0875 12136 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:18.0875 12136 ose - ok
22:54:19.0000 12136 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:54:19.0078 12136 osppsvc - ok
22:54:19.0109 12136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:54:19.0109 12136 Parport - ok
22:54:19.0125 12136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:54:19.0125 12136 PartMgr - ok
22:54:19.0125 12136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:54:19.0140 12136 ParVdm - ok
22:54:19.0156 12136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:54:19.0156 12136 PCI - ok
22:54:19.0171 12136 PCIDump - ok
22:54:19.0187 12136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:54:19.0187 12136 PCIIde - ok
22:54:19.0187 12136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:54:19.0187 12136 Pcmcia - ok
22:54:19.0187 12136 PDCOMP - ok
22:54:19.0203 12136 PDFRAME - ok
22:54:19.0203 12136 PDRELI - ok
22:54:19.0203 12136 PDRFRAME - ok
22:54:19.0218 12136 perc2 - ok
22:54:19.0218 12136 perc2hib - ok
22:54:19.0265 12136 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:54:19.0265 12136 PlugPlay - ok
22:54:19.0265 12136 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:19.0265 12136 PolicyAgent - ok
22:54:19.0281 12136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:54:19.0296 12136 PptpMiniport - ok
22:54:19.0296 12136 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:54:19.0296 12136 Processor - ok
22:54:19.0296 12136 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:19.0296 12136 ProtectedStorage - ok
22:54:19.0343 12136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:54:19.0359 12136 PSched - ok
22:54:19.0375 12136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:54:19.0390 12136 Ptilink - ok
22:54:19.0421 12136 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
22:54:19.0421 12136 QCDonner - ok
22:54:19.0421 12136 ql1080 - ok
22:54:19.0437 12136 Ql10wnt - ok
22:54:19.0437 12136 ql12160 - ok
22:54:19.0437 12136 ql1240 - ok
22:54:19.0453 12136 ql1280 - ok
22:54:19.0468 12136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:54:19.0468 12136 RasAcd - ok
22:54:19.0468 12136 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:54:19.0468 12136 RasAuto - ok
22:54:19.0500 12136 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:54:19.0500 12136 Rasirda - ok
22:54:19.0515 12136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:54:19.0515 12136 Rasl2tp - ok
22:54:19.0562 12136 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:54:19.0562 12136 RasMan - ok
22:54:19.0562 12136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:54:19.0562 12136 RasPppoe - ok
22:54:19.0578 12136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:54:19.0593 12136 Raspti - ok
22:54:19.0593 12136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:54:19.0609 12136 Rdbss - ok
22:54:19.0625 12136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:54:19.0625 12136 RDPCDD - ok
22:54:19.0640 12136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:54:19.0687 12136 rdpdr - ok
22:54:19.0718 12136 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:54:19.0734 12136 RDPWD - ok
22:54:19.0765 12136 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:54:19.0765 12136 RDSessMgr - ok
22:54:19.0796 12136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:54:19.0796 12136 redbook - ok
22:54:19.0828 12136 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:54:19.0828 12136 RemoteAccess - ok
22:54:19.0859 12136 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:54:19.0859 12136 RemoteRegistry - ok
22:54:19.0859 12136 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
22:54:19.0890 12136 RpcLocator - ok
22:54:19.0890 12136 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:54:19.0890 12136 RpcSs - ok
22:54:19.0890 12136 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:54:19.0906 12136 RSVP - ok
22:54:19.0921 12136 SABProcEnum - ok
22:54:19.0937 12136 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:19.0937 12136 SamSs - ok
22:54:19.0968 12136 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:54:19.0968 12136 SASDIFSV - ok
22:54:19.0984 12136 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:54:19.0984 12136 SASKUTIL - ok
22:54:19.0984 12136 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:54:19.0984 12136 SCardSvr - ok
22:54:20.0015 12136 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:54:20.0031 12136 Schedule - ok
22:54:20.0078 12136 Secdrv (890cada2ab7acf53a5f9cce7515522a2) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:54:20.0078 12136 Secdrv - ok
22:54:20.0078 12136 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:54:20.0078 12136 seclogon - ok
22:54:20.0109 12136 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
22:54:20.0125 12136 SenFiltService - ok
22:54:20.0125 12136 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:54:20.0125 12136 SENS - ok
22:54:20.0156 12136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:54:20.0156 12136 serenum - ok
22:54:20.0218 12136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:54:20.0218 12136 Serial - ok
22:54:20.0234 12136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:54:20.0234 12136 Sfloppy - ok
22:54:20.0265 12136 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:54:20.0281 12136 SharedAccess - ok
22:54:20.0296 12136 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:54:20.0296 12136 ShellHWDetection - ok
22:54:20.0296 12136 Simbad - ok
22:54:20.0312 12136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:54:20.0312 12136 SLIP - ok
22:54:20.0328 12136 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:54:20.0343 12136 SONYPVU1 - ok
22:54:20.0343 12136 Sparrow - ok
22:54:20.0390 12136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:54:20.0390 12136 splitter - ok
22:54:20.0421 12136 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:54:20.0421 12136 Spooler - ok
22:54:20.0421 12136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:54:20.0421 12136 sr - ok
22:54:20.0437 12136 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:54:20.0437 12136 srservice - ok
22:54:20.0484 12136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:54:20.0515 12136 Srv - ok
22:54:20.0531 12136 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:54:20.0531 12136 SSDPSRV - ok
22:54:20.0578 12136 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:54:20.0578 12136 stisvc - ok
22:54:20.0593 12136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:54:20.0593 12136 streamip - ok
22:54:20.0640 12136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:54:20.0640 12136 swenum - ok
22:54:20.0640 12136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:54:20.0656 12136 swmidi - ok
22:54:20.0656 12136 SwPrv - ok
22:54:20.0671 12136 symc810 - ok
22:54:20.0671 12136 symc8xx - ok
22:54:20.0687 12136 sym_hi - ok
22:54:20.0687 12136 sym_u3 - ok
22:54:20.0734 12136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:54:20.0734 12136 sysaudio - ok
22:54:20.0734 12136 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:54:20.0750 12136 SysmonLog - ok
22:54:20.0796 12136 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:54:20.0796 12136 TapiSrv - ok
22:54:20.0812 12136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:54:20.0828 12136 Tcpip - ok
22:54:20.0859 12136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:54:20.0859 12136 TDPIPE - ok
22:54:20.0875 12136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:54:20.0875 12136 TDTCP - ok
22:54:20.0890 12136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:54:20.0890 12136 TermDD - ok
22:54:20.0906 12136 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:54:20.0921 12136 TermService - ok
22:54:20.0921 12136 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:54:20.0937 12136 Themes - ok
22:54:20.0968 12136 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
22:54:20.0968 12136 TlntSvr - ok
22:54:20.0984 12136 TosIde - ok
22:54:20.0984 12136 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:54:20.0984 12136 TrkWks - ok
22:54:21.0015 12136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:54:21.0015 12136 Udfs - ok
22:54:21.0015 12136 ultra - ok
22:54:21.0062 12136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:54:21.0078 12136 Update - ok
22:54:21.0078 12136 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:54:21.0093 12136 upnphost - ok
22:54:21.0093 12136 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:54:21.0093 12136 UPS - ok
22:54:21.0140 12136 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:54:21.0140 12136 USBAAPL - ok
22:54:21.0171 12136 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:54:21.0171 12136 usbaudio - ok
22:54:21.0203 12136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:54:21.0203 12136 usbccgp - ok
22:54:21.0218 12136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:54:21.0218 12136 usbehci - ok
22:54:21.0234 12136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:54:21.0234 12136 usbhub - ok
22:54:21.0265 12136 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:54:21.0265 12136 usbohci - ok
22:54:21.0281 12136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:54:21.0281 12136 usbprint - ok
22:54:21.0281 12136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:54:21.0281 12136 usbscan - ok
22:54:21.0312 12136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:54:21.0312 12136 USBSTOR - ok
22:54:21.0328 12136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:54:21.0343 12136 VgaSave - ok
22:54:21.0343 12136 ViaIde - ok
22:54:21.0359 12136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:54:21.0359 12136 VolSnap - ok
22:54:21.0390 12136 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
22:54:21.0390 12136 Vsdatant - ok
22:54:21.0562 12136 vsmon - ok
22:54:21.0578 12136 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:54:21.0593 12136 VSS - ok
22:54:21.0640 12136 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
22:54:21.0640 12136 vToolbarUpdater11.0.2 - ok
22:54:21.0703 12136 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:54:21.0703 12136 W32Time - ok
22:54:21.0734 12136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:54:21.0734 12136 Wanarp - ok
22:54:21.0734 12136 WDICA - ok
22:54:21.0796 12136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:54:21.0796 12136 wdmaud - ok
22:54:21.0812 12136 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:54:21.0812 12136 WebClient - ok
22:54:21.0859 12136 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:54:21.0875 12136 winmgmt - ok
22:54:21.0921 12136 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:54:21.0921 12136 WmdmPmSN - ok
22:54:21.0953 12136 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:54:21.0968 12136 Wmi - ok
22:54:21.0968 12136 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:54:21.0968 12136 WmiApSrv - ok
22:54:22.0062 12136 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:54:22.0078 12136 WMPNetworkSvc - ok
22:54:22.0125 12136 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:54:22.0140 12136 WpdUsb - ok
22:54:22.0156 12136 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:54:22.0156 12136 WS2IFSL - ok
22:54:22.0187 12136 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:54:22.0187 12136 wscsvc - ok
22:54:22.0218 12136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:54:22.0218 12136 WSTCODEC - ok
22:54:22.0218 12136 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:54:22.0218 12136 wuauserv - ok
22:54:22.0234 12136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:54:22.0234 12136 WudfPf - ok
22:54:22.0296 12136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:54:22.0296 12136 WudfRd - ok
22:54:22.0312 12136 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:54:22.0312 12136 WudfSvc - ok
22:54:22.0343 12136 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:54:22.0359 12136 WZCSVC - ok
22:54:22.0390 12136 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:54:22.0390 12136 xmlprov - ok
22:54:22.0437 12136 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:54:22.0453 12136 YahooAUService - ok
22:54:22.0468 12136 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
22:54:22.0484 12136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:54:22.0484 12136 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:54:22.0546 12136 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:54:22.0546 12136 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:54:22.0546 12136 Boot (0x1200) (82780a316d2e336585a6a2754852774a) \Device\Harddisk0\DR0\Partition0
22:54:22.0546 12136 \Device\Harddisk0\DR0\Partition0 - ok
22:54:22.0546 12136 ============================================================
22:54:22.0546 12136 Scan finished
22:54:22.0546 12136 ============================================================
22:54:22.0562 10152 Detected object count: 2
22:54:22.0562 10152 Actual detected object count: 2
22:55:15.0375 10152 \Device\Harddisk0\DR0\# - copied to quarantine
22:55:15.0375 10152 \Device\Harddisk0\DR0 - copied to quarantine
22:55:15.0390 10152 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:55:15.0390 10152 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:55:15.0406 10152 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:55:15.0406 10152 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:55:15.0421 10152 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:55:15.0421 10152 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:55:15.0421 10152 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:55:15.0421 10152 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:55:15.0421 10152 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:55:15.0437 10152 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:55:15.0437 10152 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:55:15.0437 10152 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:55:15.0468 10152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:55:15.0468 10152 \Device\Harddisk0\DR0 - ok
22:55:21.0031 10152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:55:21.0031 10152 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:55:21.0031 10152 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:55:29.0781 9460 Deinitialize success




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dad :: THETICK2 [administrator]

5/7/2012 11:05:49 PM
mbam-log-2012-05-07 (23-05-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257912
Time elapsed: 20 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: b779d4aae9c70c0e58f2eb2452ae308b -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:60020 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Dad\list.txt (Malware.Trace) -> Quarantined and deleted successfully.

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:16 AM

Posted 08 May 2012 - 03:46 PM

OK, great,,You neeeded to reboot.
How's the Frame color

We need to update a couple things and do another scan..

Lets scan first and get what ever is left so the updates go smooth.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 08 May 2012 - 11:46 PM

All of the frame colors look much better. The computer seems to be running fine too. below is the result of the ESET Scan.


C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2c2bcf72 multiple threats deleted - quarantined
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\43\58630b2b-67bbd10a Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\7\143b51c7-76160920 a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\6.0\8\6bb21e88-3d50b64b a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LP\0037\148.tmp.vir Win32/PSW.Agent.NTM trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LP\0037\B80.exe.vir Win32/Cycbot.AK trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Object\bhO_project.dll.vir a variant of Win32/Adware.Facetheme.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B97EC97F-337A-4E76-82F9-C1854D7CEBC7}\RP469\A0138909.dll a variant of Win32/Adware.Gamevance.BR application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B97EC97F-337A-4E76-82F9-C1854D7CEBC7}\RP469\A0138911.dll a variant of Win32/Adware.Gamevance.BR application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B97EC97F-337A-4E76-82F9-C1854D7CEBC7}\RP472\A0139254.dll a variant of Win32/Adware.Facetheme.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B97EC97F-337A-4E76-82F9-C1854D7CEBC7}\RP489\A0159384.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.05.2012_22.53.39\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AXZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.05.2012_22.53.39\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.05.2012_22.53.39\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.05.2012_22.53.39\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.05.2012_22.53.39\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.05.2012_22.53.39\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:16 AM

Posted 09 May 2012 - 11:46 AM

Now that was great!!

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 09 May 2012 - 06:35 PM

Done. Thank you for your help. I appreciate your step by step instructions. I'm running Zone Alarm, AVG and SUPERAntiSpyware - is this not sufficient to stop viruses or at least clear them out?

Thank you!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:16 AM

Posted 09 May 2012 - 08:15 PM

Is that AVG free?


BTW you're welcome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 10 May 2012 - 07:55 AM

Yes, the free version of AVG. Will I be better off buying AVG?

Without Bleeping Computer I'd be dead in the water. Thanks for giving me the opportunity to work on my own computer.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:16 AM

Posted 10 May 2012 - 10:59 AM

No no need I just prefer Avira free over that.

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.

Click on your Start Menu, then Run....
Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".


When shown the disclaimer, Select "2"
This will remove files/folders assoicated with combofix and uninstall it.



If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users