Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Don't Know What Infected My Computer


  • This topic is locked This topic is locked
19 replies to this topic

#1 heyronstaaar

heyronstaaar

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 03 June 2012 - 12:42 AM

Hello sir / ma'am,

I have a computer here that opens up about 30 new windows on firefox / chrome. Then sometimes it keeps on popping up Microsoft Outlook when in fact I don't use outlook. Other times it redirects to some site, like for example, I am looking at facebook then later on it will open up another window with facebook but different place like the help center. And then on a search bar it keeps on typing " QYTREW " I have no clue what this means. It's pretty creepy if you ask me. \=

I am also using a D-Link router. I have read that viruses can infect the router as well. So then I went ahead reset the router. And now my problem is that I can't log in the D-Link site to renew my login and password and to update the firmware.

Also for additional information, my dad and I use this computer. I don't is he triggered the virus or if I did.

Thank you very much in advance!

Ps: I took a video of the pop ups (it's one of many btw)
http://youtu.be/Ipat-mzXeZg

Edited by heyronstaaar, 03 June 2012 - 03:34 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 03 June 2012 - 09:19 AM

Hello QYTREW can be a malware or a keyboard glitch, If you can try the board on another PC,you you will know if its the board.

Let's also scan.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
    [*
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

>>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 03 June 2012 - 11:53 AM

Hello sir! Thank you for the fast reply.. I did what was asked and here they are:

MINITOOLBOX:

MiniToolBox by Farbar Version: 14-01-2012
Ran by xfiles (administrator) on 03-06-2012 at 23:17:00
Microsoft Windows XP Professional Service Pack 3, v.6206 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : xfiles-30b472bb

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 00-1B-FC-01-DB-A2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.163

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Sunday, June 03, 2012 11:00:49 PM

Lease Expires . . . . . . . . . . : Monday, June 04, 2012 2:00:49 AM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.71.138, 74.125.71.139, 74.125.71.100, 74.125.71.101
74.125.71.102, 74.125.71.113



Pinging google.com [74.125.71.138] with 32 bytes of data:



Reply from 74.125.71.138: bytes=32 time=53ms TTL=49

Reply from 74.125.71.138: bytes=32 time=38ms TTL=49



Ping statistics for 74.125.71.138:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 53ms, Average = 45ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=253ms TTL=49

Reply from 209.191.122.70: bytes=32 time=236ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 236ms, Maximum = 253ms, Average = 244ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1b fc 01 db a2 ...... Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.163 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.163 192.168.0.163 10
192.168.0.163 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.163 192.168.0.163 10
224.0.0.0 240.0.0.0 192.168.0.163 192.168.0.163 10
255.255.255.255 255.255.255.255 192.168.0.163 192.168.0.163 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2012 01:10:42 PM) (Source: Microsoft Office 12) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

Error: (06/03/2012 01:10:41 PM) (Source: Microsoft Office 12) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

Error: (06/02/2012 10:04:44 PM) (Source: Application Error) (User: )
Description: Fault bucket 739705659.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (06/02/2012 10:04:29 PM) (Source: Application Error) (User: )
Description: Faulting application sidebar.exe, version 6.0.6001.18000, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x000109f9.
Processing media-specific event for [sidebar.exe!ws!]

Error: (02/23/2012 03:27:48 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800736b1.


System errors:
=============
Error: (06/03/2012 10:02:21 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error: (05/31/2012 08:58:50 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/22/2012 05:19:42 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/18/2012 09:49:07 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (02/23/2012 03:46:27 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/23/2012 03:46:27 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/23/2012 03:46:20 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/23/2012 03:46:15 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/23/2012 03:45:42 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (02/23/2012 03:45:38 AM) (Source: 0) (User: )
Description: \Device\CdRom1


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 1.7.7)
7-Zip 4.57
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Alchemy Deluxe
Alice Greenfingers
Alky for Applications (Windows XP) (Version: 1.1)
Amazing Adventures: The Lost Tomb
Angry Birds Rio (Version: 1.2.2)
AstroPop Deluxe
ATI Display Driver (Version: 8.162-050803a2-025203C-ATI)
Atomica Deluxe
avast! Free Antivirus (Version: 6.0.1125.0)
Bejeweled 2 Deluxe
Bejeweled Deluxe
Big Kahuna Reef
Big Money Deluxe
Bonnie's Bookstore Deluxe
Bookworm Adventures Deluxe
Bookworm Deluxe
Cake Mania
CCleaner (remove only)
Chuzzle Deluxe
Diner Dash 2
Dynomite Deluxe
ebgcInfra (Version: 1.1.0)
ebgcRes (Version: 1.0.0)
ebgcSDK (Version: 1.0.0)
Emusic - 50 FREE MP3s from eMusic!
Family Feud
Farm Frenzy 3 Ice Age h33t
Feeding Frenzy 2 Deluxe
Feeding Frenzy Deluxe
Gadget Installer (Version: 1.0.2)
GameHouse Super Games AIO® (Version: 2.0)
Google Update Helper (Version: 1.3.21.111)
Hammer Heads Deluxe
HashTab 2.0.8 (Version: 2.0.8)
Heavy Weapon Deluxe
Hunt Virus Utilities
IconPackager
Iggle Pop Deluxe
Insaniquarium Deluxe
IZArc 3.81 (Version: 3.81 Build 1550)
K-Lite Codec Pack 3.9.0 Standard (Version: 3.9.0)
Kels' CPL Bonus Pack! (Version: 8.2.2)
LClock
Magic Match
Mahjong Escape: Ancient Japan
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft Encarta Premium 2009 (Version: 2009)
Microsoft Office 2007 Recent Documents Gadget (Version: 12.0.4518.1027)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 SP1 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304 (Version: 9.0.30304)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Web Services Enhancements 1.0 SP1 (Version: 1.0.3057.0)
Microsoft Web Services Enhancements 2.0 SP3 (Version: 2.0.5050.0)
Microsoft Web Services Enhancements 3.0 (Version: 3.0.5305.0)
Mozilla Firefox 7.0 (x86 en-US) (Version: 7.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Mummy Maze Deluxe
Mystery Case Files: Huntsville
Mystery PI
Mystery Solitaire: Secret Island
NingPo MahJong Deluxe
Noah's Ark Deluxe
Peggle Deluxe
Pixelus Deluxe
PizzaFrenzy
Platypus
PowerCmd 1.9 (Version: AppVerName)
QBeez 2
Rocket Mania Deluxe
RocketDock 1.3.5
Seven Seas Deluxe
SilvestriRN5e
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
SoundMAX (Version: 5.12.01.5410)
Styler (Version: 1.4.0.1)
Super Collapse 3
Talismania Deluxe
TipTop Deluxe
Tradewinds Legends
Typer Shark Deluxe
Unlocker 1.8.7 (Version: 1.8.7)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Venice Deluxe
VLC media player 0.9.4 (Version: 0.9.4)
Water Bugs
WebFldrs XP (Version: 9.50.7523)
Winamp (remove only)
WindowBlinds (Version: 6.10)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Sidebar (Version: 6.0.6001.18000)
WinRAR archiver
Word Harmony Deluxe
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Zuma's Revenge! (Version: 1.0)
Zuma Deluxe

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1023.23 MB
Available physical RAM: 577.61 MB
Total Pagefile: 2461.9 MB
Available Pagefile: 2063.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.3 GB) (Free:23.73 GB) NTFS

========================= Users: ========================================

User accounts for \\XFILES-30B472BB

Administrator Guest HelpAssistant
SUPPORT_388945a0 xfiles


**** End of log ****



RKILL:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/03/2012 at 23:35:56.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 06/03/2012 at 23:36:00.



TDSSKILLER:

23:40:12.0562 1164 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:40:13.0671 1164 ============================================================
23:40:13.0671 1164 Current date / time: 2012/06/03 23:40:13.0671
23:40:13.0671 1164 SystemInfo:
23:40:13.0671 1164
23:40:13.0671 1164 OS Version: 5.1.2600 ServicePack: 3.0
23:40:13.0671 1164 Product type: Workstation
23:40:13.0671 1164 ComputerName: XFILES-30B472BB
23:40:13.0671 1164 UserName: xfiles
23:40:13.0671 1164 Windows directory: C:\WINDOWS
23:40:13.0671 1164 System windows directory: C:\WINDOWS
23:40:13.0671 1164 Processor architecture: Intel x86
23:40:13.0671 1164 Number of processors: 2
23:40:13.0671 1164 Page size: 0x1000
23:40:13.0671 1164 Boot type: Safe boot with network
23:40:13.0671 1164 ============================================================
23:40:16.0531 1164 Drive \Device\Harddisk0\DR0 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:40:16.0531 1164 ============================================================
23:40:16.0531 1164 \Device\Harddisk0\DR0:
23:40:16.0531 1164 MBR partitions:
23:40:16.0531 1164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A98C86
23:40:16.0531 1164 ============================================================
23:40:16.0578 1164 C: <-> \Device\Harddisk0\DR0\Partition0
23:40:16.0593 1164 ============================================================
23:40:16.0593 1164 Initialize success
23:40:16.0593 1164 ============================================================
23:40:38.0171 1120 ============================================================
23:40:38.0171 1120 Scan started
23:40:38.0171 1120 Mode: Manual; TDLFS;
23:40:38.0171 1120 ============================================================
23:40:39.0546 1120 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:40:39.0546 1120 Aavmker4 - ok
23:40:39.0562 1120 Abiosdsk - ok
23:40:39.0593 1120 abp480n5 - ok
23:40:39.0640 1120 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:40:39.0656 1120 ACPI - ok
23:40:39.0687 1120 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:40:39.0687 1120 ACPIEC - ok
23:40:39.0703 1120 adpu160m - ok
23:40:39.0750 1120 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
23:40:39.0765 1120 aeaudio - ok
23:40:39.0796 1120 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:40:39.0812 1120 aec - ok
23:40:39.0843 1120 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:40:39.0859 1120 AFD - ok
23:40:39.0890 1120 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:40:39.0906 1120 agp440 - ok
23:40:39.0921 1120 Aha154x - ok
23:40:39.0937 1120 aic78u2 - ok
23:40:39.0968 1120 aic78xx - ok
23:40:40.0015 1120 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:40:40.0015 1120 Alerter - ok
23:40:40.0031 1120 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:40:40.0031 1120 ALG - ok
23:40:40.0046 1120 AliIde - ok
23:40:40.0078 1120 amsint - ok
23:40:40.0125 1120 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:40:40.0140 1120 AppMgmt - ok
23:40:40.0156 1120 asc - ok
23:40:40.0187 1120 asc3350p - ok
23:40:40.0218 1120 asc3550 - ok
23:40:40.0328 1120 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:40:40.0375 1120 aspnet_state - ok
23:40:40.0421 1120 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:40:40.0421 1120 aswFsBlk - ok
23:40:40.0437 1120 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
23:40:40.0437 1120 aswMon2 - ok
23:40:40.0468 1120 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
23:40:40.0468 1120 aswRdr - ok
23:40:40.0500 1120 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
23:40:40.0531 1120 aswSnx - ok
23:40:40.0562 1120 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
23:40:40.0578 1120 aswSP - ok
23:40:40.0609 1120 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
23:40:40.0609 1120 aswTdi - ok
23:40:40.0640 1120 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:40:40.0656 1120 AsyncMac - ok
23:40:40.0687 1120 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:40:40.0687 1120 atapi - ok
23:40:40.0703 1120 Atdisk - ok
23:40:40.0765 1120 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
23:40:40.0796 1120 Ati HotKey Poller - ok
23:40:40.0890 1120 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:40:40.0953 1120 ati2mtag - ok
23:40:41.0000 1120 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:40:41.0015 1120 Atmarpc - ok
23:40:41.0046 1120 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:40:41.0062 1120 AudioSrv - ok
23:40:41.0093 1120 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:40:41.0093 1120 audstub - ok
23:40:41.0203 1120 avast! Antivirus (7de3ee7dbee14c1f8375cb82466c9321) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:40:41.0218 1120 avast! Antivirus - ok
23:40:41.0265 1120 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:40:41.0265 1120 Beep - ok
23:40:41.0312 1120 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:40:41.0437 1120 BITS - ok
23:40:41.0468 1120 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:40:41.0484 1120 Browser - ok
23:40:41.0500 1120 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:40:41.0500 1120 cbidf2k - ok
23:40:41.0531 1120 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:40:41.0531 1120 CCDECODE - ok
23:40:41.0546 1120 cd20xrnt - ok
23:40:41.0593 1120 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:40:41.0593 1120 Cdaudio - ok
23:40:41.0640 1120 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:40:41.0656 1120 Cdfs - ok
23:40:41.0687 1120 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:40:41.0687 1120 Cdrom - ok
23:40:41.0703 1120 Changer - ok
23:40:41.0750 1120 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:40:41.0750 1120 CiSvc - ok
23:40:41.0781 1120 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:40:41.0781 1120 ClipSrv - ok
23:40:41.0859 1120 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:40:41.0953 1120 clr_optimization_v2.0.50727_32 - ok
23:40:41.0968 1120 CmdIde - ok
23:40:41.0984 1120 COMSysApp - ok
23:40:42.0046 1120 Cpqarray - ok
23:40:42.0093 1120 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:40:42.0093 1120 CryptSvc - ok
23:40:42.0109 1120 dac2w2k - ok
23:40:42.0140 1120 dac960nt - ok
23:40:42.0203 1120 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:40:42.0218 1120 DcomLaunch - ok
23:40:42.0265 1120 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:40:42.0265 1120 Dhcp - ok
23:40:42.0312 1120 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:40:42.0312 1120 Disk - ok
23:40:42.0328 1120 dmadmin - ok
23:40:42.0406 1120 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:40:42.0437 1120 dmboot - ok
23:40:42.0468 1120 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:40:42.0484 1120 dmio - ok
23:40:42.0500 1120 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:40:42.0500 1120 dmload - ok
23:40:42.0546 1120 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:40:42.0546 1120 dmserver - ok
23:40:42.0578 1120 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:40:42.0593 1120 DMusic - ok
23:40:42.0609 1120 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:40:42.0625 1120 Dnscache - ok
23:40:42.0671 1120 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:40:42.0671 1120 Dot3svc - ok
23:40:42.0687 1120 dpti2o - ok
23:40:42.0734 1120 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:40:42.0734 1120 drmkaud - ok
23:40:42.0765 1120 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:40:42.0781 1120 EapHost - ok
23:40:42.0796 1120 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:40:42.0796 1120 ERSvc - ok
23:40:42.0828 1120 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:40:42.0843 1120 Eventlog - ok
23:40:42.0875 1120 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:40:42.0890 1120 EventSystem - ok
23:40:42.0921 1120 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:40:42.0937 1120 Fastfat - ok
23:40:42.0968 1120 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:40:42.0984 1120 FastUserSwitchingCompatibility - ok
23:40:43.0000 1120 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:40:43.0015 1120 Fdc - ok
23:40:43.0046 1120 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:40:43.0046 1120 Fips - ok
23:40:43.0078 1120 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:40:43.0078 1120 Flpydisk - ok
23:40:43.0125 1120 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:40:43.0125 1120 FltMgr - ok
23:40:43.0234 1120 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:40:43.0250 1120 FontCache3.0.0.0 - ok
23:40:43.0281 1120 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:40:43.0281 1120 Fs_Rec - ok
23:40:43.0312 1120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:40:43.0312 1120 Ftdisk - ok
23:40:43.0359 1120 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:40:43.0375 1120 Gpc - ok
23:40:43.0484 1120 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:40:43.0500 1120 gupdate - ok
23:40:43.0500 1120 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:40:43.0500 1120 gupdatem - ok
23:40:43.0578 1120 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:40:43.0593 1120 helpsvc - ok
23:40:43.0593 1120 HidServ - ok
23:40:43.0640 1120 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:40:43.0640 1120 hidusb - ok
23:40:43.0687 1120 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:40:43.0687 1120 hkmsvc - ok
23:40:43.0703 1120 hpn - ok
23:40:43.0765 1120 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
23:40:43.0781 1120 HTTP - ok
23:40:43.0828 1120 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:40:43.0828 1120 HTTPFilter - ok
23:40:43.0843 1120 i2omgmt - ok
23:40:43.0859 1120 i2omp - ok
23:40:43.0921 1120 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:40:43.0937 1120 i8042prt - ok
23:40:44.0046 1120 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:40:44.0125 1120 idsvc - ok
23:40:44.0171 1120 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:40:44.0187 1120 Imapi - ok
23:40:44.0218 1120 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:40:44.0234 1120 ImapiService - ok
23:40:44.0250 1120 ini910u - ok
23:40:44.0312 1120 IntelIde - ok
23:40:44.0359 1120 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:40:44.0375 1120 intelppm - ok
23:40:44.0390 1120 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:40:44.0406 1120 Ip6Fw - ok
23:40:44.0437 1120 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:40:44.0453 1120 IpFilterDriver - ok
23:40:44.0468 1120 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:40:44.0484 1120 IpInIp - ok
23:40:44.0515 1120 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:40:44.0515 1120 IpNat - ok
23:40:44.0546 1120 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:40:44.0562 1120 IPSec - ok
23:40:44.0593 1120 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:40:44.0593 1120 IRENUM - ok
23:40:44.0640 1120 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:40:44.0656 1120 isapnp - ok
23:40:44.0687 1120 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:40:44.0687 1120 Kbdclass - ok
23:40:44.0734 1120 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:40:44.0734 1120 kmixer - ok
23:40:44.0765 1120 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:40:44.0781 1120 KSecDD - ok
23:40:44.0812 1120 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
23:40:44.0828 1120 LanmanServer - ok
23:40:44.0859 1120 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:40:44.0906 1120 lanmanworkstation - ok
23:40:44.0921 1120 lbrtfdc - ok
23:40:44.0984 1120 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:40:44.0984 1120 LmHosts - ok
23:40:45.0015 1120 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:40:45.0031 1120 Messenger - ok
23:40:45.0140 1120 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:40:45.0140 1120 Microsoft Office Groove Audit Service - ok
23:40:45.0187 1120 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
23:40:45.0203 1120 MidiSyn - ok
23:40:45.0234 1120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:40:45.0234 1120 mnmdd - ok
23:40:45.0265 1120 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:40:45.0281 1120 mnmsrvc - ok
23:40:45.0296 1120 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:40:45.0312 1120 Modem - ok
23:40:45.0343 1120 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:40:45.0343 1120 Mouclass - ok
23:40:45.0390 1120 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:40:45.0390 1120 mouhid - ok
23:40:45.0421 1120 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:40:45.0437 1120 MountMgr - ok
23:40:45.0453 1120 mraid35x - ok
23:40:45.0500 1120 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:40:45.0500 1120 MRxDAV - ok
23:40:45.0562 1120 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:40:45.0578 1120 MRxSmb - ok
23:40:45.0609 1120 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:40:45.0625 1120 MSDTC - ok
23:40:45.0671 1120 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:40:45.0671 1120 Msfs - ok
23:40:45.0671 1120 MSIServer - ok
23:40:45.0734 1120 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:40:45.0734 1120 MSKSSRV - ok
23:40:45.0781 1120 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:40:45.0781 1120 MSPCLOCK - ok
23:40:45.0781 1120 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:40:45.0781 1120 MSPQM - ok
23:40:45.0828 1120 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:40:45.0828 1120 mssmbios - ok
23:40:45.0875 1120 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:40:45.0875 1120 MSTEE - ok
23:40:45.0906 1120 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:40:45.0921 1120 Mup - ok
23:40:45.0953 1120 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:40:45.0968 1120 NABTSFEC - ok
23:40:46.0000 1120 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:40:46.0031 1120 napagent - ok
23:40:46.0078 1120 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:40:46.0078 1120 NDIS - ok
23:40:46.0125 1120 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:40:46.0125 1120 NdisIP - ok
23:40:46.0140 1120 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:40:46.0140 1120 NdisTapi - ok
23:40:46.0187 1120 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:40:46.0187 1120 Ndisuio - ok
23:40:46.0218 1120 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:40:46.0218 1120 NdisWan - ok
23:40:46.0250 1120 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:40:46.0250 1120 NDProxy - ok
23:40:46.0296 1120 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:40:46.0296 1120 NetBIOS - ok
23:40:46.0328 1120 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:40:46.0343 1120 NetBT - ok
23:40:46.0375 1120 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:40:46.0375 1120 NetDDE - ok
23:40:46.0390 1120 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:40:46.0390 1120 NetDDEdsdm - ok
23:40:46.0437 1120 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:40:46.0437 1120 Netlogon - ok
23:40:46.0484 1120 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:40:46.0484 1120 Netman - ok
23:40:46.0609 1120 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:40:46.0625 1120 NetTcpPortSharing - ok
23:40:46.0671 1120 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:40:46.0687 1120 Nla - ok
23:40:46.0718 1120 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:40:46.0734 1120 Npfs - ok
23:40:46.0781 1120 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:40:46.0812 1120 Ntfs - ok
23:40:46.0828 1120 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:40:46.0828 1120 NtLmSsp - ok
23:40:46.0890 1120 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:40:46.0906 1120 NtmsSvc - ok
23:40:46.0937 1120 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:40:46.0937 1120 Null - ok
23:40:46.0968 1120 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:40:46.0968 1120 NwlnkFlt - ok
23:40:46.0984 1120 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:40:47.0000 1120 NwlnkFwd - ok
23:40:47.0156 1120 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:40:47.0203 1120 odserv - ok
23:40:47.0250 1120 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:40:47.0296 1120 ose - ok
23:40:47.0343 1120 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:40:47.0359 1120 Parport - ok
23:40:47.0375 1120 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:40:47.0375 1120 PartMgr - ok
23:40:47.0421 1120 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:40:47.0421 1120 ParVdm - ok
23:40:47.0437 1120 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:40:47.0437 1120 PCI - ok
23:40:47.0468 1120 PCIDump - ok
23:40:47.0484 1120 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:40:47.0484 1120 PCIIde - ok
23:40:47.0531 1120 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:40:47.0546 1120 Pcmcia - ok
23:40:47.0562 1120 PDCOMP - ok
23:40:47.0578 1120 PDFRAME - ok
23:40:47.0609 1120 PDRELI - ok
23:40:47.0640 1120 PDRFRAME - ok
23:40:47.0656 1120 perc2 - ok
23:40:47.0671 1120 perc2hib - ok
23:40:47.0765 1120 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:40:47.0765 1120 PlugPlay - ok
23:40:47.0796 1120 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:40:47.0796 1120 PolicyAgent - ok
23:40:47.0843 1120 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:40:47.0843 1120 PptpMiniport - ok
23:40:47.0859 1120 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:40:47.0859 1120 ProtectedStorage - ok
23:40:47.0890 1120 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:40:47.0890 1120 PSched - ok
23:40:47.0921 1120 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:40:47.0921 1120 Ptilink - ok
23:40:47.0953 1120 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
23:40:47.0953 1120 PxHelp20 - ok
23:40:47.0968 1120 ql1080 - ok
23:40:48.0000 1120 Ql10wnt - ok
23:40:48.0015 1120 ql12160 - ok
23:40:48.0046 1120 ql1240 - ok
23:40:48.0078 1120 ql1280 - ok
23:40:48.0109 1120 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:40:48.0109 1120 RasAcd - ok
23:40:48.0140 1120 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:40:48.0156 1120 RasAuto - ok
23:40:48.0187 1120 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:40:48.0203 1120 Rasl2tp - ok
23:40:48.0234 1120 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:40:48.0250 1120 RasMan - ok
23:40:48.0281 1120 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:40:48.0296 1120 RasPppoe - ok
23:40:48.0328 1120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:40:48.0328 1120 Raspti - ok
23:40:48.0375 1120 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:40:48.0390 1120 Rdbss - ok
23:40:48.0421 1120 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:40:48.0421 1120 RDPCDD - ok
23:40:48.0468 1120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:40:48.0484 1120 rdpdr - ok
23:40:48.0531 1120 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:40:48.0531 1120 RDPWD - ok
23:40:48.0593 1120 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:40:48.0640 1120 RDSessMgr - ok
23:40:48.0671 1120 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:40:48.0687 1120 redbook - ok
23:40:48.0734 1120 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:40:48.0750 1120 RemoteAccess - ok
23:40:48.0781 1120 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:40:48.0796 1120 RemoteRegistry - ok
23:40:48.0828 1120 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:40:48.0828 1120 RpcLocator - ok
23:40:48.0890 1120 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:40:48.0890 1120 RpcSs - ok
23:40:48.0921 1120 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:40:48.0937 1120 RSVP - ok
23:40:48.0984 1120 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:40:48.0984 1120 SamSs - ok
23:40:49.0031 1120 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:40:49.0046 1120 SCardSvr - ok
23:40:49.0078 1120 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:40:49.0093 1120 Schedule - ok
23:40:49.0109 1120 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:40:49.0109 1120 Secdrv - ok
23:40:49.0125 1120 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:40:49.0125 1120 seclogon - ok
23:40:49.0187 1120 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
23:40:49.0203 1120 senfilt - ok
23:40:49.0250 1120 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:40:49.0250 1120 SENS - ok
23:40:49.0281 1120 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:40:49.0281 1120 serenum - ok
23:40:49.0312 1120 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:40:49.0312 1120 Serial - ok
23:40:49.0375 1120 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:40:49.0375 1120 Sfloppy - ok
23:40:49.0421 1120 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:40:49.0453 1120 SharedAccess - ok
23:40:49.0484 1120 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:40:49.0484 1120 ShellHWDetection - ok
23:40:49.0500 1120 Simbad - ok
23:40:49.0562 1120 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:40:49.0562 1120 SLIP - ok
23:40:49.0640 1120 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
23:40:49.0640 1120 smwdm - ok
23:40:49.0718 1120 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
23:40:49.0734 1120 SoundMAX Agent Service (default) - ok
23:40:49.0750 1120 Sparrow - ok
23:40:49.0796 1120 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:40:49.0796 1120 splitter - ok
23:40:49.0828 1120 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:40:49.0843 1120 Spooler - ok
23:40:49.0875 1120 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:40:49.0890 1120 Sr - ok
23:40:49.0921 1120 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:40:49.0937 1120 srservice - ok
23:40:49.0984 1120 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:40:50.0000 1120 Srv - ok
23:40:50.0031 1120 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:40:50.0046 1120 SSDPSRV - ok
23:40:50.0093 1120 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:40:50.0140 1120 stisvc - ok
23:40:50.0171 1120 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:40:50.0171 1120 streamip - ok
23:40:50.0203 1120 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:40:50.0203 1120 swenum - ok
23:40:50.0234 1120 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:40:50.0250 1120 swmidi - ok
23:40:50.0265 1120 SwPrv - ok
23:40:50.0281 1120 symc810 - ok
23:40:50.0312 1120 symc8xx - ok
23:40:50.0343 1120 sym_hi - ok
23:40:50.0359 1120 sym_u3 - ok
23:40:50.0406 1120 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:40:50.0421 1120 sysaudio - ok
23:40:50.0453 1120 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:40:50.0468 1120 SysmonLog - ok
23:40:50.0500 1120 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:40:50.0531 1120 TapiSrv - ok
23:40:50.0562 1120 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:40:50.0593 1120 Tcpip - ok
23:40:50.0625 1120 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:40:50.0625 1120 TDPIPE - ok
23:40:50.0640 1120 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:40:50.0640 1120 TDTCP - ok
23:40:50.0687 1120 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:40:50.0687 1120 TermDD - ok
23:40:50.0734 1120 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:40:50.0750 1120 TermService - ok
23:40:50.0781 1120 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:40:50.0781 1120 Themes - ok
23:40:50.0812 1120 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:40:50.0828 1120 TlntSvr - ok
23:40:50.0843 1120 TosIde - ok
23:40:50.0890 1120 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:40:50.0906 1120 TrkWks - ok
23:40:50.0953 1120 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:40:50.0953 1120 Udfs - ok
23:40:50.0968 1120 ultra - ok
23:40:51.0062 1120 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
23:40:51.0062 1120 UnlockerDriver5 - ok
23:40:51.0109 1120 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:40:51.0125 1120 Update - ok
23:40:51.0171 1120 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:40:51.0187 1120 upnphost - ok
23:40:51.0203 1120 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:40:51.0203 1120 UPS - ok
23:40:51.0265 1120 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:40:51.0265 1120 usbaudio - ok
23:40:51.0312 1120 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:40:51.0328 1120 usbccgp - ok
23:40:51.0359 1120 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:40:51.0375 1120 usbehci - ok
23:40:51.0421 1120 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:40:51.0437 1120 usbhub - ok
23:40:51.0468 1120 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:40:51.0484 1120 usbprint - ok
23:40:51.0515 1120 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:40:51.0515 1120 usbscan - ok
23:40:51.0562 1120 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:40:51.0578 1120 USBSTOR - ok
23:40:51.0593 1120 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:40:51.0593 1120 usbuhci - ok
23:40:51.0656 1120 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:40:51.0656 1120 usbvideo - ok
23:40:51.0703 1120 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:40:51.0703 1120 VgaSave - ok
23:40:51.0718 1120 ViaIde - ok
23:40:51.0765 1120 VIAudio (a1abff7b96be4cbe5e902feffb9125d9) C:\WINDOWS\system32\drivers\vinyl97.sys
23:40:51.0765 1120 VIAudio - ok
23:40:51.0796 1120 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:40:51.0812 1120 VolSnap - ok
23:40:51.0843 1120 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:40:51.0875 1120 VSS - ok
23:40:51.0906 1120 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:40:51.0921 1120 W32Time - ok
23:40:51.0968 1120 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:40:51.0984 1120 Wanarp - ok
23:40:52.0000 1120 WDICA - ok
23:40:52.0062 1120 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:40:52.0062 1120 wdmaud - ok
23:40:52.0125 1120 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:40:52.0125 1120 WebClient - ok
23:40:52.0218 1120 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:40:52.0234 1120 winmgmt - ok
23:40:52.0312 1120 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
23:40:52.0328 1120 WmdmPmSN - ok
23:40:52.0390 1120 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:40:52.0421 1120 Wmi - ok
23:40:52.0484 1120 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:40:52.0515 1120 WmiApSrv - ok
23:40:52.0656 1120 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:40:52.0718 1120 WMPNetworkSvc - ok
23:40:52.0765 1120 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:40:52.0781 1120 wscsvc - ok
23:40:52.0828 1120 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:40:52.0828 1120 WSTCODEC - ok
23:40:52.0859 1120 wuauserv (d29ad7484b98279ed21877de051a180f) C:\WINDOWS\system32\wuauserv.dll
23:40:52.0937 1120 wuauserv - ok
23:40:53.0000 1120 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:40:53.0000 1120 WudfPf - ok
23:40:53.0031 1120 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:40:53.0046 1120 WudfRd - ok
23:40:53.0062 1120 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:40:53.0078 1120 WudfSvc - ok
23:40:53.0140 1120 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:40:53.0156 1120 WZCSVC - ok
23:40:53.0187 1120 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:40:53.0250 1120 xmlprov - ok
23:40:53.0281 1120 yukonwxp (f44f7f71b3c84f8ee96c3bfd3915c25f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23:40:53.0296 1120 yukonwxp - ok
23:40:53.0359 1120 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:40:53.0843 1120 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:40:53.0843 1120 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:40:53.0859 1120 Boot (0x1200) (90358af1ed8da4476ea38940126ce1df) \Device\Harddisk0\DR0\Partition0
23:40:53.0859 1120 \Device\Harddisk0\DR0\Partition0 - ok
23:40:53.0875 1120 ============================================================
23:40:53.0875 1120 Scan finished
23:40:53.0875 1120 ============================================================
23:40:53.0906 1212 Detected object count: 1
23:40:53.0906 1212 Actual detected object count: 1
23:41:14.0406 1212 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:41:14.0406 1212 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip




SUPERANTISPYWARE:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/04/2012 at 00:23 AM

Application Version : 5.0.1150

Core Rules Database Version : 8675
Trace Rules Database Version: 6487

Scan type : Complete Scan
Total Scan Time : 00:27:17

Operating System Information
Windows XP Professional 32-bit, Service Pack 3, v.6206 (Build 5.01.2600)
Administrator

Memory items scanned : 354
Memory threats detected : 0
Registry items scanned : 33206
Registry threats detected : 0
File items scanned : 50871
File threats detected : 98

Adware.Tracking Cookie
C:\Documents and Settings\xfiles\Cookies\DPK7Y51R.txt [ /adinterax.com ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\XFILES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YNL8GR6K.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-OnlineGames[Wilao]
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\7ZS2519.TMP\PATCHER6.1.EXE
C:\DOCUMENTS AND SETTINGS\XFILES\7ZS2519.TMP\PATCHER6.1.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\7ZS2519.TMP\PATCHER6.1.EXE




MALWAREBYTES ANTI MALWARE:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
xfiles :: XFILES-30B472BB [administrator]

Protection: Enabled

6/4/2012 12:50:27 AM
mbam-log-2012-06-04 (00-50-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184498
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Quarantined and deleted successfully.

(end)



Again, thank you sir for helping me out! I am not sure if this resolved my problem because the actual pop ups happen so randomly during the day, I am hoping that these processes ended the malware this computer had.
I have a quick question though, is it true that the router can be infected by any type of virus? If so, how can I check?
Thank you!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 03 June 2012 - 01:04 PM

Hello, first I want to say it is highly probable that you infected yourself yhtu a torrent download. That why they post free things.

Yes a router can be infected. Generally if it is and there are other machines on it,they will also share the symptoms.


If it were ,,, you would need to fix it like this...
Bur since it is not you should change the Default Password to prevent it.
Secure my router





The problem is actually based in your router and that in turn is infecting all the other computers on your network.
Here is the entire fix(from the beginning) that you will need to run on each PC.

Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.



Now we should run a last look.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 03 June 2012 - 07:54 PM

Hello sir,

The other computer is at the shop, being reformatted ( I was trying to get it fixed ) ..is it possible for it to be infected again once I plug it in the house? ( If in case I don't run malwarebytes? Just asking ) I WILL run the anti malware you recommend me though just to make sure :busy:

About the D-Link router we have, I DID reset it yesterday and I can reset it again as instructed, but I know that my problem will be login back in all of the passwords that are applicable to the newly reset router do not work for some reason ( i.e. admin, etc. ) ...how do I go about this so I can make it secure and safe from viruses?

Thank you!

#6 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 04 June 2012 - 07:01 AM

Sir,

I did reset the d-link router but now my problem is that it won't let me log in. What do I do now?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 04 June 2012 - 11:04 AM

Did you change the passwaord?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 05 June 2012 - 05:04 AM

I haven't yet sir. The default password does not work on the computer, and the outlook express are popping up again :huh: . Sir, how do I go about this? Should I go ahead and follow the instructions above with the second computer?

#9 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 05 June 2012 - 07:34 AM

& this notification keeps on popping up whenever i leave the computer on \=

postimage.org/image/864fd6en7/

postimage.org/image/67900h9mv/

does this mean the virus is STILL there?? :blink:

#10 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 05 June 2012 - 07:46 AM

Sir,

Wouldn't it be a good idea if I try to figure out how i can change the settings on the router first then run malwarebytes on the second computer?

#11 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 05 June 2012 - 09:03 AM

Sir,

Great news! I have managed to SECURE my router. Should I now download malwarebytes on our second computer? So sorry, I didn't quite get how " they will need to be cleared with the above steps before resetting the router " as stated from you previous post.

Please bare with me & thank you for your patience :dance:

#12 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 05 June 2012 - 10:19 AM

Sir

I ran the ESET scanner and even before after it was completed the microsoft outlook popped up then it started beeping :o): ...the scanner did finde two threats then proceeded to telling me that they recommend to install eset security or the nod32 antivirus

What am I supposed to do now?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 05 June 2012 - 11:01 AM

Its not a bad idea to scan the others with MBAM but it " they will need to be cleared with the above steps before resetting the router " is only if they were also redirecting..
May I see the ESET log.

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 05 June 2012 - 11:08 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
LASTRELLA :: LASTRELLA-PC [administrator]

Protection: Enabled

6/5/2012 11:31:07 PM
mbam-log-2012-06-05 (23-31-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189758
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Host Process For Windows Services (Backdoor.Agent) -> Data: "C:\Windows\system32\winservices\svchost.exe" -> Quarantined and deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Windows Maintenance (Backdoor.PWin.Gen) -> Data: "C:\Windows\system32\system\svchost.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 heyronstaaar

heyronstaaar
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:46 AM

Posted 05 June 2012 - 11:10 AM

THE qytrew IS BACK and TAKING OVER MY CPU :o




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users