TechSpot

Virus disables everything Including startbar control panel etc.

By lewis0001
Aug 16, 2011
  1. Ok, i know this is my first post....
    And i am fairly new to all this stuff and may not word things properly.

    I AM USING WINDOWS VISTA HOME PREMIUM :)

    I Am Currently infected with a virus and have been for around 3 weeks. I have been able to deal with it but now its got so bad.

    It takes me around 5 minutes to boot up and when i log in i have no taskbar/ startbar and i have to used task manager and use the run feature to get onto things such as the internet like now. EVERYTHING i download gets disabled either as its installing or on the next reboot. I believe It has its own user account called trusted installer o.0
    that is the account that has all the permissions and it has demoted my administrator account to only be able to read/write and execute. (Also i should add when i try to open things that the virus has disabled it says you do not have the privelages to open this file.) i can change the permissions so i have full control but when i reboot it changes back. I REALLY DONT KNOW WHAT TO DO NOW :'(
    please guys, i need help
    if i have missed anything you need to know please tell me and i will reply to the thread and keep updated on the progress

    THANKS IN ADVANCE!
     
  2. lewis0001

    lewis0001 TS Rookie Topic Starter

    anybody got any help?
     
  3. lewis0001

    lewis0001 TS Rookie Topic Starter

    anybody???????
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Complete as many steps as you can.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. lewis0001

    lewis0001 TS Rookie Topic Starter

    Thanks broni, i think i may be to far infected... :( it just closes malwarebytes when i run it..
    i got this from GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-17 11:23:31
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM160HI rev.HH100-08
    Running: xgfe70xp.exe; Driver: C:\Users\Lewis\AppData\Local\Temp\fgldrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\drivers\mskssr2k.sys ZwEnumerateKey [0x90467ED7]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:264] 83FFAFC0
    Thread System [4:268] 83FFAFC0
    Thread System [4:272] 87581505
    Thread System [4:276] 87581505

    ---- EOF - GMER 1.0.15 ----

    i dont know if thats right or not

    this is my dds log

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
    Run by Lewis at 11:28:07 on 2011-08-17
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2813.1064 [GMT 1:00]
    .
    AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    "\\.\globalroot\Device\svchost.exe\svchost.exe"
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\lxbkcoms.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\MPK\mpk.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
    C:\Windows\system32\wermgr.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\java.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.hotspotshield.com/g/?c=h
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
    uInternet Settings,ProxyOverride = local
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mpk\mpk.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SS Plugin Class: {f4d5d150-d806-442c-ae1e-172bd4c9dfa8} - c:\windows\bpkwb.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRunOnce: [Application Restart #0] c:\program files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [BDWizReg] "c:\program files\bitdefender\bitdefender 2009\bdwizreg.exe" /account
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
    mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malware bytes\mbamgui.exe /install /silent
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mExplorerRun: [Policies] c:\windows\windir\WinUpdate
    StartupFolder: c:\users\lewis\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
    IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{001763C1-BDF8-4436-8237-6C0234405D3D} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{85B56A26-4A72-48DB-A59C-0CF0533049A2} : DhcpNameServer = 192.168.22.22 192.168.22.23
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    mASetup: {NVE23150-L8A7-RSA8-8743-77I701528QTC} - c:\windows\windir\WinUpdate Restart
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 HdAudint;HdAudint;c:\windows\system32\drivers\HdAudint.sys [2011-6-6 17408]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-8 459728]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-8-16 28552]
    R0 tos_spex;tos_spex;c:\windows\system32\drivers\tos_spex.sys [2011-6-6 25088]
    R1 mskssr2k;mskssr2k;c:\windows\system32\drivers\mskssr2k.sys [2011-6-6 522240]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2011-3-14 25896]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-6 136360]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-6 66616]
    R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-7-1 298824]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
    R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-8-26 94208]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-10-8 7168]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-17 41272]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-6 269480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 ConfigFree Service;ConfigFree Service;"c:\program files\toshiba\configfree\cfsvcs.exe" --> c:\program files\toshiba\configfree\CFSvcs.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-27 130560]
    S2 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
    S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-19 148520]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-16 1153368]
    S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-22 2331136]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;"c:\program files\toshiba\smartlogservice\tosipcsrv.exe" --> c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [?]
    S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-4-15 146312]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-14 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-8 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-27 130560]
    S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
    S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-10-8 79304]
    S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-10-8 35240]
    S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-10-8 33800]
    S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-10-8 40488]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
    S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;"c:\program files\toshiba\smartfacev\smartfacevwatchsrv.exe" --> c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-08-17 10:18:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-17 10:18:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-17 10:18:02 -------- d-----w- c:\program files\Malware bytes
    2011-08-17 01:32:39 -------- d-sh--w- C:\found.000
    2011-08-16 17:35:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-08-16 17:35:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-08-16 15:07:50 -------- d-----w- c:\users\lewis\appdata\roaming\Franckey
    2011-08-16 13:32:17 -------- d-----w- c:\users\lewis\appdata\local\NPE
    2011-08-16 13:32:17 -------- d-----w- c:\programdata\Norton
    2011-08-15 23:48:12 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2011-08-15 23:48:07 -------- d-----w- c:\program files\Panda Security
    2011-08-15 23:22:55 -------- d-----w- c:\programdata\hssff
    2011-08-15 21:56:58 -------- d-----w- c:\users\lewis\appdata\roaming\f-secure
    2011-08-15 21:55:41 -------- d-----w- c:\programdata\F-Secure
    2011-08-15 21:25:18 -------- d-----w- c:\program files\ESET
    2011-08-15 21:09:42 -------- d-----w- c:\users\lewis\appdata\local\Mozilla
    2011-08-15 21:00:47 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-08-15 20:49:43 -------- d-----w- c:\users\lewis\appdata\roaming\QuickScan
    2011-08-15 20:41:12 -------- d-----w- c:\users\lewis\appdata\roaming\BitDefender
    2011-08-15 20:40:51 -------- d-----w- c:\programdata\BitDefender
    2011-08-15 20:40:51 -------- d-----w- c:\program files\BitDefender
    2011-08-15 20:39:40 -------- d-----w- c:\program files\common files\BitDefender
    2011-08-15 10:24:13 -------- d-----w- c:\users\lewis\RSCEmulation
    2011-08-15 10:23:48 -------- d-----w- c:\users\lewis\YanilleScape2
    2011-08-15 10:18:45 -------- d-----w- c:\users\lewis\dcv1
    2011-08-15 10:18:29 -------- d-----w- c:\users\lewis\PwnXileHD
    2011-08-15 09:37:24 -------- d-----w- c:\users\lewis\.Rev1X
    2011-08-14 21:53:01 -------- d-----w- c:\users\lewis\NearRealityCachev122
    2011-08-14 21:30:12 -------- d-----w- c:\users\lewis\appdata\roaming\dpker3
    2011-08-14 21:27:21 -------- d-----w- c:\users\lewis\InstinctPKCache
    2011-08-13 21:56:25 -------- d-----r- c:\program files\Skype
    2011-08-12 14:41:56 -------- d-----w- C:\.IntDubPkCacheV3
    2011-08-12 14:40:39 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-12 14:34:04 -------- d-----w- c:\users\lewis\appdata\roaming\Avira
    2011-08-06 15:39:44 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-06 15:39:44 -------- d-----w- c:\programdata\Avira
    2011-08-06 15:39:44 -------- d-----w- c:\program files\Avira
    2011-08-06 15:28:02 -------- d-----w- c:\users\lewis\appdata\roaming\Malwarebytes
    2011-08-06 15:27:39 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-06 15:10:00 0 ----a-w- c:\windows\VDM2758.tmp
    2011-08-06 15:09:51 0 ----a-w- c:\windows\VDM41E.tmp
    2011-08-06 15:09:45 0 ----a-w- c:\windows\VDMEC88.tmp
    2011-08-06 15:09:33 0 ----a-w- c:\windows\VDMBD6A.tmp
    2011-08-06 15:09:30 0 ----a-w- c:\windows\VDMB1A8.tmp
    2011-08-06 15:09:21 0 ----a-w- c:\windows\VDM8E5E.tmp
    2011-08-06 15:09:18 0 ----a-w- c:\windows\VDM829A.tmp
    2011-08-06 15:09:12 0 ----a-w- c:\windows\VDM6B16.tmp
    2011-08-06 15:09:00 0 ----a-w- c:\windows\VDM3C08.tmp
    2011-08-06 15:08:57 0 ----a-w- c:\windows\VDM3047.tmp
    2011-08-06 15:08:49 299520 ----a-w- c:\windows\uninst.exe
    2011-08-06 15:08:48 0 ----a-w- c:\windows\VDMCFE.tmp
    2011-08-06 14:40:39 -------- d-----w- C:\drivers
    2011-08-06 13:20:48 -------- d-----w- c:\program files\Lexmark X1100 Series
    2011-08-04 07:26:10 -------- d-----w- c:\programdata\McAfee Security Scan
    2011-08-04 07:26:02 -------- d-----w- c:\program files\McAfee Security Scan
    2011-08-03 20:19:32 -------- d-----w- c:\users\lewis\appdata\local\Apple Computer
    2011-08-03 15:11:15 -------- d-----w- C:\Netgear
    2011-07-24 21:20:30 -------- d-----w- c:\programdata\UAB
    2011-07-24 21:19:37 -------- d-----w- c:\users\lewis\appdata\local\PC_Drivers_Headquarters
    2011-07-24 20:56:49 -------- d-----w- c:\programdata\Driver Boost
    2011-07-24 20:53:48 -------- d-----w- c:\program files\DriverBoost
    2011-07-24 10:49:29 -------- d-----w- c:\users\lewis\SilGar
    2011-07-24 10:07:19 -------- d-----w- c:\users\lewis\PwnXile
    2011-07-24 09:32:09 -------- d-----w- C:\Hotspot Shield
    2011-07-24 09:32:01 755016 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
    2011-07-24 09:32:00 756552 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    2011-07-24 09:31:53 -------- d-----w- c:\program files\Hotspot Shield
    2011-07-23 14:18:24 -------- d-----w- c:\program files\decomp
    2011-07-23 14:13:59 -------- d-----w- c:\users\lewis\hades5
    2011-07-23 14:04:03 -------- d-----w- c:\users\lewis\appdata\local\Apple
    2011-07-23 13:44:35 -------- d-----w- c:\users\lewis\.roguex_cache
    2011-07-23 12:16:30 14744 ----a-w- c:\users\lewis\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
    2011-07-23 12:15:46 -------- d-----w- c:\users\lewis\Tracing
    2011-07-23 11:11:08 -------- d-----w- c:\users\lewis\.RuneMyth_v18
    2011-07-22 20:13:54 -------- d-----w- c:\users\lewis\.jagex_cache_32
    2011-07-22 18:34:59 -------- d-----w- c:\users\lewis\.SSRB2
    2011-07-22 18:33:44 -------- d-----w- c:\users\lewis\RsCache1
    2011-07-22 18:08:05 -------- d-----w- c:\users\lewis\.TRPKCachev3
    2011-07-22 17:54:06 -------- d-----w- c:\users\lewis\firepk3
    2011-07-22 16:41:18 -------- d-----w- c:\users\lewis\helixV2.2
    2011-07-22 11:21:55 -------- d-----w- c:\users\lewis\appdata\local\Adobe
    2011-07-22 08:45:57 -------- d-----w- c:\users\lewis\appdata\roaming\TeamViewer
    2011-07-21 20:53:37 -------- d-----w- c:\users\lewis\appdata\roaming\.minecraft
    2011-07-19 19:52:33 -------- d-----w- c:\users\lewis\appdata\local\Google
    2011-07-19 16:39:11 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-07-19 16:39:11 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-07-19 16:04:22 -------- d-----w- c:\programdata\AVAST Software
    2011-07-19 16:04:22 -------- d-----w- c:\program files\AVAST Software
    2011-07-19 15:26:47 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-07-19 11:33:01 53248 ----a-w- c:\temp\Process.exe
    2011-07-19 11:32:59 122176 ----a-w- c:\windows\Uninstall_Siemens.EXE
    2011-07-19 11:22:23 -------- d-----w- c:\program files\Orange
    2011-07-19 00:21:46 909312 ----a-w- c:\programdata\defender.exe
    2011-07-18 18:13:32 508032 ----a-w- c:\temp\startuninstall.exe
    2011-07-18 15:56:59 -------- d-----w- C:\Rev1XHD
    2011-07-18 14:53:39 232960 ----a-w- c:\windows\Hbenua.exe
    2011-07-18 14:53:30 62464 --sha-r- c:\windows\system32\sqlwoa8.dll
    2011-07-18 14:47:36 -------- d-----w- c:\programdata\Protexis
    .
    ==================== Find3M ====================
    .
    2011-08-17 10:07:37 820223 ----a-w- c:\windows\system32\cdocache.dll
    2011-08-15 21:14:17 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
    2011-08-06 16:49:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-30 20:07:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-06 18:05:37 32 ----a-w- c:\windows\system32\COMMDcom.dat.dll
    2011-06-06 09:11:12 3162112 ----a-w- c:\windows\system32\GDIsvr.EXE
    2011-06-06 09:04:58 17408 ----a-w- c:\windows\system32\drivers\HdAudint.sys
    2011-06-06 09:04:50 522240 ----a-w- c:\windows\system32\drivers\mskssr2k.sys
    2011-06-06 09:03:44 25088 ----a-w- c:\windows\system32\drivers\tos_spex.sys
    2011-06-06 09:00:52 1094144 ----a-w- c:\windows\system32\jscrix86.dll
    2011-06-02 12:59:29 2042368 ----a-w- c:\windows\system32\win32k.sys
    2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
    2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-24 23:40:12 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
    2011-05-24 23:40:10 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
    2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 11:29:10.64 ===============


    AND THIS IS MY ATTACH LOG


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/03/2011 10:46:14
    System Uptime: 17/08/2011 11:07:10 (0 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 2000/1800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 9.968 GiB free.
    D: is FIXED (NTFS) - 37 GiB total, 36.541 GiB free.
    E: is FIXED (NTFS) - 37 GiB total, 31.331 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0001
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0001
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #2
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
    Device ID: USB\VID_0BDA&PID_8197\00E04C000001
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
    PNP Device ID: USB\VID_0BDA&PID_8197\00E04C000001
    Service: RTL8187B
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    #1- Jolt
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Professional CS5.5
    Adobe Photoshop CS5.1
    Adobe Reader 8.1.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    Avira AntiVir Personal - Free Antivirus
    BitDefender Free Edition 2009
    Bonjour
    Camera Assistant Software for Toshiba
    CamStudio OSS Desktop Recorder
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    DJ Java Decompiler v.3.11.11.95
    DriverBoost
    DVD MovieFactory for TOSHIBA
    EpicBot
    ESET Online Scanner v3
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotspot Shield 2.06
    InstallIQ Updater
    iTunes
    Java Auto Updater
    Java DB 10.6.2.1
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 25
    Junk Mail filter update
    Keylogger Detector
    LDC Driving Test Complete
    Lexmark X1100 Series
    Malwarebytes' Anti-Malware version 1.51.1.1800
    McAfee Security Scan Plus
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft XML Parser
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MinecraftCrack
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    myphotobook 3.6
    Notepad++
    OpenOffice.org Installer 1.0
    Panda ActiveScan 2.0
    PDF Settings CS5
    PHP 5.3.6
    Picasa 2
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek High Definition Audio Driver
    REALTEK RTL8187B Wireless LAN Driver
    Realtek USB 2.0 Card Reader
    Realtek WiFi Protected Setup Library
    ReCycle Demo 2.1.2
    RuneScape Launcher 1.0.4
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB2447961)
    Skins
    Skype™ 5.5
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    T-Mobile Mobile Broadband Manager
    TeamViewer 6
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA Manuals
    Toshiba Online Product Information
    TOSHIBA Recovery Disc Creator
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    Toshiba TEMPRO
    TOSHIBA Value Added Package
    TRDCReminder
    TRORDCLauncher
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Ventrilo Client
    Viewpoint Media Player
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    WinRAR 4.01 (32-bit)
    YouTube Downloader 3.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17/08/2011 11:07:38, Error: EventLog [6008] - The previous system shutdown at 02:12:20 on 17/08/2011 was unexpected.
    17/08/2011 01:10:29, Error: EventLog [6008] - The previous system shutdown at 01:06:43 on 17/08/2011 was unexpected.
    16/08/2011 20:16:52, Error: EventLog [6008] - The previous system shutdown at 20:14:36 on 16/08/2011 was unexpected.
    16/08/2011 20:12:16, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    16/08/2011 20:10:46, Error: EventLog [6008] - The previous system shutdown at 20:09:19 on 16/08/2011 was unexpected.
    16/08/2011 18:14:28, Error: EventLog [6008] - The previous system shutdown at 18:12:45 on 16/08/2011 was unexpected.
    16/08/2011 18:04:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb mskssr2k pavboot spldr ssmdrv tos_spex Wanarpv6
    16/08/2011 18:04:26, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    16/08/2011 18:03:05, Error: EventLog [6008] - The previous system shutdown at 18:01:00 on 16/08/2011 was unexpected.
    16/08/2011 17:42:04, Error: Service Control Manager [7000] - The McAfee Security Scan Component Host Service service failed to start due to the following error: Access is denied.
    16/08/2011 17:41:15, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    16/08/2011 17:38:59, Error: Service Control Manager [7023] - The BitDefender Threat Scanner service terminated with the following error: The class is configured to run as a security id different from the caller
    16/08/2011 17:38:50, Error: Service Control Manager [7030] - The BitDefender Desktop Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    16/08/2011 17:35:05, Error: EventLog [6008] - The previous system shutdown at 17:24:03 on 16/08/2011 was unexpected.
    16/08/2011 14:12:49, Error: EventLog [6008] - The previous system shutdown at 14:10:46 on 16/08/2011 was unexpected.
    16/08/2011 10:10:10, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{001763C1-BDF8-4436-8237-6C0234405D3D} because another computer on the network has the same name. The server could not start.
    16/08/2011 10:09:55, Error: EventLog [6008] - The previous system shutdown at 01:39:55 on 16/08/2011 was unexpected.
    16/08/2011 01:37:11, Error: EventLog [6008] - The previous system shutdown at 01:35:17 on 16/08/2011 was unexpected.
    16/08/2011 01:22:27, Error: EventLog [6008] - The previous system shutdown at 01:20:33 on 16/08/2011 was unexpected.
    16/08/2011 00:22:05, Error: Service Control Manager [7000] - The BitDefender Virus Shield service failed to start due to the following error: Access is denied.
    16/08/2011 00:20:40, Error: EventLog [6008] - The previous system shutdown at 00:19:15 on 16/08/2011 was unexpected.
    15/08/2011 23:29:26, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    15/08/2011 21:44:56, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
    15/08/2011 21:07:47, Error: EventLog [6008] - The previous system shutdown at 20:52:16 on 15/08/2011 was unexpected.
    15/08/2011 20:35:24, Error: EventLog [6008] - The previous system shutdown at 20:30:02 on 15/08/2011 was unexpected.
    15/08/2011 20:30:02, Error: EventLog [6008] - The previous system shutdown at 20:13:44 on 15/08/2011 was unexpected.
    15/08/2011 20:05:53, Error: EventLog [6008] - The previous system shutdown at 20:03:41 on 15/08/2011 was unexpected.
    15/08/2011 20:03:05, Error: EventLog [6008] - The previous system shutdown at 20:00:11 on 15/08/2011 was unexpected.
    15/08/2011 19:59:21, Error: EventLog [6008] - The previous system shutdown at 19:57:54 on 15/08/2011 was unexpected.
    15/08/2011 19:55:04, Error: EventLog [6008] - The previous system shutdown at 19:53:33 on 15/08/2011 was unexpected.
    15/08/2011 17:17:18, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.89.72.24 for the Network Card with network address 00FF4B0966E1 has been denied by the DHCP server 10.19.47.254 (The DHCP Server sent a DHCPNACK message).
    15/08/2011 17:11:01, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.96.120.18 for the Network Card with network address 00FF4B0966E1 has been denied by the DHCP server 10.89.79.254 (The DHCP Server sent a DHCPNACK message).
    15/08/2011 17:08:55, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.78.96.22 for the Network Card with network address 00FF4B0966E1 has been denied by the DHCP server 10.96.127.254 (The DHCP Server sent a DHCPNACK message).
    15/08/2011 10:32:01, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user LEWISWORK\Lewis SID (S-1-5-21-3035510109-2285219160-2968515914-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    15/08/2011 09:44:42, Error: EventLog [6008] - The previous system shutdown at 00:02:46 on 15/08/2011 was unexpected.
    14/08/2011 23:44:57, Error: EventLog [6008] - The previous system shutdown at 23:42:43 on 14/08/2011 was unexpected.
    14/08/2011 18:39:34, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: Access is denied.
    14/08/2011 18:39:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
    14/08/2011 14:43:54, Error: EventLog [6008] - The previous system shutdown at 14:42:46 on 14/08/2011 was unexpected.
    14/08/2011 10:17:55, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001E33750F54 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    14/08/2011 10:17:53, Error: EventLog [6008] - The previous system shutdown at 02:59:21 on 14/08/2011 was unexpected.
    13/08/2011 20:44:31, Error: EventLog [6008] - The previous system shutdown at 20:42:46 on 13/08/2011 was unexpected.
    13/08/2011 20:40:58, Error: EventLog [6008] - The previous system shutdown at 20:38:09 on 13/08/2011 was unexpected.
    12/08/2011 15:54:05, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    12/08/2011 15:49:12, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    12/08/2011 15:48:29, Error: Service Control Manager [7034] - The lxbk_device service terminated unexpectedly. It has done this 1 time(s).
    12/08/2011 15:45:20, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    12/08/2011 15:42:33, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    12/08/2011 15:34:29, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
    12/08/2011 15:31:21, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/08/2011 15:30:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
    12/08/2011 15:30:19, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:30:19, Error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:30:19, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/08/2011 15:30:12, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    12/08/2011 15:28:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    12/08/2011 15:28:24, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/08/2011 15:28:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    12/08/2011 15:28:20, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Notebook Performance Tuning Service service to connect.
    12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect.
    12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hotspot Shield Monitoring Service service to connect.
    12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
    12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira AntiVir Guard service to connect.
    12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Ulead Burning Helper service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The TOSHIBA SMART Log Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The TOSHIBA Power Saver service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The TOSHIBA Optical Disc Drive Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The TOSHIBA Navi Support Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The SmartFaceVWatchSrv service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Hotspot Shield Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Hotspot Shield Routing Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Hotspot Shield Monitoring Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The ConfigFree Service service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Ati External Event Utility service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The system cannot find the file specified.
    12/08/2011 15:28:10, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.2. The allocator has disabled itself on the interface to avoid confusing DHCP clients.
    12/08/2011 15:27:55, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    12/08/2011 15:27:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service SmartFaceVWatchSrv with arguments "" in order to run the server: {544EE5C0-F822-456E-9F1C-A575E95AF8FB}
    12/08/2011 15:27:14, Error: EventLog [6008] - The previous system shutdown at 17:35:44 on 09/08/2011 was unexpected.
    .
    ==== End Of File ===========================

    FANKOOO
     
  6. lewis0001

    lewis0001 TS Rookie Topic Starter

    Its killing my computer!! Honestly its disabling eveything :(( help!!!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You did very well.
    You ran as much steps as you could.
    Good job :)

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. lewis0001

    lewis0001 TS Rookie Topic Starter

    2011/08/18 01:11:19.0513 11480 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
    2011/08/18 01:11:19.0804 11480 ================================================================================
    2011/08/18 01:11:19.0804 11480 SystemInfo:
    2011/08/18 01:11:19.0804 11480
    2011/08/18 01:11:19.0804 11480 OS Version: 6.0.6001 ServicePack: 1.0
    2011/08/18 01:11:19.0804 11480 Product type: Workstation
    2011/08/18 01:11:19.0804 11480 ComputerName: LEWISWORK
    2011/08/18 01:11:19.0807 11480 UserName: Lewis
    2011/08/18 01:11:19.0807 11480 Windows directory: C:\Windows
    2011/08/18 01:11:19.0807 11480 System windows directory: C:\Windows
    2011/08/18 01:11:19.0807 11480 Processor architecture: Intel x86
    2011/08/18 01:11:19.0807 11480 Number of processors: 2
    2011/08/18 01:11:19.0807 11480 Page size: 0x1000
    2011/08/18 01:11:19.0807 11480 Boot type: Normal boot
    2011/08/18 01:11:19.0807 11480 ================================================================================
    2011/08/18 01:11:22.0323 11480 Initialize success
    2011/08/18 01:11:25.0352 11608 ================================================================================
    2011/08/18 01:11:25.0352 11608 Scan started
    2011/08/18 01:11:25.0352 11608 Mode: Manual;
    2011/08/18 01:11:25.0352 11608 ================================================================================
    2011/08/18 01:11:28.0851 11608 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    2011/08/18 01:11:28.0933 11608 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/08/18 01:11:29.0030 11608 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/08/18 01:11:29.0099 11608 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/08/18 01:11:29.0159 11608 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/08/18 01:11:29.0283 11608 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    2011/08/18 01:11:29.0417 11608 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/08/18 01:11:29.0525 11608 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/08/18 01:11:29.0573 11608 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/08/18 01:11:29.0626 11608 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/08/18 01:11:29.0678 11608 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/08/18 01:11:29.0716 11608 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/08/18 01:11:29.0761 11608 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/08/18 01:11:29.0793 11608 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/08/18 01:11:29.0931 11608 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/08/18 01:11:29.0988 11608 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/08/18 01:11:30.0060 11608 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/08/18 01:11:30.0127 11608 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
    2011/08/18 01:11:30.0316 11608 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/08/18 01:11:30.0436 11608 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
    2011/08/18 01:11:30.0574 11608 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/08/18 01:11:30.0665 11608 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/08/18 01:11:30.0822 11608 bdfm (f040e9fff03bc19aff03cb922e131cd7) C:\Windows\system32\drivers\bdfm.sys
    2011/08/18 01:11:30.0918 11608 bdfsfltr (d281217152b9fc5774863e70e3fab4d3) C:\Windows\system32\DRIVERS\bdfsfltr.sys
    2011/08/18 01:11:30.0989 11608 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/08/18 01:11:31.0089 11608 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/08/18 01:11:31.0187 11608 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    2011/08/18 01:11:31.0254 11608 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/08/18 01:11:31.0326 11608 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/08/18 01:11:31.0375 11608 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/08/18 01:11:31.0420 11608 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/08/18 01:11:31.0465 11608 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/08/18 01:11:31.0521 11608 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/08/18 01:11:31.0566 11608 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/08/18 01:11:31.0598 11608 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/08/18 01:11:31.0648 11608 cdrom (ef00c49d2404c37a320659f70d3b4133) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/08/18 01:11:31.0668 11608 cdrom - detected Rootkit.Win32.ZAccess.e (0)
    2011/08/18 01:11:31.0724 11608 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/08/18 01:11:31.0782 11608 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    2011/08/18 01:11:31.0903 11608 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/08/18 01:11:31.0950 11608 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/08/18 01:11:31.0988 11608 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/08/18 01:11:32.0082 11608 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/08/18 01:11:32.0141 11608 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/08/18 01:11:32.0246 11608 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    2011/08/18 01:11:32.0352 11608 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    2011/08/18 01:11:32.0473 11608 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/08/18 01:11:32.0550 11608 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/08/18 01:11:32.0624 11608 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/08/18 01:11:32.0732 11608 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    2011/08/18 01:11:32.0842 11608 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/08/18 01:11:32.0951 11608 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/08/18 01:11:33.0060 11608 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    2011/08/18 01:11:33.0111 11608 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    2011/08/18 01:11:33.0193 11608 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/08/18 01:11:33.0256 11608 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/08/18 01:11:33.0316 11608 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/08/18 01:11:33.0368 11608 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/08/18 01:11:33.0402 11608 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    2011/08/18 01:11:33.0554 11608 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/08/18 01:11:33.0605 11608 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/08/18 01:11:33.0644 11608 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
    2011/08/18 01:11:33.0683 11608 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/08/18 01:11:33.0743 11608 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/08/18 01:11:34.0232 11608 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/08/18 01:11:34.0275 11608 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/08/18 01:11:34.0365 11608 HdAudint (f199eff0c66efa0666ac19cc7e29c624) C:\Windows\system32\drivers\HdAudint.sys
    2011/08/18 01:11:34.0425 11608 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/08/18 01:11:34.0502 11608 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/08/18 01:11:34.0596 11608 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/08/18 01:11:34.0652 11608 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/08/18 01:11:34.0728 11608 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/08/18 01:11:34.0832 11608 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2011/08/18 01:11:34.0950 11608 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
    2011/08/18 01:11:35.0110 11608 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    2011/08/18 01:11:35.0173 11608 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/08/18 01:11:35.0259 11608 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/08/18 01:11:35.0339 11608 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/08/18 01:11:35.0408 11608 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/08/18 01:11:35.0592 11608 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/08/18 01:11:35.0681 11608 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/08/18 01:11:35.0724 11608 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/08/18 01:11:35.0812 11608 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/08/18 01:11:35.0926 11608 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/08/18 01:11:35.0978 11608 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/08/18 01:11:36.0063 11608 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/08/18 01:11:36.0111 11608 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/08/18 01:11:36.0160 11608 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/08/18 01:11:36.0214 11608 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/08/18 01:11:36.0248 11608 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/08/18 01:11:36.0295 11608 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/08/18 01:11:36.0338 11608 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    2011/08/18 01:11:36.0435 11608 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    2011/08/18 01:11:36.0552 11608 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/08/18 01:11:36.0647 11608 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/08/18 01:11:36.0721 11608 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/08/18 01:11:36.0772 11608 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/08/18 01:11:36.0818 11608 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/08/18 01:11:37.0033 11608 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/08/18 01:11:37.0104 11608 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/08/18 01:11:37.0215 11608 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\Windows\system32\drivers\mfeapfk.sys
    2011/08/18 01:11:37.0295 11608 mfeavfk (21dd45cae791d0cde10631b80f16f653) C:\Windows\system32\drivers\mfeavfk.sys
    2011/08/18 01:11:37.0379 11608 mfebopk (decde1c615c256fa2893b5962b0b91e5) C:\Windows\system32\drivers\mfebopk.sys
    2011/08/18 01:11:37.0475 11608 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\Windows\system32\drivers\mfehidk.sys
    2011/08/18 01:11:37.0576 11608 mferkdk (5f33a57f904b64d1c6a548eca47a8656) C:\Windows\system32\drivers\mferkdk.sys
    2011/08/18 01:11:37.0643 11608 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
    2011/08/18 01:11:37.0761 11608 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/08/18 01:11:37.0822 11608 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/08/18 01:11:37.0947 11608 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/08/18 01:11:38.0015 11608 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/08/18 01:11:38.0070 11608 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/08/18 01:11:38.0139 11608 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
    2011/08/18 01:11:38.0224 11608 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/08/18 01:11:38.0270 11608 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/08/18 01:11:38.0327 11608 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/08/18 01:11:38.0388 11608 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    2011/08/18 01:11:38.0455 11608 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/08/18 01:11:38.0532 11608 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/08/18 01:11:38.0593 11608 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/08/18 01:11:38.0635 11608 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
    2011/08/18 01:11:38.0690 11608 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/08/18 01:11:38.0764 11608 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/08/18 01:11:38.0840 11608 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
    2011/08/18 01:11:38.0966 11608 mskssr2k (b24bb3315b738e391b2f70b4283f1aab) C:\Windows\system32\drivers\mskssr2k.sys
    2011/08/18 01:11:39.0046 11608 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/08/18 01:11:39.0102 11608 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/08/18 01:11:39.0147 11608 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/08/18 01:11:39.0193 11608 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    2011/08/18 01:11:39.0236 11608 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/08/18 01:11:39.0287 11608 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/08/18 01:11:39.0340 11608 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    2011/08/18 01:11:39.0459 11608 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/08/18 01:11:39.0576 11608 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    2011/08/18 01:11:39.0646 11608 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/08/18 01:11:39.0691 11608 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/08/18 01:11:39.0792 11608 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/08/18 01:11:39.0836 11608 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/08/18 01:11:39.0883 11608 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/08/18 01:11:39.0939 11608 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    2011/08/18 01:11:40.0108 11608 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/08/18 01:11:40.0316 11608 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    2011/08/18 01:11:40.0500 11608 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/08/18 01:11:40.0588 11608 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    2011/08/18 01:11:40.0688 11608 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/08/18 01:11:40.0749 11608 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/08/18 01:11:40.0807 11608 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/08/18 01:11:40.0864 11608 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/08/18 01:11:40.0927 11608 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/08/18 01:11:41.0076 11608 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/08/18 01:11:41.0172 11608 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/08/18 01:11:41.0220 11608 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    2011/08/18 01:11:41.0281 11608 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/08/18 01:11:41.0351 11608 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
    2011/08/18 01:11:41.0415 11608 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
    2011/08/18 01:11:41.0481 11608 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2011/08/18 01:11:41.0542 11608 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/08/18 01:11:41.0633 11608 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/08/18 01:11:41.0800 11608 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/08/18 01:11:41.0849 11608 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
    2011/08/18 01:11:41.0928 11608 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    2011/08/18 01:11:41.0980 11608 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/08/18 01:11:42.0090 11608 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/08/18 01:11:42.0215 11608 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/08/18 01:11:42.0302 11608 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/08/18 01:11:42.0371 11608 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/08/18 01:11:42.0447 11608 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/08/18 01:11:42.0530 11608 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/08/18 01:11:42.0628 11608 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/08/18 01:11:42.0698 11608 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/08/18 01:11:42.0788 11608 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/08/18 01:11:42.0886 11608 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2011/08/18 01:11:42.0942 11608 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/08/18 01:11:43.0029 11608 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    2011/08/18 01:11:43.0159 11608 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/08/18 01:11:43.0271 11608 RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys
    2011/08/18 01:11:43.0391 11608 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/08/18 01:11:43.0561 11608 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
    2011/08/18 01:11:43.0667 11608 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
    2011/08/18 01:11:43.0766 11608 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
    2011/08/18 01:11:43.0823 11608 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/08/18 01:11:44.0001 11608 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/08/18 01:11:44.0075 11608 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/08/18 01:11:44.0142 11608 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/08/18 01:11:44.0188 11608 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/08/18 01:11:44.0275 11608 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/08/18 01:11:44.0326 11608 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/08/18 01:11:44.0388 11608 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/08/18 01:11:44.0436 11608 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/08/18 01:11:44.0546 11608 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/08/18 01:11:44.0610 11608 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/08/18 01:11:44.0671 11608 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/08/18 01:11:44.0822 11608 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    2011/08/18 01:11:44.0912 11608 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/08/18 01:11:45.0032 11608 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    2011/08/18 01:11:45.0144 11608 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    2011/08/18 01:11:45.0205 11608 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/08/18 01:11:45.0316 11608 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/08/18 01:11:45.0424 11608 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
    2011/08/18 01:11:45.0591 11608 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/08/18 01:11:45.0654 11608 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/08/18 01:11:45.0711 11608 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/08/18 01:11:45.0824 11608 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/08/18 01:11:45.0962 11608 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
    2011/08/18 01:11:46.0140 11608 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    2011/08/18 01:11:46.0261 11608 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/08/18 01:11:46.0341 11608 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    2011/08/18 01:11:46.0456 11608 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/08/18 01:11:46.0590 11608 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/08/18 01:11:46.0674 11608 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/08/18 01:11:46.0746 11608 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/08/18 01:11:46.0860 11608 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
    2011/08/18 01:11:47.0028 11608 tos_spex (12750d11c0f61e525d480e2dbcd8e42e) C:\Windows\system32\drivers\tos_spex.sys
    2011/08/18 01:11:47.0070 11608 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
    2011/08/18 01:11:47.0158 11608 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/08/18 01:11:47.0215 11608 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/08/18 01:11:47.0254 11608 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/08/18 01:11:47.0314 11608 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    2011/08/18 01:11:47.0369 11608 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/08/18 01:11:47.0424 11608 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
    2011/08/18 01:11:47.0534 11608 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/08/18 01:11:47.0630 11608 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/08/18 01:11:47.0700 11608 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/08/18 01:11:47.0767 11608 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/08/18 01:11:47.0824 11608 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/08/18 01:11:47.0915 11608 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    2011/08/18 01:11:47.0964 11608 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/08/18 01:11:48.0028 11608 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/08/18 01:11:48.0121 11608 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/08/18 01:11:48.0164 11608 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/08/18 01:11:48.0204 11608 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/08/18 01:11:48.0271 11608 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/08/18 01:11:48.0342 11608 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/08/18 01:11:48.0417 11608 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/08/18 01:11:48.0463 11608 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/08/18 01:11:48.0532 11608 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/08/18 01:11:48.0614 11608 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    2011/08/18 01:11:48.0682 11608 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/08/18 01:11:48.0731 11608 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/08/18 01:11:48.0794 11608 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/08/18 01:11:48.0839 11608 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/08/18 01:11:48.0898 11608 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/08/18 01:11:48.0954 11608 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
    2011/08/18 01:11:49.0005 11608 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    2011/08/18 01:11:49.0070 11608 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    2011/08/18 01:11:49.0156 11608 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/08/18 01:11:49.0252 11608 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/08/18 01:11:49.0315 11608 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/18 01:11:49.0340 11608 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/18 01:11:49.0461 11608 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/08/18 01:11:49.0534 11608 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/08/18 01:11:49.0714 11608 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    2011/08/18 01:11:49.0877 11608 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/08/18 01:11:50.0055 11608 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/08/18 01:11:50.0120 11608 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/08/18 01:11:50.0249 11608 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/08/18 01:11:50.0377 11608 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    2011/08/18 01:11:50.0456 11608 Boot (0x1200) (b43d1a8bacc7e28ef496d4950908d0ee) \Device\Harddisk0\DR0\Partition0
    2011/08/18 01:11:50.0548 11608 Boot (0x1200) (d02c33a65935ac5967ea4fcf174b144b) \Device\Harddisk0\DR0\Partition1
    2011/08/18 01:11:50.0677 11608 Boot (0x1200) (2c2d63dac8cff9a274c8a6ec3f8a6b3f) \Device\Harddisk0\DR0\Partition2
    2011/08/18 01:11:50.0732 11608 ================================================================================
    2011/08/18 01:11:50.0732 11608 Scan finished
    2011/08/18 01:11:50.0732 11608 ================================================================================
    2011/08/18 01:11:50.0772 11600 Detected object count: 1
    2011/08/18 01:11:50.0772 11600 Actual detected object count: 1
    2011/08/18 01:12:50.0545 11600 cdrom (ef00c49d2404c37a320659f70d3b4133) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/08/18 01:12:50.0547 11600 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cdrom.sys) error 1813
    2011/08/18 01:12:51.0218 11600 Backup copy found, using it..
    2011/08/18 01:12:51.0231 11600 C:\Windows\system32\DRIVERS\cdrom.sys - will be cured after reboot
    2011/08/18 01:12:51.0231 11600 Rootkit.Win32.ZAccess.e(cdrom) - User select action: Cure
    2011/08/18 01:13:13.0921 11468 Deinitialize success
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good job :)

    See, if you can update and run MBAM now.
     
  10. lewis0001

    lewis0001 TS Rookie Topic Starter

    what is that? i currently have no backround dektop icons or startbar.... i have to run off of taskmanager, the viruses account is called trusted installer and i cant change it... and everything is blocked


    but anyway.. how do i do that?
     
  11. lewis0001

    lewis0001 TS Rookie Topic Starter

    dont wory its malwarebytes i get it, its actually running this time, so far so good.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)..........
     
  13. lewis0001

    lewis0001 TS Rookie Topic Starter

    and here its is... the files scanned was at 190 thousand with 12 infected.. then it stopped going up in files and got about 8000 infected... heres the log
    _________________________________________________________________





    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7494

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19088

    18/08/2011 03:27:16
    mbam-log-2011-08-18 (03-27-16).txt

    Scan type: Quick scan
    Objects scanned: 207702
    Time elapsed: 16 minute(s), 56 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 2
    Registry Keys Infected: 9
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 16
    Files Infected: 6547

    Memory Processes Infected:
    c:\Windows\System32\MPK\MPK.exe (Refog.Keylogger) -> 3200 -> Unloaded process successfully.

    Memory Modules Infected:
    c:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Delete on reboot.
    c:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{NVE23150-L8A7-RSA8-8743-77I701528QTC} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{NVE23150-L8A7-RSA8-8743-77I701528QTC} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{NVE23150-L8A7-RSA8-8743-77I701528QTC} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D5D150-D806-442c-AE1E-172BD4C9DFA8} (Spyware.Logger) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F4D5D150-D806-442c-AE1E-172BD4C9DFA8} (Spyware.Logger) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\SS.SS.1 (Spyware.Logger) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\SS.SS (Spyware.Logger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4D5D150-D806-442C-AE1E-172BD4C9DFA8} (Spyware.Logger) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (C:\Windows\system32\MPK\mpk.exe) Good: () -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (c:\windows\system32\userinit.exe,C:\Windows\system32\MPK\mpk.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\programdata\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\3 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\malformeddb (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\refog keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\Windows\System32\MPK (Refog.Keylogger) -> Delete on reboot.
    c:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\Windows\System32\MPK\Lang (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\sy5tw21.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Windows\System32\sqlwoa8.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\User\AppData\Local\Temp\7E26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\User\AppData\Local\Temp\Hzc.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\Users\User\AppData\Local\Temp\Hzd.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\Users\User\AppData\Local\Temp\Hze.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\Users\Lewis\downloads\camtasia_studio_7_keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    c:\Windows\Hbenua.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\sy5tw21.bin\a03175817cb.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
    c:\programdata\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\User\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
    c:\Users\User\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> Quarantined and deleted successfully.
    c:\Users\User\AppData\Roaming\Userlog.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\User\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
    c:\Windows\WinDir\winupdate (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
    c:\programdata\MPK\etilqs_4nsbgkiyorvdpvxhqtxr (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\etilqs_jtd8cjsvogd272tu6uqy (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\etilqs_v5owypt5oh15wbqdqqur (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\refog keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5600087963 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5634809028 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5669528819 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5704249884 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5738970023 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5773690162 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5808411343 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5843131134 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5877852662 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5912572801 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5947292593 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_5982014005 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_6016734491 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_6051454398 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_6086174537 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40742_6120895139 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7510649306 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7545369792 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7580090278 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7614811111 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7649531597 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7684252315 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7718973148 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7753694213 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7788414583 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7823135648 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7857856366 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7892577083 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7927297107 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7962018171 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_7996739005 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40738_8031459259 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1336749306 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1406191088 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1440911343 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1510353009 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1545073843 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1579793750 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1683956250 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1718676852 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1753397107 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1788118171 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1822838889 (Refog.Keylogger) -> Quarantined and deleted successfully.
    c:\programdata\MPK\1\i40734_1961721412 (Refog.Keylogger) -> Quarantined and deleted successfully.


    it just carries on about this mpk thing... uhm.. it ended up like 650 thousand charecters and i dont realy want to post it 7 more times but it just continues like that
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run MBAM, but this time select "Full scan".
    Post new log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...