Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tidserv?


  • This topic is locked This topic is locked
21 replies to this topic

#1 woodsman345

woodsman345

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 21 July 2011 - 12:17 PM

New user here, only my 2nd post. Again I apologize for asking something that I should have found the answer to elsewhere but I am still trying to get the hang of things here.
Long story as short as I can make it. Have a notebook harddrive Norton flagged with boot.tidserv when I hooked the drive up to another pc. Repair failed.
I scanned the drive with malware bytes, emsisoft, MSE and picked up a few things but not tidserv.
Today I downloaded all the versions of Rkill downloaded onto a disc from another machine today and applied them and they found nothing. I downloaded super anti spyware today on a 64 bit machine and made a disc but it would not install on the XP machine because it was for a 64 bit..drats ..I wasn't given any options when I downloaded it. Malwarebytes found nothing 2 weeks ago and I couldn't get it to run off the disc that I made today which I loaded into the infected machine.
IE 8 in the infected machine still resets my cookies to accept all when I start IE8 which has been reloaded a couple of times in the last 2 weeks, and I suspect now that it is transmitting unauthorized data if I should go online again and am afraid to do so. Last time online it was redirecting me all the time and I could not connect to windows update.
Hum.
Thanks for any advice and am ready to be taken to the woodshed for being a novice at this site and asking questions that have been hashed over 1000 times.

Woodsman

Edited by woodsman345, 21 July 2011 - 12:36 PM.


BC AdBot (Login to Remove)

 


#2 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:01:22 PM

Posted 21 July 2011 - 12:47 PM

What you have is a mbr root kit, or some call a bootkit. There are many ways to remove a rootkit, but we need more info before we proceed, someone higher up will come and either move the post into another section or give you further information on how to remove your infection.
Either way you will be assisted, trust me.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:22 PM

Posted 21 July 2011 - 01:40 PM

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd



Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
Be sure to print out and follow the instructions for performing a scan. Alternate instructions can be found here.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 woodsman345

woodsman345
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 21 July 2011 - 04:27 PM

Thank you. Here is what I have so far:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/21/2011 4:35:34 PM
mbam-log-2011-07-21 (16-35-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 238445
Time elapsed: 1 hour(s), 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cleanddm (Trojan.Qhost.CD) -> Value: cleanddm -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 woodsman345

woodsman345
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 21 July 2011 - 05:19 PM

Rootkit.Win32.tdss.td14
Kasperski TDSSKiller got it. I am amazed and thankful for you guys' help and support.
We'll see now how it acts.
I'll do an sfc /scannow and whatever else it takes to get it running better, it is acting sluggish but at least IE8 doesn't reset the cookies
to accept all now.
Thank you,
Woodsman

#6 woodsman345

woodsman345
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 21 July 2011 - 06:30 PM

OK I did a defrag, then a file fix in c/properties/tools then I did a sfc /scannow.
Machine is still slow and when I went online, the harddrive lit up solid and was unresponsive even to cntr/alt/del for a good long while.
This is what it started doing originally about 6 months ago. Something is going on when IE starts and I have no clue at the moment. I unplugged the internet connection and let er go till it decided to stop doing whatever it was that it was doing.
Better than it was tho when we started today. I am doing another malware bytes scan at the moment.
Woodsman

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:22 PM

Posted 21 July 2011 - 07:49 PM

Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 woodsman345

woodsman345
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 21 July 2011 - 08:23 PM

Last malware bytes came up clean, here is the last Kaspersky after reboot.

2011/07/21 20:19:12.0325 2284 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/21 20:19:12.0372 2284 ================================================================================
2011/07/21 20:19:12.0372 2284 SystemInfo:
2011/07/21 20:19:12.0372 2284
2011/07/21 20:19:12.0372 2284 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/21 20:19:12.0372 2284 Product type: Workstation
2011/07/21 20:19:12.0372 2284 ComputerName:
2011/07/21 20:19:12.0372 2284 UserName:
2011/07/21 20:19:12.0372 2284 Windows directory: C:\WINDOWS
2011/07/21 20:19:12.0372 2284 System windows directory: C:\WINDOWS
2011/07/21 20:19:12.0372 2284 Processor architecture: Intel x86
2011/07/21 20:19:12.0372 2284 Number of processors: 1
2011/07/21 20:19:12.0372 2284 Page size: 0x1000
2011/07/21 20:19:12.0372 2284 Boot type: Normal boot
2011/07/21 20:19:12.0372 2284 ================================================================================
2011/07/21 20:19:12.0982 2284 Initialize success
2011/07/21 20:19:18.0903 2528 ================================================================================
2011/07/21 20:19:18.0903 2528 Scan started
2011/07/21 20:19:18.0903 2528 Mode: Manual;
2011/07/21 20:19:18.0903 2528 ================================================================================
2011/07/21 20:19:19.0091 2528 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\7 21 2011\EMSISOFT ANTI-MALWARE\a2accx86.sys
2011/07/21 20:19:19.0310 2528 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/21 20:19:19.0419 2528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/21 20:19:19.0466 2528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/21 20:19:19.0607 2528 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/21 20:19:19.0669 2528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/21 20:19:19.0747 2528 AF15BDA (e3f08935158038d385ad382442f4bb2d) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
2011/07/21 20:19:19.0841 2528 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/21 20:19:19.0888 2528 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/21 20:19:19.0919 2528 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/21 20:19:20.0075 2528 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/21 20:19:20.0169 2528 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/21 20:19:20.0232 2528 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/21 20:19:20.0528 2528 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/21 20:19:20.0575 2528 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/21 20:19:20.0622 2528 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/21 20:19:20.0653 2528 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/21 20:19:20.0716 2528 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/21 20:19:20.0763 2528 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/21 20:19:20.0810 2528 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/21 20:19:20.0966 2528 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/21 20:19:21.0028 2528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/21 20:19:21.0075 2528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/21 20:19:21.0138 2528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/21 20:19:21.0200 2528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/21 20:19:21.0278 2528 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/21 20:19:21.0341 2528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/21 20:19:21.0403 2528 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/21 20:19:21.0419 2528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/21 20:19:21.0466 2528 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/21 20:19:21.0513 2528 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/21 20:19:21.0560 2528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/21 20:19:21.0653 2528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/21 20:19:21.0857 2528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/21 20:19:21.0950 2528 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/21 20:19:22.0013 2528 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/21 20:19:22.0060 2528 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/21 20:19:22.0122 2528 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/21 20:19:22.0185 2528 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/21 20:19:22.0247 2528 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/21 20:19:22.0278 2528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/21 20:19:22.0372 2528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/21 20:19:22.0466 2528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/21 20:19:22.0513 2528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/21 20:19:22.0575 2528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/21 20:19:22.0653 2528 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/21 20:19:22.0669 2528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/21 20:19:22.0732 2528 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/21 20:19:22.0763 2528 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/07/21 20:19:22.0935 2528 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2011/07/21 20:19:23.0044 2528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/21 20:19:23.0091 2528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/21 20:19:23.0122 2528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/21 20:19:23.0153 2528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/21 20:19:23.0200 2528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/21 20:19:23.0294 2528 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/21 20:19:23.0325 2528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/21 20:19:23.0388 2528 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/07/21 20:19:23.0419 2528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/21 20:19:23.0466 2528 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/07/21 20:19:23.0528 2528 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/07/21 20:19:23.0669 2528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/21 20:19:23.0716 2528 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/07/21 20:19:23.0857 2528 HdAudAddService (88e368ddc0b2200200d6810f63aab97f) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/07/21 20:19:23.0950 2528 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/21 20:19:24.0060 2528 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/21 20:19:24.0169 2528 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/21 20:19:24.0278 2528 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/21 20:19:24.0325 2528 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/21 20:19:24.0497 2528 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/21 20:19:24.0560 2528 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/07/21 20:19:24.0732 2528 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/07/21 20:19:24.0841 2528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/21 20:19:24.0919 2528 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/21 20:19:24.0982 2528 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/21 20:19:25.0044 2528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/21 20:19:25.0122 2528 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/21 20:19:25.0247 2528 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/07/21 20:19:25.0482 2528 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\WINDOWS\system32\Drivers\Icam4USB.sys
2011/07/21 20:19:25.0528 2528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/21 20:19:25.0591 2528 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/21 20:19:25.0638 2528 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/21 20:19:25.0700 2528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/21 20:19:25.0747 2528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/21 20:19:25.0794 2528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/21 20:19:25.0841 2528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/21 20:19:25.0903 2528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/21 20:19:25.0935 2528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/21 20:19:26.0013 2528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/21 20:19:26.0044 2528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/21 20:19:26.0107 2528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/21 20:19:26.0153 2528 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/21 20:19:26.0232 2528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/21 20:19:26.0482 2528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/21 20:19:26.0622 2528 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/21 20:19:26.0716 2528 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/07/21 20:19:26.0763 2528 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/07/21 20:19:26.0825 2528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/21 20:19:26.0903 2528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/21 20:19:26.0935 2528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/21 20:19:26.0966 2528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/21 20:19:27.0044 2528 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/07/21 20:19:27.0075 2528 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/07/21 20:19:27.0232 2528 MpKsl051511c4 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AF56D4-BF10-4ABF-B308-4CB12C36C927}\MpKsl051511c4.sys
2011/07/21 20:19:27.0450 2528 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/21 20:19:27.0513 2528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/21 20:19:27.0607 2528 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/21 20:19:27.0700 2528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/21 20:19:27.0778 2528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/21 20:19:27.0841 2528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/21 20:19:27.0872 2528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/21 20:19:27.0935 2528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/21 20:19:27.0997 2528 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/21 20:19:28.0028 2528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/21 20:19:28.0091 2528 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/21 20:19:28.0294 2528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/21 20:19:28.0357 2528 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/21 20:19:28.0419 2528 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/21 20:19:28.0482 2528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/21 20:19:28.0497 2528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/21 20:19:28.0544 2528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/21 20:19:28.0638 2528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/21 20:19:28.0685 2528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/21 20:19:28.0763 2528 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/21 20:19:28.0825 2528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/21 20:19:28.0888 2528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/21 20:19:28.0997 2528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/21 20:19:29.0044 2528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/21 20:19:29.0091 2528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/21 20:19:29.0263 2528 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/21 20:19:29.0372 2528 PAC7311 (2085d5168fc0c56bb13304d180d244b6) C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
2011/07/21 20:19:29.0450 2528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/21 20:19:29.0482 2528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/21 20:19:29.0513 2528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/21 20:19:29.0544 2528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/21 20:19:29.0607 2528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/21 20:19:29.0685 2528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/21 20:19:29.0857 2528 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/21 20:19:29.0888 2528 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/21 20:19:30.0013 2528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/21 20:19:30.0060 2528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/21 20:19:30.0107 2528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/21 20:19:30.0138 2528 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/21 20:19:30.0185 2528 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/21 20:19:30.0388 2528 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/21 20:19:30.0466 2528 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/21 20:19:30.0513 2528 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/21 20:19:30.0544 2528 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/21 20:19:30.0607 2528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/21 20:19:30.0669 2528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/21 20:19:30.0700 2528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/21 20:19:30.0732 2528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/21 20:19:30.0778 2528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/21 20:19:30.0841 2528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/21 20:19:30.0903 2528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/21 20:19:30.0950 2528 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/21 20:19:31.0028 2528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/21 20:19:31.0122 2528 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/21 20:19:31.0232 2528 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/07/21 20:19:31.0450 2528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/21 20:19:31.0513 2528 Ser2pl (de0a165d9f8ea295e62ea702ef2f8125) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/07/21 20:19:31.0560 2528 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/21 20:19:31.0607 2528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/21 20:19:31.0700 2528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/21 20:19:31.0794 2528 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/21 20:19:31.0857 2528 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/21 20:19:31.0919 2528 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/21 20:19:32.0013 2528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/21 20:19:32.0232 2528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/21 20:19:32.0294 2528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/21 20:19:32.0388 2528 STGPRO (f39c03d8068331438221f6dbdcc6f9c7) C:\WINDOWS\system32\drivers\SiUSBXp.sys
2011/07/21 20:19:32.0497 2528 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/21 20:19:32.0560 2528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/21 20:19:32.0591 2528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/21 20:19:32.0669 2528 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/21 20:19:32.0700 2528 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/21 20:19:32.0747 2528 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/21 20:19:32.0794 2528 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/21 20:19:32.0872 2528 SynTP (369d0626687a968182a9db40fe8a0905) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/21 20:19:33.0075 2528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/21 20:19:33.0185 2528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/21 20:19:33.0263 2528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/21 20:19:33.0310 2528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/21 20:19:33.0388 2528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/21 20:19:33.0482 2528 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/07/21 20:19:33.0575 2528 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/21 20:19:33.0638 2528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/21 20:19:33.0732 2528 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/21 20:19:33.0810 2528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/21 20:19:34.0060 2528 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/21 20:19:34.0138 2528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/21 20:19:34.0216 2528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/21 20:19:34.0310 2528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/21 20:19:34.0388 2528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/21 20:19:34.0450 2528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/21 20:19:34.0497 2528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/21 20:19:34.0560 2528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/21 20:19:34.0591 2528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/21 20:19:34.0653 2528 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/21 20:19:34.0857 2528 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/21 20:19:34.0888 2528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/21 20:19:34.0982 2528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/21 20:19:35.0091 2528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/21 20:19:35.0216 2528 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/21 20:19:35.0341 2528 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/21 20:19:35.0450 2528 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/21 20:19:35.0497 2528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/21 20:19:35.0544 2528 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/21 20:19:35.0653 2528 MBR (0x1B8) (81a54cdf8594870d5a1628bc9455fe84) \Device\Harddisk0\DR0
2011/07/21 20:19:35.0685 2528 Boot (0x1200) (66ed8219b5de803fbbde224947a237ae) \Device\Harddisk0\DR0\Partition0
2011/07/21 20:19:35.0716 2528 Boot (0x1200) (63e6bbd9b5b0823dc526486b6fab475a) \Device\Harddisk0\DR0\Partition1
2011/07/21 20:19:35.0732 2528 ================================================================================
2011/07/21 20:19:35.0732 2528 Scan finished
2011/07/21 20:19:35.0732 2528 ================================================================================
2011/07/21 20:19:35.0763 1216 Detected object count: 0
2011/07/21 20:19:35.0763 1216 Actual detected object count: 0
2011/07/21 20:19:46.0435 2296 Deinitialize success

#9 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:01:22 PM

Posted 21 July 2011 - 08:46 PM

Are you still experiencing any slowing or problems after the reboot and re run of tdsskiller? Because the log is clean, if you are still experiencing problems then there might be something more going on.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#10 woodsman345

woodsman345
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 21 July 2011 - 10:18 PM

I had noticed that the malware kept me from accessing windows update, would get "page could not be displayed".
I can get there now but had an error saying a dll file was missing for some reason, so I went to
another XP machine here and found it and loaded it and all is well with windows update now.
It didn't bog down this time around but there is a chance it may have something to do with being low on ram I am
guessing but I am no expert that's for sure.
It came with 512 and I never needed much for what I do with the machine, but I am thinking that something takes off and
goes once in a while when I open IE and causes it to use the harddrive for ram if that makes any sense.
I wasn't doing a virus scan when this happened earlier and like I said it takes 2-3 minutes before ctrl/alt/del responds
when I want to look at task manager. That bugs me, isn't that supposed to respond rather quickly?
At least it is going again and I thank everyone very much.
I had a guy with a shop open it up the other day but he did not have the type of ram this brick needs and he didn't say
what type it is, I'll ask him. Another 512 might be good.
Thanks

#11 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:01:22 PM

Posted 21 July 2011 - 10:21 PM

When you were able to successfully open task manager, did you see the avg memory usage?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#12 woodsman345

woodsman345
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 21 July 2011 - 11:12 PM

When the hard drive was quiet it had about 200K available. I'm pretty sure whatever it is that decides to take off running for what appears to me to be no good reason uses up all the available resources. I need to find out what that is, somehow.
I was able to open up task manager this time around with about a 5 sec delay....which beats a 2-3 minute delay that happens from time to time.
Thanks.

Edited by woodsman345, 21 July 2011 - 11:15 PM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:22 PM

Posted 22 July 2011 - 07:44 AM

Now try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

Edited by quietman7, 22 July 2011 - 07:44 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 woodsman345

woodsman345
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 22 July 2011 - 08:12 AM

I'll give it a whirl after a bit quietman. My memory is coming back a little bit...It seems that on a couple isolated occasions a while back when the hard drive would take off and light up solid and ctr/alt/del would no longer function for a while, that I was prompted that a script was running slow and do I want to abort?
What the heck is that ?

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:22 PM

Posted 22 July 2011 - 08:18 AM

What you describe occurs often on my work computer when I have a browser open. The drives spins and the browser freezes until I get the message to stop the script which I do. Sometimes that works, other times I have to close and restart the browser.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users