Inactive Virus disables everything Including startbar control panel etc.

Status
Not open for further replies.
L

lewis0001

Posts: 9   +0
Ok, i know this is my first post....
And i am fairly new to all this stuff and may not word things properly.

I AM USING WINDOWS VISTA HOME PREMIUM :)

I Am Currently infected with a virus and have been for around 3 weeks. I have been able to deal with it but now its got so bad.

It takes me around 5 minutes to boot up and when i log in i have no taskbar/ startbar and i have to used task manager and use the run feature to get onto things such as the internet like now. EVERYTHING i download gets disabled either as its installing or on the next reboot. I believe It has its own user account called trusted installer o.0
that is the account that has all the permissions and it has demoted my administrator account to only be able to read/write and execute. (Also i should add when i try to open things that the virus has disabled it says you do not have the privelages to open this file.) i can change the permissions so i have full control but when i reboot it changes back. I REALLY DONT KNOW WHAT TO DO NOW :'(
please guys, i need help
if i have missed anything you need to know please tell me and i will reply to the thread and keep updated on the progress

THANKS IN ADVANCE!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Complete as many steps as you can.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks broni, i think i may be to far infected... :( it just closes malwarebytes when i run it..
i got this from GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-17 11:23:31
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM160HI rev.HH100-08
Running: xgfe70xp.exe; Driver: C:\Users\Lewis\AppData\Local\Temp\fgldrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\mskssr2k.sys ZwEnumerateKey [0x90467ED7]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:264] 83FFAFC0
Thread System [4:268] 83FFAFC0
Thread System [4:272] 87581505
Thread System [4:276] 87581505

---- EOF - GMER 1.0.15 ----

i dont know if thats right or not

this is my dds log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Lewis at 11:28:07 on 2011-08-17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2813.1064 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\MPK\mpk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mpk\mpk.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SS Plugin Class: {f4d5d150-d806-442c-ae1e-172bd4c9dfa8} - c:\windows\bpkwb.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Application Restart #0] c:\program files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BDWizReg] "c:\program files\bitdefender\bitdefender 2009\bdwizreg.exe" /account
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malware bytes\mbamgui.exe /install /silent
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mExplorerRun: [Policies] c:\windows\windir\WinUpdate
StartupFolder: c:\users\lewis\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{001763C1-BDF8-4436-8237-6C0234405D3D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{85B56A26-4A72-48DB-A59C-0CF0533049A2} : DhcpNameServer = 192.168.22.22 192.168.22.23
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {NVE23150-L8A7-RSA8-8743-77I701528QTC} - c:\windows\windir\WinUpdate Restart
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 HdAudint;HdAudint;c:\windows\system32\drivers\HdAudint.sys [2011-6-6 17408]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-8 459728]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-8-16 28552]
R0 tos_spex;tos_spex;c:\windows\system32\drivers\tos_spex.sys [2011-6-6 25088]
R1 mskssr2k;mskssr2k;c:\windows\system32\drivers\mskssr2k.sys [2011-6-6 522240]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2011-3-14 25896]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-6 136360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-6 66616]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-7-1 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-8-26 94208]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-10-8 7168]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-17 41272]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-6 269480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;"c:\program files\toshiba\configfree\cfsvcs.exe" --> c:\program files\toshiba\configfree\CFSvcs.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-27 130560]
S2 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-19 148520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-16 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-22 2331136]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;"c:\program files\toshiba\smartlogservice\tosipcsrv.exe" --> c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [?]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-4-15 146312]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-14 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-8 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-27 130560]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-10-8 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-10-8 35240]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-10-8 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-10-8 40488]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;"c:\program files\toshiba\smartfacev\smartfacevwatchsrv.exe" --> c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-17 10:18:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 10:18:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 10:18:02 -------- d-----w- c:\program files\Malware bytes
2011-08-17 01:32:39 -------- d-sh--w- C:\found.000
2011-08-16 17:35:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-16 17:35:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-16 15:07:50 -------- d-----w- c:\users\lewis\appdata\roaming\Franckey
2011-08-16 13:32:17 -------- d-----w- c:\users\lewis\appdata\local\NPE
2011-08-16 13:32:17 -------- d-----w- c:\programdata\Norton
2011-08-15 23:48:12 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-08-15 23:48:07 -------- d-----w- c:\program files\Panda Security
2011-08-15 23:22:55 -------- d-----w- c:\programdata\hssff
2011-08-15 21:56:58 -------- d-----w- c:\users\lewis\appdata\roaming\f-secure
2011-08-15 21:55:41 -------- d-----w- c:\programdata\F-Secure
2011-08-15 21:25:18 -------- d-----w- c:\program files\ESET
2011-08-15 21:09:42 -------- d-----w- c:\users\lewis\appdata\local\Mozilla
2011-08-15 21:00:47 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-15 20:49:43 -------- d-----w- c:\users\lewis\appdata\roaming\QuickScan
2011-08-15 20:41:12 -------- d-----w- c:\users\lewis\appdata\roaming\BitDefender
2011-08-15 20:40:51 -------- d-----w- c:\programdata\BitDefender
2011-08-15 20:40:51 -------- d-----w- c:\program files\BitDefender
2011-08-15 20:39:40 -------- d-----w- c:\program files\common files\BitDefender
2011-08-15 10:24:13 -------- d-----w- c:\users\lewis\RSCEmulation
2011-08-15 10:23:48 -------- d-----w- c:\users\lewis\YanilleScape2
2011-08-15 10:18:45 -------- d-----w- c:\users\lewis\dcv1
2011-08-15 10:18:29 -------- d-----w- c:\users\lewis\PwnXileHD
2011-08-15 09:37:24 -------- d-----w- c:\users\lewis\.Rev1X
2011-08-14 21:53:01 -------- d-----w- c:\users\lewis\NearRealityCachev122
2011-08-14 21:30:12 -------- d-----w- c:\users\lewis\appdata\roaming\dpker3
2011-08-14 21:27:21 -------- d-----w- c:\users\lewis\InstinctPKCache
2011-08-13 21:56:25 -------- d-----r- c:\program files\Skype
2011-08-12 14:41:56 -------- d-----w- C:\.IntDubPkCacheV3
2011-08-12 14:40:39 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-12 14:34:04 -------- d-----w- c:\users\lewis\appdata\roaming\Avira
2011-08-06 15:39:44 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-06 15:39:44 -------- d-----w- c:\programdata\Avira
2011-08-06 15:39:44 -------- d-----w- c:\program files\Avira
2011-08-06 15:28:02 -------- d-----w- c:\users\lewis\appdata\roaming\Malwarebytes
2011-08-06 15:27:39 -------- d-----w- c:\programdata\Malwarebytes
2011-08-06 15:10:00 0 ----a-w- c:\windows\VDM2758.tmp
2011-08-06 15:09:51 0 ----a-w- c:\windows\VDM41E.tmp
2011-08-06 15:09:45 0 ----a-w- c:\windows\VDMEC88.tmp
2011-08-06 15:09:33 0 ----a-w- c:\windows\VDMBD6A.tmp
2011-08-06 15:09:30 0 ----a-w- c:\windows\VDMB1A8.tmp
2011-08-06 15:09:21 0 ----a-w- c:\windows\VDM8E5E.tmp
2011-08-06 15:09:18 0 ----a-w- c:\windows\VDM829A.tmp
2011-08-06 15:09:12 0 ----a-w- c:\windows\VDM6B16.tmp
2011-08-06 15:09:00 0 ----a-w- c:\windows\VDM3C08.tmp
2011-08-06 15:08:57 0 ----a-w- c:\windows\VDM3047.tmp
2011-08-06 15:08:49 299520 ----a-w- c:\windows\uninst.exe
2011-08-06 15:08:48 0 ----a-w- c:\windows\VDMCFE.tmp
2011-08-06 14:40:39 -------- d-----w- C:\drivers
2011-08-06 13:20:48 -------- d-----w- c:\program files\Lexmark X1100 Series
2011-08-04 07:26:10 -------- d-----w- c:\programdata\McAfee Security Scan
2011-08-04 07:26:02 -------- d-----w- c:\program files\McAfee Security Scan
2011-08-03 20:19:32 -------- d-----w- c:\users\lewis\appdata\local\Apple Computer
2011-08-03 15:11:15 -------- d-----w- C:\Netgear
2011-07-24 21:20:30 -------- d-----w- c:\programdata\UAB
2011-07-24 21:19:37 -------- d-----w- c:\users\lewis\appdata\local\PC_Drivers_Headquarters
2011-07-24 20:56:49 -------- d-----w- c:\programdata\Driver Boost
2011-07-24 20:53:48 -------- d-----w- c:\program files\DriverBoost
2011-07-24 10:49:29 -------- d-----w- c:\users\lewis\SilGar
2011-07-24 10:07:19 -------- d-----w- c:\users\lewis\PwnXile
2011-07-24 09:32:09 -------- d-----w- C:\Hotspot Shield
2011-07-24 09:32:01 755016 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2011-07-24 09:32:00 756552 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-07-24 09:31:53 -------- d-----w- c:\program files\Hotspot Shield
2011-07-23 14:18:24 -------- d-----w- c:\program files\decomp
2011-07-23 14:13:59 -------- d-----w- c:\users\lewis\hades5
2011-07-23 14:04:03 -------- d-----w- c:\users\lewis\appdata\local\Apple
2011-07-23 13:44:35 -------- d-----w- c:\users\lewis\.roguex_cache
2011-07-23 12:16:30 14744 ----a-w- c:\users\lewis\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-07-23 12:15:46 -------- d-----w- c:\users\lewis\Tracing
2011-07-23 11:11:08 -------- d-----w- c:\users\lewis\.RuneMyth_v18
2011-07-22 20:13:54 -------- d-----w- c:\users\lewis\.jagex_cache_32
2011-07-22 18:34:59 -------- d-----w- c:\users\lewis\.SSRB2
2011-07-22 18:33:44 -------- d-----w- c:\users\lewis\RsCache1
2011-07-22 18:08:05 -------- d-----w- c:\users\lewis\.TRPKCachev3
2011-07-22 17:54:06 -------- d-----w- c:\users\lewis\firepk3
2011-07-22 16:41:18 -------- d-----w- c:\users\lewis\helixV2.2
2011-07-22 11:21:55 -------- d-----w- c:\users\lewis\appdata\local\Adobe
2011-07-22 08:45:57 -------- d-----w- c:\users\lewis\appdata\roaming\TeamViewer
2011-07-21 20:53:37 -------- d-----w- c:\users\lewis\appdata\roaming\.minecraft
2011-07-19 19:52:33 -------- d-----w- c:\users\lewis\appdata\local\Google
2011-07-19 16:39:11 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-19 16:39:11 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-19 16:04:22 -------- d-----w- c:\programdata\AVAST Software
2011-07-19 16:04:22 -------- d-----w- c:\program files\AVAST Software
2011-07-19 15:26:47 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-07-19 11:33:01 53248 ----a-w- c:\temp\Process.exe
2011-07-19 11:32:59 122176 ----a-w- c:\windows\Uninstall_Siemens.EXE
2011-07-19 11:22:23 -------- d-----w- c:\program files\Orange
2011-07-19 00:21:46 909312 ----a-w- c:\programdata\defender.exe
2011-07-18 18:13:32 508032 ----a-w- c:\temp\startuninstall.exe
2011-07-18 15:56:59 -------- d-----w- C:\Rev1XHD
2011-07-18 14:53:39 232960 ----a-w- c:\windows\Hbenua.exe
2011-07-18 14:53:30 62464 --sha-r- c:\windows\system32\sqlwoa8.dll
2011-07-18 14:47:36 -------- d-----w- c:\programdata\Protexis
.
==================== Find3M ====================
.
2011-08-17 10:07:37 820223 ----a-w- c:\windows\system32\cdocache.dll
2011-08-15 21:14:17 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-08-06 16:49:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-30 20:07:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 18:05:37 32 ----a-w- c:\windows\system32\COMMDcom.dat.dll
2011-06-06 09:11:12 3162112 ----a-w- c:\windows\system32\GDIsvr.EXE
2011-06-06 09:04:58 17408 ----a-w- c:\windows\system32\drivers\HdAudint.sys
2011-06-06 09:04:50 522240 ----a-w- c:\windows\system32\drivers\mskssr2k.sys
2011-06-06 09:03:44 25088 ----a-w- c:\windows\system32\drivers\tos_spex.sys
2011-06-06 09:00:52 1094144 ----a-w- c:\windows\system32\jscrix86.dll
2011-06-02 12:59:29 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:40:12 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2011-05-24 23:40:10 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 11:29:10.64 ===============


AND THIS IS MY ATTACH LOG


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 14/03/2011 10:46:14
System Uptime: 17/08/2011 11:07:10 (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 2000/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 9.968 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 36.541 GiB free.
E: is FIXED (NTFS) - 37 GiB total, 31.331 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8197\00E04C000001
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8197\00E04C000001
Service: RTL8187B
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
#1- Jolt
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5.5
Adobe Photoshop CS5.1
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
BitDefender Free Edition 2009
Bonjour
Camera Assistant Software for Toshiba
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
DJ Java Decompiler v.3.11.11.95
DriverBoost
DVD MovieFactory for TOSHIBA
EpicBot
ESET Online Scanner v3
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 2.06
InstallIQ Updater
iTunes
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 25
Junk Mail filter update
Keylogger Detector
LDC Driving Test Complete
Lexmark X1100 Series
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MinecraftCrack
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myphotobook 3.6
Notepad++
OpenOffice.org Installer 1.0
Panda ActiveScan 2.0
PDF Settings CS5
PHP 5.3.6
Picasa 2
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
ReCycle Demo 2.1.2
RuneScape Launcher 1.0.4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Skins
Skype™ 5.5
Spybot - Search & Destroy
Synaptics Pointing Device Driver
T-Mobile Mobile Broadband Manager
TeamViewer 6
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Software Modem
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Viewpoint Media Player
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
WinRAR 4.01 (32-bit)
YouTube Downloader 3.2
.
==== Event Viewer Messages From Past Week ========
.
17/08/2011 11:07:38, Error: EventLog [6008] - The previous system shutdown at 02:12:20 on 17/08/2011 was unexpected.
17/08/2011 01:10:29, Error: EventLog [6008] - The previous system shutdown at 01:06:43 on 17/08/2011 was unexpected.
16/08/2011 20:16:52, Error: EventLog [6008] - The previous system shutdown at 20:14:36 on 16/08/2011 was unexpected.
16/08/2011 20:12:16, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
16/08/2011 20:10:46, Error: EventLog [6008] - The previous system shutdown at 20:09:19 on 16/08/2011 was unexpected.
16/08/2011 18:14:28, Error: EventLog [6008] - The previous system shutdown at 18:12:45 on 16/08/2011 was unexpected.
16/08/2011 18:04:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb mskssr2k pavboot spldr ssmdrv tos_spex Wanarpv6
16/08/2011 18:04:26, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
16/08/2011 18:03:05, Error: EventLog [6008] - The previous system shutdown at 18:01:00 on 16/08/2011 was unexpected.
16/08/2011 17:42:04, Error: Service Control Manager [7000] - The McAfee Security Scan Component Host Service service failed to start due to the following error: Access is denied.
16/08/2011 17:41:15, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
16/08/2011 17:38:59, Error: Service Control Manager [7023] - The BitDefender Threat Scanner service terminated with the following error: The class is configured to run as a security id different from the caller
16/08/2011 17:38:50, Error: Service Control Manager [7030] - The BitDefender Desktop Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
16/08/2011 17:35:05, Error: EventLog [6008] - The previous system shutdown at 17:24:03 on 16/08/2011 was unexpected.
16/08/2011 14:12:49, Error: EventLog [6008] - The previous system shutdown at 14:10:46 on 16/08/2011 was unexpected.
16/08/2011 10:10:10, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{001763C1-BDF8-4436-8237-6C0234405D3D} because another computer on the network has the same name. The server could not start.
16/08/2011 10:09:55, Error: EventLog [6008] - The previous system shutdown at 01:39:55 on 16/08/2011 was unexpected.
16/08/2011 01:37:11, Error: EventLog [6008] - The previous system shutdown at 01:35:17 on 16/08/2011 was unexpected.
16/08/2011 01:22:27, Error: EventLog [6008] - The previous system shutdown at 01:20:33 on 16/08/2011 was unexpected.
16/08/2011 00:22:05, Error: Service Control Manager [7000] - The BitDefender Virus Shield service failed to start due to the following error: Access is denied.
16/08/2011 00:20:40, Error: EventLog [6008] - The previous system shutdown at 00:19:15 on 16/08/2011 was unexpected.
15/08/2011 23:29:26, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
15/08/2011 21:44:56, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
15/08/2011 21:07:47, Error: EventLog [6008] - The previous system shutdown at 20:52:16 on 15/08/2011 was unexpected.
15/08/2011 20:35:24, Error: EventLog [6008] - The previous system shutdown at 20:30:02 on 15/08/2011 was unexpected.
15/08/2011 20:30:02, Error: EventLog [6008] - The previous system shutdown at 20:13:44 on 15/08/2011 was unexpected.
15/08/2011 20:05:53, Error: EventLog [6008] - The previous system shutdown at 20:03:41 on 15/08/2011 was unexpected.
15/08/2011 20:03:05, Error: EventLog [6008] - The previous system shutdown at 20:00:11 on 15/08/2011 was unexpected.
15/08/2011 19:59:21, Error: EventLog [6008] - The previous system shutdown at 19:57:54 on 15/08/2011 was unexpected.
15/08/2011 19:55:04, Error: EventLog [6008] - The previous system shutdown at 19:53:33 on 15/08/2011 was unexpected.
15/08/2011 17:17:18, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.89.72.24 for the Network Card with network address 00FF4B0966E1 has been denied by the DHCP server 10.19.47.254 (The DHCP Server sent a DHCPNACK message).
15/08/2011 17:11:01, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.96.120.18 for the Network Card with network address 00FF4B0966E1 has been denied by the DHCP server 10.89.79.254 (The DHCP Server sent a DHCPNACK message).
15/08/2011 17:08:55, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.78.96.22 for the Network Card with network address 00FF4B0966E1 has been denied by the DHCP server 10.96.127.254 (The DHCP Server sent a DHCPNACK message).
15/08/2011 10:32:01, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user LEWISWORK\Lewis SID (S-1-5-21-3035510109-2285219160-2968515914-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
15/08/2011 09:44:42, Error: EventLog [6008] - The previous system shutdown at 00:02:46 on 15/08/2011 was unexpected.
14/08/2011 23:44:57, Error: EventLog [6008] - The previous system shutdown at 23:42:43 on 14/08/2011 was unexpected.
14/08/2011 18:39:34, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: Access is denied.
14/08/2011 18:39:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
14/08/2011 14:43:54, Error: EventLog [6008] - The previous system shutdown at 14:42:46 on 14/08/2011 was unexpected.
14/08/2011 10:17:55, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001E33750F54 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
14/08/2011 10:17:53, Error: EventLog [6008] - The previous system shutdown at 02:59:21 on 14/08/2011 was unexpected.
13/08/2011 20:44:31, Error: EventLog [6008] - The previous system shutdown at 20:42:46 on 13/08/2011 was unexpected.
13/08/2011 20:40:58, Error: EventLog [6008] - The previous system shutdown at 20:38:09 on 13/08/2011 was unexpected.
12/08/2011 15:54:05, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/08/2011 15:49:12, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
12/08/2011 15:48:29, Error: Service Control Manager [7034] - The lxbk_device service terminated unexpectedly. It has done this 1 time(s).
12/08/2011 15:45:20, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/08/2011 15:42:33, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/08/2011 15:34:29, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
12/08/2011 15:31:21, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/08/2011 15:30:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
12/08/2011 15:30:19, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:30:19, Error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:30:19, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2011 15:30:12, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/08/2011 15:28:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
12/08/2011 15:28:24, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2011 15:28:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/08/2011 15:28:20, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Notebook Performance Tuning Service service to connect.
12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect.
12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hotspot Shield Monitoring Service service to connect.
12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira AntiVir Guard service to connect.
12/08/2011 15:28:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Ulead Burning Helper service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The TOSHIBA SMART Log Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The TOSHIBA Power Saver service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The TOSHIBA Optical Disc Drive Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The TOSHIBA Navi Support Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The SmartFaceVWatchSrv service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Hotspot Shield Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Hotspot Shield Routing Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Hotspot Shield Monitoring Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The ConfigFree Service service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Ati External Event Utility service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2011 15:28:20, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The system cannot find the file specified.
12/08/2011 15:28:10, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.2. The allocator has disabled itself on the interface to avoid confusing DHCP clients.
12/08/2011 15:27:55, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
12/08/2011 15:27:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service SmartFaceVWatchSrv with arguments "" in order to run the server: {544EE5C0-F822-456E-9F1C-A575E95AF8FB}
12/08/2011 15:27:14, Error: EventLog [6008] - The previous system shutdown at 17:35:44 on 09/08/2011 was unexpected.
.
==== End Of File ===========================

FANKOOO
 
You did very well.
You ran as much steps as you could.
Good job :)

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2011/08/18 01:11:19.0513 11480 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/18 01:11:19.0804 11480 ================================================================================
2011/08/18 01:11:19.0804 11480 SystemInfo:
2011/08/18 01:11:19.0804 11480
2011/08/18 01:11:19.0804 11480 OS Version: 6.0.6001 ServicePack: 1.0
2011/08/18 01:11:19.0804 11480 Product type: Workstation
2011/08/18 01:11:19.0804 11480 ComputerName: LEWISWORK
2011/08/18 01:11:19.0807 11480 UserName: Lewis
2011/08/18 01:11:19.0807 11480 Windows directory: C:\Windows
2011/08/18 01:11:19.0807 11480 System windows directory: C:\Windows
2011/08/18 01:11:19.0807 11480 Processor architecture: Intel x86
2011/08/18 01:11:19.0807 11480 Number of processors: 2
2011/08/18 01:11:19.0807 11480 Page size: 0x1000
2011/08/18 01:11:19.0807 11480 Boot type: Normal boot
2011/08/18 01:11:19.0807 11480 ================================================================================
2011/08/18 01:11:22.0323 11480 Initialize success
2011/08/18 01:11:25.0352 11608 ================================================================================
2011/08/18 01:11:25.0352 11608 Scan started
2011/08/18 01:11:25.0352 11608 Mode: Manual;
2011/08/18 01:11:25.0352 11608 ================================================================================
2011/08/18 01:11:28.0851 11608 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/08/18 01:11:28.0933 11608 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/18 01:11:29.0030 11608 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/18 01:11:29.0099 11608 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/18 01:11:29.0159 11608 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/18 01:11:29.0283 11608 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/08/18 01:11:29.0417 11608 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/08/18 01:11:29.0525 11608 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/18 01:11:29.0573 11608 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/18 01:11:29.0626 11608 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/18 01:11:29.0678 11608 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/18 01:11:29.0716 11608 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/18 01:11:29.0761 11608 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/18 01:11:29.0793 11608 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/18 01:11:29.0931 11608 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/18 01:11:29.0988 11608 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/18 01:11:30.0060 11608 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/18 01:11:30.0127 11608 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/08/18 01:11:30.0316 11608 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/18 01:11:30.0436 11608 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/18 01:11:30.0574 11608 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/18 01:11:30.0665 11608 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/18 01:11:30.0822 11608 bdfm (f040e9fff03bc19aff03cb922e131cd7) C:\Windows\system32\drivers\bdfm.sys
2011/08/18 01:11:30.0918 11608 bdfsfltr (d281217152b9fc5774863e70e3fab4d3) C:\Windows\system32\DRIVERS\bdfsfltr.sys
2011/08/18 01:11:30.0989 11608 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/18 01:11:31.0089 11608 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/18 01:11:31.0187 11608 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/18 01:11:31.0254 11608 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/18 01:11:31.0326 11608 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/18 01:11:31.0375 11608 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/18 01:11:31.0420 11608 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/18 01:11:31.0465 11608 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/18 01:11:31.0521 11608 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/18 01:11:31.0566 11608 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/18 01:11:31.0598 11608 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/18 01:11:31.0648 11608 cdrom (ef00c49d2404c37a320659f70d3b4133) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/18 01:11:31.0668 11608 cdrom - detected Rootkit.Win32.ZAccess.e (0)
2011/08/18 01:11:31.0724 11608 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/18 01:11:31.0782 11608 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/08/18 01:11:31.0903 11608 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/18 01:11:31.0950 11608 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/18 01:11:31.0988 11608 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/18 01:11:32.0082 11608 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/18 01:11:32.0141 11608 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/18 01:11:32.0246 11608 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/08/18 01:11:32.0352 11608 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/08/18 01:11:32.0473 11608 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/18 01:11:32.0550 11608 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/18 01:11:32.0624 11608 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/18 01:11:32.0732 11608 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/08/18 01:11:32.0842 11608 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/18 01:11:32.0951 11608 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/18 01:11:33.0060 11608 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/08/18 01:11:33.0111 11608 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/08/18 01:11:33.0193 11608 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/18 01:11:33.0256 11608 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/18 01:11:33.0316 11608 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/18 01:11:33.0368 11608 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/18 01:11:33.0402 11608 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/08/18 01:11:33.0554 11608 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/18 01:11:33.0605 11608 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/18 01:11:33.0644 11608 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/08/18 01:11:33.0683 11608 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/18 01:11:33.0743 11608 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/18 01:11:34.0232 11608 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/18 01:11:34.0275 11608 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/18 01:11:34.0365 11608 HdAudint (f199eff0c66efa0666ac19cc7e29c624) C:\Windows\system32\drivers\HdAudint.sys
2011/08/18 01:11:34.0425 11608 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/18 01:11:34.0502 11608 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/18 01:11:34.0596 11608 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/18 01:11:34.0652 11608 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/18 01:11:34.0728 11608 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/18 01:11:34.0832 11608 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/18 01:11:34.0950 11608 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/08/18 01:11:35.0110 11608 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/08/18 01:11:35.0173 11608 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/18 01:11:35.0259 11608 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/18 01:11:35.0339 11608 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/18 01:11:35.0408 11608 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/18 01:11:35.0592 11608 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/18 01:11:35.0681 11608 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/18 01:11:35.0724 11608 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/18 01:11:35.0812 11608 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/18 01:11:35.0926 11608 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/18 01:11:35.0978 11608 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/18 01:11:36.0063 11608 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/18 01:11:36.0111 11608 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/18 01:11:36.0160 11608 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/18 01:11:36.0214 11608 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/18 01:11:36.0248 11608 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/18 01:11:36.0295 11608 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/18 01:11:36.0338 11608 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/08/18 01:11:36.0435 11608 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/18 01:11:36.0552 11608 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/18 01:11:36.0647 11608 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/18 01:11:36.0721 11608 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/18 01:11:36.0772 11608 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/18 01:11:36.0818 11608 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/18 01:11:37.0033 11608 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/18 01:11:37.0104 11608 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/18 01:11:37.0215 11608 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\Windows\system32\drivers\mfeapfk.sys
2011/08/18 01:11:37.0295 11608 mfeavfk (21dd45cae791d0cde10631b80f16f653) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/18 01:11:37.0379 11608 mfebopk (decde1c615c256fa2893b5962b0b91e5) C:\Windows\system32\drivers\mfebopk.sys
2011/08/18 01:11:37.0475 11608 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\Windows\system32\drivers\mfehidk.sys
2011/08/18 01:11:37.0576 11608 mferkdk (5f33a57f904b64d1c6a548eca47a8656) C:\Windows\system32\drivers\mferkdk.sys
2011/08/18 01:11:37.0643 11608 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/18 01:11:37.0761 11608 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/18 01:11:37.0822 11608 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/18 01:11:37.0947 11608 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/18 01:11:38.0015 11608 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/18 01:11:38.0070 11608 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/18 01:11:38.0139 11608 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
2011/08/18 01:11:38.0224 11608 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/18 01:11:38.0270 11608 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/18 01:11:38.0327 11608 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/18 01:11:38.0388 11608 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/08/18 01:11:38.0455 11608 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/18 01:11:38.0532 11608 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/18 01:11:38.0593 11608 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/18 01:11:38.0635 11608 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/08/18 01:11:38.0690 11608 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/18 01:11:38.0764 11608 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/18 01:11:38.0840 11608 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
2011/08/18 01:11:38.0966 11608 mskssr2k (b24bb3315b738e391b2f70b4283f1aab) C:\Windows\system32\drivers\mskssr2k.sys
2011/08/18 01:11:39.0046 11608 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/18 01:11:39.0102 11608 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/18 01:11:39.0147 11608 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/18 01:11:39.0193 11608 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/08/18 01:11:39.0236 11608 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/18 01:11:39.0287 11608 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/18 01:11:39.0340 11608 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/08/18 01:11:39.0459 11608 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/18 01:11:39.0576 11608 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/08/18 01:11:39.0646 11608 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/18 01:11:39.0691 11608 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/18 01:11:39.0792 11608 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/18 01:11:39.0836 11608 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/18 01:11:39.0883 11608 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/18 01:11:39.0939 11608 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/18 01:11:40.0108 11608 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/18 01:11:40.0316 11608 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/08/18 01:11:40.0500 11608 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/18 01:11:40.0588 11608 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/08/18 01:11:40.0688 11608 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/18 01:11:40.0749 11608 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/18 01:11:40.0807 11608 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/18 01:11:40.0864 11608 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/18 01:11:40.0927 11608 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/18 01:11:41.0076 11608 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/18 01:11:41.0172 11608 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/18 01:11:41.0220 11608 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/08/18 01:11:41.0281 11608 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/18 01:11:41.0351 11608 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2011/08/18 01:11:41.0415 11608 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
2011/08/18 01:11:41.0481 11608 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/18 01:11:41.0542 11608 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/18 01:11:41.0633 11608 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/18 01:11:41.0800 11608 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/18 01:11:41.0849 11608 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/08/18 01:11:41.0928 11608 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/18 01:11:41.0980 11608 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/18 01:11:42.0090 11608 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/18 01:11:42.0215 11608 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/18 01:11:42.0302 11608 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/18 01:11:42.0371 11608 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/18 01:11:42.0447 11608 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/18 01:11:42.0530 11608 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/18 01:11:42.0628 11608 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/18 01:11:42.0698 11608 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/18 01:11:42.0788 11608 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/18 01:11:42.0886 11608 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/18 01:11:42.0942 11608 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/18 01:11:43.0029 11608 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/08/18 01:11:43.0159 11608 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/18 01:11:43.0271 11608 RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys
2011/08/18 01:11:43.0391 11608 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/18 01:11:43.0561 11608 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/08/18 01:11:43.0667 11608 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2011/08/18 01:11:43.0766 11608 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
2011/08/18 01:11:43.0823 11608 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/18 01:11:44.0001 11608 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/18 01:11:44.0075 11608 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/18 01:11:44.0142 11608 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/18 01:11:44.0188 11608 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/18 01:11:44.0275 11608 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/18 01:11:44.0326 11608 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/18 01:11:44.0388 11608 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/18 01:11:44.0436 11608 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/18 01:11:44.0546 11608 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/18 01:11:44.0610 11608 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/18 01:11:44.0671 11608 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/18 01:11:44.0822 11608 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/08/18 01:11:44.0912 11608 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/18 01:11:45.0032 11608 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/08/18 01:11:45.0144 11608 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/18 01:11:45.0205 11608 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/18 01:11:45.0316 11608 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/18 01:11:45.0424 11608 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/18 01:11:45.0591 11608 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/18 01:11:45.0654 11608 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/18 01:11:45.0711 11608 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/18 01:11:45.0824 11608 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/18 01:11:45.0962 11608 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/08/18 01:11:46.0140 11608 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/08/18 01:11:46.0261 11608 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/18 01:11:46.0341 11608 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/18 01:11:46.0456 11608 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/08/18 01:11:46.0590 11608 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/18 01:11:46.0674 11608 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/18 01:11:46.0746 11608 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/18 01:11:46.0860 11608 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/18 01:11:47.0028 11608 tos_spex (12750d11c0f61e525d480e2dbcd8e42e) C:\Windows\system32\drivers\tos_spex.sys
2011/08/18 01:11:47.0070 11608 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/08/18 01:11:47.0158 11608 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/18 01:11:47.0215 11608 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/18 01:11:47.0254 11608 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/18 01:11:47.0314 11608 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/08/18 01:11:47.0369 11608 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/18 01:11:47.0424 11608 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/18 01:11:47.0534 11608 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/18 01:11:47.0630 11608 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/18 01:11:47.0700 11608 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/18 01:11:47.0767 11608 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/18 01:11:47.0824 11608 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/18 01:11:47.0915 11608 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/18 01:11:47.0964 11608 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/18 01:11:48.0028 11608 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/18 01:11:48.0121 11608 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/18 01:11:48.0164 11608 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/18 01:11:48.0204 11608 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/18 01:11:48.0271 11608 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/18 01:11:48.0342 11608 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/18 01:11:48.0417 11608 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/18 01:11:48.0463 11608 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/18 01:11:48.0532 11608 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/18 01:11:48.0614 11608 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/08/18 01:11:48.0682 11608 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/18 01:11:48.0731 11608 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/18 01:11:48.0794 11608 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/18 01:11:48.0839 11608 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/18 01:11:48.0898 11608 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/18 01:11:48.0954 11608 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
2011/08/18 01:11:49.0005 11608 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/08/18 01:11:49.0070 11608 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/08/18 01:11:49.0156 11608 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/18 01:11:49.0252 11608 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/18 01:11:49.0315 11608 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/18 01:11:49.0340 11608 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/18 01:11:49.0461 11608 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/18 01:11:49.0534 11608 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/18 01:11:49.0714 11608 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/18 01:11:49.0877 11608 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/18 01:11:50.0055 11608 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/18 01:11:50.0120 11608 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/18 01:11:50.0249 11608 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/18 01:11:50.0377 11608 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/18 01:11:50.0456 11608 Boot (0x1200) (b43d1a8bacc7e28ef496d4950908d0ee) \Device\Harddisk0\DR0\Partition0
2011/08/18 01:11:50.0548 11608 Boot (0x1200) (d02c33a65935ac5967ea4fcf174b144b) \Device\Harddisk0\DR0\Partition1
2011/08/18 01:11:50.0677 11608 Boot (0x1200) (2c2d63dac8cff9a274c8a6ec3f8a6b3f) \Device\Harddisk0\DR0\Partition2
2011/08/18 01:11:50.0732 11608 ================================================================================
2011/08/18 01:11:50.0732 11608 Scan finished
2011/08/18 01:11:50.0732 11608 ================================================================================
2011/08/18 01:11:50.0772 11600 Detected object count: 1
2011/08/18 01:11:50.0772 11600 Actual detected object count: 1
2011/08/18 01:12:50.0545 11600 cdrom (ef00c49d2404c37a320659f70d3b4133) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/18 01:12:50.0547 11600 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cdrom.sys) error 1813
2011/08/18 01:12:51.0218 11600 Backup copy found, using it..
2011/08/18 01:12:51.0231 11600 C:\Windows\system32\DRIVERS\cdrom.sys - will be cured after reboot
2011/08/18 01:12:51.0231 11600 Rootkit.Win32.ZAccess.e(cdrom) - User select action: Cure
2011/08/18 01:13:13.0921 11468 Deinitialize success
 
what is that? i currently have no backround dektop icons or startbar.... i have to run off of taskmanager, the viruses account is called trusted installer and i cant change it... and everything is blocked


but anyway.. how do i do that?
 
and here its is... the files scanned was at 190 thousand with 12 infected.. then it stopped going up in files and got about 8000 infected... heres the log
_________________________________________________________________





Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7494

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

18/08/2011 03:27:16
mbam-log-2011-08-18 (03-27-16).txt

Scan type: Quick scan
Objects scanned: 207702
Time elapsed: 16 minute(s), 56 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 16
Files Infected: 6547

Memory Processes Infected:
c:\Windows\System32\MPK\MPK.exe (Refog.Keylogger) -> 3200 -> Unloaded process successfully.

Memory Modules Infected:
c:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Delete on reboot.
c:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{NVE23150-L8A7-RSA8-8743-77I701528QTC} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{NVE23150-L8A7-RSA8-8743-77I701528QTC} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{NVE23150-L8A7-RSA8-8743-77I701528QTC} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D5D150-D806-442c-AE1E-172BD4C9DFA8} (Spyware.Logger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F4D5D150-D806-442c-AE1E-172BD4C9DFA8} (Spyware.Logger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SS.SS.1 (Spyware.Logger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SS.SS (Spyware.Logger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4D5D150-D806-442C-AE1E-172BD4C9DFA8} (Spyware.Logger) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (C:\Windows\system32\MPK\mpk.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (c:\windows\system32\userinit.exe,C:\Windows\system32\MPK\mpk.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\programdata\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\3 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\malformeddb (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK (Refog.Keylogger) -> Delete on reboot.
c:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\sy5tw21.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\sqlwoa8.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Local\Temp\7E26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Local\Temp\Hzc.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Local\Temp\Hzd.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Local\Temp\Hze.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Lewis\downloads\camtasia_studio_7_keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows\Hbenua.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\sy5tw21.bin\a03175817cb.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\programdata\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\Userlog.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Windows\WinDir\winupdate (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
c:\programdata\MPK\etilqs_4nsbgkiyorvdpvxhqtxr (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\etilqs_jtd8cjsvogd272tu6uqy (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\etilqs_v5owypt5oh15wbqdqqur (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5600087963 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5634809028 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5669528819 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5704249884 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5738970023 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5773690162 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5808411343 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5843131134 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5877852662 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5912572801 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5947292593 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_5982014005 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_6016734491 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_6051454398 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_6086174537 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40742_6120895139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7510649306 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7545369792 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7580090278 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7614811111 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7649531597 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7684252315 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7718973148 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7753694213 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7788414583 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7823135648 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7857856366 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7892577083 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7927297107 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7962018171 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_7996739005 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40738_8031459259 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1336749306 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1406191088 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1440911343 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1510353009 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1545073843 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1579793750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1683956250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1718676852 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1753397107 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1788118171 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1822838889 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40734_1961721412 (Refog.Keylogger) -> Quarantined and deleted successfully.


it just carries on about this mpk thing... uhm.. it ended up like 650 thousand charecters and i dont realy want to post it 7 more times but it just continues like that
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M
J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni

Latest posts

Back