Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow pc when running internet explorer


  • Please log in to reply
16 replies to this topic

#1 hitpro

hitpro

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 01 January 2012 - 02:10 AM

the internet is making my computer operate verrrrry slowly. if i have two or more windows open, it slows to a crawl and sometimes freezes. i open up Task Manager, and under "Processes" the memory usage is very high. with three windows open the values are over 238000, 196000, and 124000. and i'm not on any memory intensive sights either. i made a test yesterday where i had ONE window open. i watched the memory usage rise to over 200000... without doing a thing. the funny thing is the computer runs fine when i'm not surfing.

i tried to defrag, but got a message saying i need a certain percentage of space available to defrag... which i don't.

one last thing. why does the task manager show i have TWO internet explorer windows running when i only see one?

Edited by hamluis, 02 January 2012 - 08:36 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 WITS

WITS

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:01:31 PM

Posted 01 January 2012 - 03:01 AM

What edition of Internet Explorer are you using and are there many add-on/tool-bars installed?
The multiple instances appearing in your task manger could be attributed to the multiple tabs running.
This is also a common occurrence when running a web browser such as Chrome.

#3 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:01:31 PM

Posted 01 January 2012 - 09:51 AM

This type of behavior can also be an indicator of certain malware\viruses. Try downloading and running Malwarebytes (full scan. What anti-virus solution and firewall are you using?
Get your facts first, then you can distort them as you please.
Mark Twain

#4 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 01 January 2012 - 07:49 PM

thanks for the replies guys.

WITS:

i'm running IE 8. i've disabled all add-ons and toolbars with the exception of:
Yahoo Toolbar
Shockwave flash object
XML Dom Document
XML HTTP 6.0
XML HTTP 3.0

and there's only one tab running when i notice two instances if IE.

Baltboy:

i had an older version of Malwarebytes, so i downloaded the latest version. i did a full scan and got a few hits(mostly Registry items). i didn't want to remove anything without assistance, since they're Registry items. i have Avira free and Zonealarm.

#5 WITS

WITS

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:01:31 PM

Posted 02 January 2012 - 06:24 PM

I'm sorry you are having this issue.
This issues seems to stem from one or many issues including, Norton or McAfee being installed, IE 8 has a memory leak issue while viewing XML files, and from add-on/tool bars.
My recommendation would to try to run IE 8 without add-ons and see how that works and then go from there.

#6 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 02 January 2012 - 08:38 PM

update:

my son was on the computer last night and now i may have a bigger problem(maybe related to my original?)

now the computer is slow altogether, whether surfing or not. i opened task manager and i see multiple instances(10) of svchost.exe. i normally wouldn't see that many. and one particular instance of svchost ramps up the memory usage. right now, as i type, it is over 495,000 K.

i did another malwarebytes scan and tried to save the log. i cannot save it for some reason. when i opened the log folder to see if my previous log had been saved, it wasn't there. i guess it didn't save yesterday, so i took a screen shot of the results and attached it to this post. i never removed anything from the scan results because i thought i'd wait for assistance; i didn't want to mess up my Registry.

one last thing. i decided to "end process" of the svchost that was large in order to write this letter because my computer is extremely slow. as a result of this my start menu, as well as my task bar, has changed in style and size.

WITS: i'll try disabling the add-ons and see what happens.

#7 WITS

WITS

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:01:31 PM

Posted 03 January 2012 - 12:45 AM

Now that computer is acting sluggish as well and with many svhost absorbing much of your system resources, it might be time to run a virus scan.
What AV do you currently have running?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 PM

Posted 03 January 2012 - 11:11 PM

Hello,This is normal with IE8. The additional IE processes are created to make Automatic Crash Recovery possible.

I take it the restore previous session or go to home page still happens.
Reboot
One at a time re-enable the add-ons until it re-occurs.
Uninstalling and re-installing the latest version of that add-on should fix it.


Please post the MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 04 January 2012 - 09:09 PM

hi. thanks for replying.

yes, the restore previous session or go to home page still works... when i have to close because of sluggishness or freezing.

ok, i rebooted, and enabled the add-ons i wanted to keep.

here's a problem. i cannot open MBAM anymore. i get the error message
"The Malwarebytes Anti-Malware database is missing or corrupt. Would you like to download a new copy?".
when i select "no", i get another message saying
"Product files are missing or corrupt. Please reinstall the product.
PROGRAM_ERROR_LOAD_DATABASE (0,2, SDKCreate)

Furthermore, i cannot locate my earlier log that i thought i saved. MBAM wouldn't save the log. it went through the motions, but when i opened the folder to look for it, it wasn't there. all my older logs from a previous version were there.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 PM

Posted 04 January 2012 - 09:37 PM

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 05 January 2012 - 10:33 PM

ok, here is the log.

one thing to note: i'm still not able to save it to the default location, but was able to save it to my desktop.




Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bigtimer :: NEWPC [administrator]

1/5/2012 19:53:13
mbam-log-2012-01-05 (21-51-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267243
Time elapsed: 1 hour(s), 2 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> No action taken.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> No action taken.
HKCR\CLSID\{E856B973-45FD-4559-8F82-EAB539144667} (Adware.Gdown) -> No action taken.
HKCR\TypeLib\{DF058C45-CD18-453e-8745-5A77F60722AB} (Adware.Gdown) -> No action taken.
HKCR\Interface\{B5A33C35-7298-4D15-8753-A2E851E2EAB3} (Adware.Gdown) -> No action taken.
HKCR\GTDOWNDE.GTAutoFixDLCtrl.1 (Adware.Gdown) -> No action taken.
HKCR\GTDOWNDE.GTAutoFixDLCtrl (Adware.Gdown) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKCU\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> No action taken.
C:\WINDOWS\temp\wpbt0.dll (Exploit.Drop) -> No action taken.
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> No action taken.

(end)



one other thing. i don't know if it's because the computer is slowed to a crawl or not, but it won't shut down normally(start button), so i have to shut it down(or restart) manually.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 PM

Posted 06 January 2012 - 01:51 PM

OK, it's most likely malware related. So run these next please.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


<<<

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 07 January 2012 - 07:34 AM

ok, here are the logs.

MiniToolBox log:

MiniToolBox by Farbar
Ran by bigtimer (administrator) on 06-01-2012 at 20:07:07
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 M Network Connection = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
MAC Bridge Miniport = Network Bridge (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Network Bridge"

set address name="Network Bridge" source=dhcp
set dns name="Network Bridge" source=dhcp register=PRIMARY
set wins name="Network Bridge" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : NEWPC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 M Network Connection

Physical Address. . . . . . . . . : 00-07-E9-EF-E1-97

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::207:e9ff:feef:e197%4

Default Gateway . . . . . . . . . : 192.168.0.1

fe80::218:e7ff:fefe:65be%4

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : Friday, January 06, 2012 19:45:11

Lease Expires . . . . . . . . . . : Friday, January 13, 2012 19:45:11



Ethernet adapter Network Bridge:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : MAC Bridge Miniport

Physical Address. . . . . . . . . : F2-E4-79-DD-97-91

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.197.139

Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : fe80::f0e4:79ff:fedd:9791%5

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : A9-FE-C5-8B

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:169.254.197.139%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-00-0B

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.11%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled

1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.65.103, 74.125.65.99, 74.125.65.104, 74.125.65.147
74.125.65.106, 74.125.65.105



Pinging google.com [74.125.115.105] with 32 bytes of data:



Reply from 74.125.115.105: bytes=32 time=34ms TTL=51

Reply from 74.125.115.105: bytes=32 time=26ms TTL=51



Ping statistics for 74.125.115.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 34ms, Average = 30ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=72ms TTL=52

Reply from 209.191.122.70: bytes=32 time=77ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 72ms, Maximum = 77ms, Average = 74ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 ef e1 97 ...... Intel® PRO/100 M Network Connection - Packet Scheduler Miniport
0x10004 ...f2 e4 79 dd 97 91 ...... MAC Bridge Miniport - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.197.139 169.254.197.139 10
169.254.197.139 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.197.139 169.254.197.139 10
192.168.0.0 255.255.255.0 192.168.0.11 192.168.0.11 20
192.168.0.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.11 192.168.0.11 20
224.0.0.0 240.0.0.0 169.254.197.139 169.254.197.139 10
224.0.0.0 240.0.0.0 192.168.0.11 192.168.0.11 20
255.255.255.255 255.255.255.255 169.254.197.139 169.254.197.139 1
255.255.255.255 255.255.255.255 192.168.0.11 192.168.0.11 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/06/2012 07:52:13 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/06/2012 07:52:13 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/06/2012 07:52:13 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/06/2012 07:52:13 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/06/2012 07:52:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/06/2012 07:52:08 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (01/06/2012 03:07:14 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/06/2012 03:07:14 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/06/2012 03:07:14 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/06/2012 03:07:14 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (01/06/2012 03:03:25 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (01/06/2012 03:03:25 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (01/05/2012 09:54:13 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (01/05/2012 04:00:09 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (01/05/2012 03:57:15 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (01/03/2012 05:50:24 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Error: (01/03/2012 05:50:24 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Error: (01/03/2012 05:48:32 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Error: (01/03/2012 05:48:32 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Error: (01/03/2012 05:46:41 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/06/2012 07:52:13 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/06/2012 07:52:13 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/06/2012 07:52:13 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/06/2012 07:52:13 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/06/2012 07:52:11 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/06/2012 07:52:08 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (01/06/2012 03:07:14 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/06/2012 03:07:14 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/06/2012 03:07:14 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/06/2012 03:07:14 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================



"Nero SoundTrax Help (Version: 4.0.15.0)
32 Bit HP CIO Components Installer (Version: 1.0.0)
Ad-Aware SE Personal (Version: 1.06)
Adobe Download Manager (Version: 1.6.2.87)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 8.1.1 (Version: 8.1.1)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
Advertising Center (Version: 0.0.0.1)
AIO_Scan (Version: 90.0.222.000)
AnswerWorks Runtime
AnyDVD (Version: 6.7.8.0)
Apple Software Update (Version: 2.0.0.21)
ASAPI Update
ATI Control Panel
ATI Display Driver
ATI DVD Decoder 2.1.16.1 (Version: 2.1.16.1)
ATI Multimedia Center 8.1.16.0 (Version: 8.01.0000)
AutoCAD Express Tools - Mechanical Desktop 6
AutoCAD Mechanical 6 Migration Assistance
AVIcodec (remove only)
Avira Free Antivirus (Version: 12.0.0.872)
Banctec Service Agreement (Version: 1.00.0004)
BCM V.92 56K Modem
BitPim 0.9.05 (Version: 0.9.05)
Brother P-touch Quick Editor 2.0 (Version: 2.0.201)
Brother P-touch Software (Version: 1.0.006)
BufferChm (Version: 90.0.146.000)
C7200 (Version: 90.0.222.000)
C7200_doccd (Version: 90.0.222.000)
c7200_Help (Version: 90.0.222.000)
CCleaner (Version: 3.14)
Citi Virtual Account Numbers
CloneDVD2
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Copy (Version: 90.0.146.000)
DAO (Version: 3.5)
DAO (Version: 3.50)
Data Lifeguard Tools
DAVA for Windows CE
DAVA2003 for POCKETPC 2003
dBpowerAMP Mp4 & AAC Decode Codec
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
Dell Picture Studio - Dell Image Expert (Version: 3.4.1)
Dell ResourceCD
Dell Solution Center (Version: 1.00.0000)
Dell Support 5.0.0 (766)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.205.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 9.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DolbyFiles (Version: 2.0)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDDec (Version: 2.1.16.1)
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.2
DVDFab 6.2.0.5 (11/11/2009)
DVDFab 8.0.7.3 (29/01/2011)
DVDSentry (Version: 1.00.0001)
Easy CD Creator 5 Basic (Version: 5.3.4.21)
EphPod
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 90.0.146.000)
FLV Player 1.3.3
getPlus®_ocx
Help and Support Customization (Version: 1.00.0000)
HijackThis 2.0.2 (Version: 2.0.2)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Smart Web Printing (Version: 2.15.7.0)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.006.003)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
ImagXpress (Version: 7.0.74.0)
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II (Version: 2.00.0020)
iPod for Windows User Guide 2.0 (Version: 2.0)
iPod Software Updater (Version: 2.0)
Java™ 6 Update 12 (Version: 6.0.120)
Live 3.0.2
Logitech Media Server 7.7.0 (Version: 7.7.0)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Mechanical Desktop 6 (Version: 6.3.0.4)
Mechanical Desktop 6 Migration Assistance
Menu Templates - Starter Kit (Version: 9.0.4.0)
Microsoft .NET Framework (English) (Version: 1.0.3705)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MMC81 (Version: 8.01.0000)
Modem Helper
Movie Templates - Starter Kit (Version: 9.0.4.0)
MSN Messenger 5.0 (Version: 5.0.0544)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
MUSICMATCH Jukebox
MyDVD
Nero 9
Nero BurningROM (Version: 9.0.0.0)
Nero BurnRights (Version: 2.99.6.100)
Nero ControlCenter (Version: 0.0.0.1)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.0.5.100)
Nero CoverDesigner Help (Version: 4.0.0.0)
Nero Disc Copy Gadget (Version: 1.53.0.0)
Nero Disc Copy Gadget Help (Version: 2.0.0.0)
Nero DiscSpeed (Version: 4.99.5.105)
Nero DriveSpeed (Version: 3.99.5.105)
Nero Express (Version: 9.0.0.0)
Nero InfoTool (Version: 5.99.5.105)
Nero Installer (Version: 2.0.0.1)
Nero Live (Version: 1.0.164.0)
Nero Live Help (Version: 1.0.162.0)
Nero PhotoSnap (Version: 1.53.2.0)
Nero PhotoSnap Help (Version: 1.53.2.0)
Nero Recode (Version: 3.53.0.0)
Nero Recode Help (Version: 3.53.0.0)
Nero Rescue Agent (Version: 1.99.0.1)
Nero RescueAgent Help (Version: 1.99.0.1)
Nero ShowTime (Version: 4.99.0.0)
Nero StartSmart (Version: 9.0.10.100)
Nero StartSmart Help (Version: 9.0.0.0)
Nero Vision (Version: 0.0.0.1)
Nero Vision (Version: 6.0.6.100)
Nero WaveEditor (Version: 5.0.18.0)
Nero WaveEditor Help (Version: 5.0.15.0)
NeroBurningROM (Version: 9.0.9.100)
NeroExpress (Version: 9.0.9.100)
neroxml (Version: 1.0.0)
OpenSource Flash Video Splitter (remove only)
Oracle JInitiator 1.3.1.26
Paint Shop Pro 7 (Version: 7.05.0000)
PanoStandAlone (Version: 90.0.146.000)
PowerDVD
PS_AIO_02_ProductContext (Version: 90.0.222.000)
PS_AIO_02_Software (Version: 90.0.222.000)
PS_AIO_02_Software_min (Version: 90.0.222.000)
PSSWCORE (Version: 2.01.0000)
PureVoice (Version: 2.00.004)
QuickTime (Version: 7.2.0.240)
QuickTime Alternative 1.47 (Version: 1.47)
RealPlayer
Reason (Version: 2.5)
Retrospect 6.5 (Version: 6.50.0000)
Roxio VideoWave Movie Creator (Version: 1.6.635.0)
Scan (Version: 9.0.0.0)
Shockwave
SolutionCenter (Version: 90.0.146.000)
Sound Blaster Live!
SoundTrax (Version: 4.0.18.0)
Spybot - Search & Destroy 1.4 (Version: 1.4)
Status (Version: 90.0.146.000)
Steinberg WaveLab v4.00c
SUPERAntiSpyware Free Edition (Version: 4.25.0.1014)
Symantec Network Driver Update (Version: 5.3.2)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
Ultra AutoCAD Tool
UnloadSupport (Version: 9.0.0)
Unlocker 1.8.7 (Version: 1.8.7)
USB Keyboard Device 1.0.1.0
VC 9.0 Runtime (Version: 1.0.0)
VideoToolkit01 (Version: 90.0.146.000)
Viewpoint Media Player (Remove Only)
VLC media player 1.0.5 (Version: 1.0.5)
WD Media Center Driver (Version: 1.8.0.0)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 90.0.146.000)
Whale Communications' Client Components v3.1.3
Winamp (Version: 5.531 )
WinAVIVideoConverter
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Toolbar
YouTube Downloader 3.3
YouTube Downloader Toolbar v4.9 (Version: 4.9)
ZoneAlarm Firewall (Version: 10.1.079.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.079.000)
ZoneAlarm Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 91%
Total physical RAM: 766.98 MB
Available physical RAM: 68.12 MB
Total Pagefile: 1410.94 MB
Available Pagefile: 136.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.19 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:111.72 GB) (Free:0.79 GB) NTFS

========================= Users: ========================================

User accounts for \\NEWPC

Administrator ASPNET bigtimer
Guest HelpAssistant queen cee
SUPPORT_388945a0 SUPPORT_3f151ab9

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini122911-01.dmp

**** End of log ****







TDSSKiller log:

20:18:21.0640 2776 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:18:23.0656 2776 ============================================================
20:18:23.0656 2776 Current date / time: 2012/01/06 20:18:23.0656
20:18:23.0656 2776 SystemInfo:
20:18:23.0656 2776
20:18:23.0656 2776 OS Version: 5.1.2600 ServicePack: 3.0
20:18:23.0656 2776 Product type: Workstation
20:18:23.0656 2776 ComputerName: NEWPC
20:18:23.0656 2776 UserName: bigtimer
20:18:23.0656 2776 Windows directory: C:\WINDOWS
20:18:23.0656 2776 System windows directory: C:\WINDOWS
20:18:23.0656 2776 Processor architecture: Intel x86
20:18:23.0656 2776 Number of processors: 1
20:18:23.0656 2776 Page size: 0x1000
20:18:23.0656 2776 Boot type: Normal boot
20:18:23.0656 2776 ============================================================
20:18:29.0171 2776 Initialize success
20:18:45.0796 3076 ============================================================
20:18:45.0796 3076 Scan started
20:18:45.0796 3076 Mode: Manual;
20:18:45.0796 3076 ============================================================
20:18:51.0703 3076 Abiosdsk - ok
20:18:52.0421 3076 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
20:18:52.0546 3076 abp480n5 - ok
20:18:52.0734 3076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:18:52.0734 3076 ACPI - ok
20:18:52.0843 3076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:18:52.0890 3076 ACPIEC - ok
20:18:53.0000 3076 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
20:18:53.0109 3076 adpu160m - ok
20:18:53.0203 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:18:53.0218 3076 aec - ok
20:18:53.0328 3076 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:18:53.0328 3076 AegisP - ok
20:18:53.0453 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:18:53.0453 3076 AFD - ok
20:18:53.0578 3076 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:18:53.0609 3076 agp440 - ok
20:18:53.0703 3076 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
20:18:53.0750 3076 agpCPQ - ok
20:18:53.0906 3076 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
20:18:53.0937 3076 Aha154x - ok
20:18:54.0109 3076 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
20:18:54.0312 3076 aic78u2 - ok
20:18:54.0421 3076 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
20:18:54.0468 3076 aic78xx - ok
20:18:54.0593 3076 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
20:18:54.0671 3076 AliIde - ok
20:18:54.0781 3076 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
20:18:54.0843 3076 alim1541 - ok
20:18:54.0953 3076 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
20:18:55.0000 3076 amdagp - ok
20:18:55.0187 3076 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
20:18:55.0234 3076 amsint - ok
20:18:55.0421 3076 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
20:18:55.0421 3076 AnyDVD - ok
20:18:55.0546 3076 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:18:55.0546 3076 Arp1394 - ok
20:18:55.0625 3076 Asapi (7de1504dba7e72313bb4ca5587df86cf) C:\WINDOWS\system32\drivers\Asapi.sys
20:18:55.0625 3076 Asapi - ok
20:18:55.0718 3076 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
20:18:55.0765 3076 asc - ok
20:18:55.0859 3076 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
20:18:55.0937 3076 asc3350p - ok
20:18:56.0062 3076 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
20:18:56.0093 3076 asc3550 - ok
20:18:56.0234 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:18:56.0265 3076 AsyncMac - ok
20:18:56.0375 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:18:56.0375 3076 atapi - ok
20:18:56.0468 3076 Atdisk - ok
20:18:56.0609 3076 ati2mtag (5c7cdbae146d69fbc659cfbad49a30ca) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:18:56.0640 3076 ati2mtag - ok
20:18:56.0781 3076 atinrvxx (3c8b609eb8a2498772ce4defee718f14) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
20:18:56.0796 3076 atinrvxx - ok
20:18:56.0921 3076 ATITUNEP (0bd3da3776225a22129941f062e1b365) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
20:18:56.0921 3076 ATITUNEP - ok
20:18:57.0015 3076 ativraxx (0520fe3f5d58a82fd5af9af9a89b6e96) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
20:18:57.0015 3076 ativraxx - ok
20:18:57.0125 3076 ATIXSAudio (ee3b49defc177cab0e64f2690b7f1e21) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
20:18:57.0125 3076 ATIXSAudio - ok
20:18:57.0234 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:18:57.0296 3076 Atmarpc - ok
20:18:57.0437 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:18:57.0437 3076 audstub - ok
20:18:57.0609 3076 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:18:57.0609 3076 avgntflt - ok
20:18:57.0843 3076 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:18:57.0859 3076 avipbb - ok
20:18:57.0937 3076 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:18:57.0937 3076 avkmgr - ok
20:18:58.0078 3076 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
20:18:58.0109 3076 BCMModem - ok
20:18:58.0187 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:18:58.0187 3076 Beep - ok
20:18:58.0312 3076 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
20:18:58.0312 3076 Bridge - ok
20:18:58.0328 3076 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
20:18:58.0328 3076 BridgeMP - ok
20:18:58.0437 3076 bvrp_pci - ok
20:18:58.0578 3076 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
20:18:58.0625 3076 cbidf - ok
20:18:58.0703 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:18:58.0703 3076 cbidf2k - ok
20:18:58.0828 3076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:18:58.0859 3076 CCDECODE - ok
20:18:58.0953 3076 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
20:18:59.0000 3076 cd20xrnt - ok
20:18:59.0140 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:18:59.0140 3076 Cdaudio - ok
20:18:59.0218 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:18:59.0218 3076 Cdfs - ok
20:18:59.0343 3076 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
20:18:59.0359 3076 Cdr4_xp - ok
20:18:59.0640 3076 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
20:18:59.0640 3076 Cdralw2k - ok
20:18:59.0703 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:18:59.0703 3076 Cdrom - ok
20:19:00.0125 3076 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
20:19:00.0312 3076 cdudf_xp - ok
20:19:00.0812 3076 Changer - ok
20:19:01.0250 3076 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
20:19:01.0328 3076 CmdIde - ok
20:19:01.0500 3076 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
20:19:01.0531 3076 Cpqarray - ok
20:19:01.0703 3076 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
20:19:01.0765 3076 dac2w2k - ok
20:19:01.0984 3076 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
20:19:01.0984 3076 dac960nt - ok
20:19:02.0187 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:19:02.0281 3076 Disk - ok
20:19:02.0406 3076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:19:02.0500 3076 dmboot - ok
20:19:02.0765 3076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:19:02.0859 3076 dmio - ok
20:19:03.0187 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:19:03.0312 3076 dmload - ok
20:19:03.0406 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:19:03.0406 3076 DMusic - ok
20:19:03.0625 3076 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
20:19:03.0671 3076 dpti2o - ok
20:19:03.0781 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:19:03.0781 3076 drmkaud - ok
20:19:03.0843 3076 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
20:19:03.0859 3076 dvd_2K - ok
20:19:03.0937 3076 E100B (842c20ba5d00fa40e5a25b20fecd0f57) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:19:03.0937 3076 E100B - ok
20:19:04.0078 3076 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
20:19:04.0140 3076 EL90XBC - ok
20:19:04.0218 3076 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
20:19:04.0218 3076 ElbyCDIO - ok
20:19:04.0421 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:19:04.0453 3076 Fastfat - ok
20:19:04.0609 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:19:04.0625 3076 Fdc - ok
20:19:05.0421 3076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:19:05.0421 3076 Fips - ok
20:19:05.0890 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:19:05.0937 3076 Flpydisk - ok
20:19:06.0218 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:19:06.0281 3076 FltMgr - ok
20:19:06.0421 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:19:06.0421 3076 Fs_Rec - ok
20:19:06.0546 3076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:19:06.0578 3076 Ftdisk - ok
20:19:06.0671 3076 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:19:06.0671 3076 gameenum - ok
20:19:06.0781 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:19:06.0781 3076 Gpc - ok
20:19:06.0921 3076 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:19:06.0937 3076 HidUsb - ok
20:19:07.0109 3076 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
20:19:07.0140 3076 hpn - ok
20:19:08.0515 3076 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:19:08.0609 3076 HPZid412 - ok
20:19:08.0796 3076 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:19:08.0812 3076 HPZipr12 - ok
20:19:08.0906 3076 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:19:08.0921 3076 HPZius12 - ok
20:19:09.0000 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:19:09.0000 3076 HTTP - ok
20:19:09.0109 3076 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:19:09.0109 3076 i2omgmt - ok
20:19:09.0218 3076 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
20:19:09.0265 3076 i2omp - ok
20:19:09.0390 3076 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:19:09.0406 3076 i8042prt - ok
20:19:09.0531 3076 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
20:19:09.0593 3076 i81x - ok
20:19:09.0781 3076 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
20:19:09.0828 3076 iAimFP0 - ok
20:19:09.0937 3076 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
20:19:10.0015 3076 iAimFP1 - ok
20:19:10.0156 3076 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
20:19:10.0218 3076 iAimFP2 - ok
20:19:10.0390 3076 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
20:19:10.0437 3076 iAimFP3 - ok
20:19:10.0609 3076 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
20:19:10.0703 3076 iAimFP4 - ok
20:19:10.0875 3076 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
20:19:10.0937 3076 iAimTV0 - ok
20:19:11.0187 3076 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
20:19:11.0437 3076 iAimTV1 - ok
20:19:11.0890 3076 iAimTV2 - ok
20:19:12.0625 3076 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
20:19:12.0734 3076 iAimTV3 - ok
20:19:13.0031 3076 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
20:19:13.0062 3076 iAimTV4 - ok
20:19:14.0828 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:19:15.0046 3076 Imapi - ok
20:19:15.0484 3076 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
20:19:15.0531 3076 ini910u - ok
20:19:15.0656 3076 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:19:15.0718 3076 IntelIde - ok
20:19:16.0062 3076 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:19:16.0062 3076 intelppm - ok
20:19:16.0437 3076 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:19:16.0437 3076 ip6fw - ok
20:19:16.0796 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:19:16.0953 3076 IpFilterDriver - ok
20:19:17.0421 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:19:17.0437 3076 IpInIp - ok
20:19:17.0765 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:19:17.0828 3076 IpNat - ok
20:19:18.0453 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:19:18.0453 3076 IPSec - ok
20:19:18.0718 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:19:18.0828 3076 IRENUM - ok
20:19:19.0343 3076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:19:19.0359 3076 isapnp - ok
20:19:19.0515 3076 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
20:19:19.0515 3076 ISWKL - ok
20:19:20.0015 3076 ivusb (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys
20:19:20.0062 3076 ivusb - ok
20:19:20.0906 3076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:19:20.0906 3076 Kbdclass - ok
20:19:21.0109 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:19:21.0109 3076 kmixer - ok
20:19:21.0203 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:19:21.0234 3076 KSecDD - ok
20:19:21.0500 3076 lbrtfdc - ok
20:19:22.0140 3076 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
20:19:22.0296 3076 mmc_2K - ok
20:19:22.0859 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:19:22.0937 3076 mnmdd - ok
20:19:23.0156 3076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:19:23.0156 3076 Modem - ok
20:19:23.0281 3076 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:19:23.0390 3076 MODEMCSA - ok
20:19:23.0937 3076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:19:23.0953 3076 Mouclass - ok
20:19:24.0468 3076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:19:24.0500 3076 mouhid - ok
20:19:24.0640 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:19:24.0781 3076 MountMgr - ok
20:19:24.0875 3076 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
20:19:24.0906 3076 mraid35x - ok
20:19:25.0062 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:19:25.0109 3076 MRxDAV - ok
20:19:25.0359 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:19:25.0453 3076 MRxSmb - ok
20:19:26.0562 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:19:26.0609 3076 Msfs - ok
20:19:28.0265 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:19:28.0328 3076 MSKSSRV - ok
20:19:30.0156 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:19:30.0187 3076 MSPCLOCK - ok
20:19:30.0609 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:19:30.0671 3076 MSPQM - ok
20:19:30.0890 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:19:30.0906 3076 mssmbios - ok
20:19:31.0078 3076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:19:31.0140 3076 MSTEE - ok
20:19:31.0375 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:19:31.0406 3076 Mup - ok
20:19:31.0843 3076 MVDCODEC (58ec9ae882b44b697c43bd3842090cac) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
20:19:31.0859 3076 MVDCODEC - ok
20:19:32.0687 3076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:19:32.0718 3076 NABTSFEC - ok
20:19:32.0843 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:19:32.0875 3076 NDIS - ok
20:19:33.0000 3076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:19:33.0031 3076 NdisIP - ok
20:19:33.0171 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:19:33.0171 3076 NdisTapi - ok
20:19:33.0265 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:19:33.0281 3076 Ndisuio - ok
20:19:33.0421 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:19:33.0437 3076 NdisWan - ok
20:19:33.0531 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:19:33.0531 3076 NDProxy - ok
20:19:33.0671 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:19:33.0671 3076 NetBIOS - ok
20:19:33.0750 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:19:33.0750 3076 NetBT - ok
20:19:33.0859 3076 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:19:33.0859 3076 NIC1394 - ok
20:19:34.0468 3076 NMSCFG (1d3bb79a0035077297779c8c52ca3c01) C:\WINDOWS\System32\drivers\NMSCFG.SYS
20:19:34.0515 3076 NMSCFG - ok
20:19:34.0609 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:19:34.0609 3076 Npfs - ok
20:19:34.0765 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:19:34.0843 3076 Ntfs - ok
20:19:35.0000 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:19:35.0000 3076 Null - ok
20:19:35.0546 3076 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:19:35.0734 3076 nv - ok
20:19:35.0906 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:19:35.0953 3076 NwlnkFlt - ok
20:19:36.0031 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:19:36.0093 3076 NwlnkFwd - ok
20:19:36.0203 3076 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:19:36.0203 3076 ohci1394 - ok
20:19:36.0328 3076 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
20:19:36.0328 3076 omci - ok
20:19:36.0500 3076 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys
20:19:36.0578 3076 P16X - ok
20:19:36.0718 3076 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
20:19:36.0718 3076 P3 - ok
20:19:36.0796 3076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:19:36.0796 3076 Parport - ok
20:19:36.0890 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:19:36.0906 3076 PartMgr - ok
20:19:37.0046 3076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:19:37.0046 3076 ParVdm - ok
20:19:37.0125 3076 PCDCODEC (7213064624a8eef4806f73f785e75a37) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
20:19:37.0125 3076 PCDCODEC - ok
20:19:37.0218 3076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:19:37.0265 3076 PCI - ok
20:19:37.0421 3076 PCIDump - ok
20:19:37.0843 3076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
20:19:38.0078 3076 PCIIde - ok
20:19:38.0906 3076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:19:39.0078 3076 Pcmcia - ok
20:19:39.0234 3076 PDCOMP - ok
20:19:39.0312 3076 PDFRAME - ok
20:19:39.0500 3076 PDRELI - ok
20:19:39.0640 3076 PDRFRAME - ok
20:19:39.0796 3076 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
20:19:39.0812 3076 perc2 - ok
20:19:39.0921 3076 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
20:19:39.0968 3076 perc2hib - ok
20:19:40.0078 3076 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
20:19:40.0078 3076 pfc - ok
20:19:40.0203 3076 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
20:19:40.0250 3076 PfModNT - ok
20:19:40.0390 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:19:40.0390 3076 PptpMiniport - ok
20:19:40.0468 3076 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:19:40.0468 3076 Processor - ok
20:19:40.0546 3076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:19:40.0546 3076 PSched - ok
20:19:40.0671 3076 psi_kbd_filter_2k (ade03481f1579823bfcf21da49f0c0a3) C:\WINDOWS\System32\psikbdfiltdrv.sys
20:19:40.0687 3076 psi_kbd_filter_2k - ok
20:19:40.0812 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:19:40.0812 3076 Ptilink - ok
20:19:41.0000 3076 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
20:19:41.0000 3076 pwd_2k - ok
20:19:41.0140 3076 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:19:41.0203 3076 PxHelp20 - ok
20:19:41.0328 3076 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
20:19:41.0343 3076 ql1080 - ok
20:19:41.0437 3076 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
20:19:41.0468 3076 Ql10wnt - ok
20:19:41.0593 3076 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
20:19:41.0609 3076 ql12160 - ok
20:19:41.0687 3076 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
20:19:41.0703 3076 ql1240 - ok
20:19:41.0796 3076 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
20:19:41.0828 3076 ql1280 - ok
20:19:41.0968 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:19:41.0984 3076 RasAcd - ok
20:19:42.0359 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:19:42.0359 3076 Rasl2tp - ok
20:19:42.0453 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:19:42.0453 3076 RasPppoe - ok
20:19:42.0515 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:19:42.0515 3076 Raspti - ok
20:19:42.0593 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:19:42.0609 3076 Rdbss - ok
20:19:42.0687 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:19:42.0687 3076 RDPCDD - ok
20:19:42.0781 3076 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:19:42.0812 3076 rdpdr - ok
20:19:42.0953 3076 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:19:42.0984 3076 RDPWD - ok
20:19:43.0218 3076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:19:43.0218 3076 redbook - ok
20:19:43.0515 3076 rt2870 (678c8fdb9d6094d41f322b7159853c54) C:\WINDOWS\system32\DRIVERS\rt2870.sys
20:19:43.0640 3076 rt2870 - ok
20:19:43.0734 3076 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:19:43.0734 3076 SASDIFSV - ok
20:19:43.0781 3076 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:19:43.0796 3076 SASENUM - ok
20:19:43.0812 3076 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:19:43.0812 3076 SASKUTIL - ok
20:19:43.0906 3076 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
20:19:43.0921 3076 sbp2port - ok
20:19:44.0109 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:19:44.0140 3076 Secdrv - ok
20:19:44.0250 3076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:19:44.0250 3076 serenum - ok
20:19:44.0328 3076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:19:44.0328 3076 Serial - ok
20:19:44.0421 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:19:44.0421 3076 Sfloppy - ok
20:19:44.0500 3076 Simbad - ok
20:19:44.0593 3076 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
20:19:44.0625 3076 sisagp - ok
20:19:44.0718 3076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:19:44.0750 3076 SLIP - ok
20:19:44.0968 3076 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:19:45.0015 3076 SONYPVU1 - ok
20:19:45.0140 3076 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
20:19:45.0187 3076 Sparrow - ok
20:19:45.0265 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:19:45.0265 3076 splitter - ok
20:19:45.0359 3076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:19:45.0375 3076 sr - ok
20:19:45.0515 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:19:45.0546 3076 Srv - ok
20:19:45.0734 3076 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:19:45.0734 3076 ssmdrv - ok
20:19:45.0859 3076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:19:45.0906 3076 streamip - ok
20:19:45.0968 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:19:45.0968 3076 swenum - ok
20:19:46.0078 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:19:46.0078 3076 swmidi - ok
20:19:46.0218 3076 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
20:19:46.0250 3076 symc810 - ok
20:19:46.0406 3076 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
20:19:46.0453 3076 symc8xx - ok
20:19:46.0531 3076 SymEvent - ok
20:19:46.0609 3076 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
20:19:46.0656 3076 sym_hi - ok
20:19:46.0703 3076 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
20:19:46.0734 3076 sym_u3 - ok
20:19:46.0843 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:19:46.0843 3076 sysaudio - ok
20:19:47.0000 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:19:47.0031 3076 Tcpip - ok
20:19:47.0437 3076 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:19:47.0515 3076 Tcpip6 - ok
20:19:47.0921 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:19:47.0984 3076 TDPIPE - ok
20:19:48.0062 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:19:48.0140 3076 TDTCP - ok
20:19:48.0218 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:19:48.0234 3076 TermDD - ok
20:19:48.0390 3076 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
20:19:48.0453 3076 TosIde - ok
20:19:48.0562 3076 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:19:48.0578 3076 tunmp - ok
20:19:48.0671 3076 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
20:19:48.0671 3076 UdfReadr_xp - ok
20:19:48.0750 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:19:48.0781 3076 Udfs - ok
20:19:48.0843 3076 UKS11LDR (620ce857a21205399afc47e576a35884) C:\WINDOWS\system32\drivers\uks11ldr.sys
20:19:48.0890 3076 UKS11LDR - ok
20:19:48.0984 3076 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
20:19:49.0031 3076 ultra - ok
20:19:49.0203 3076 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
20:19:49.0265 3076 UnlockerDriver5 - ok
20:19:49.0375 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:19:49.0390 3076 Update - ok
20:19:49.0484 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:19:49.0515 3076 usbccgp - ok
20:19:49.0640 3076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:19:49.0640 3076 usbehci - ok
20:19:49.0687 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:19:49.0687 3076 usbhub - ok
20:19:49.0796 3076 USBKT1X1 (219e776dfadb932e7f82ac1d8e3f654e) C:\WINDOWS\system32\drivers\usbkt1x1.sys
20:19:49.0843 3076 USBKT1X1 - ok
20:19:49.0921 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:19:49.0937 3076 usbprint - ok
20:19:50.0015 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:19:50.0046 3076 usbscan - ok
20:19:50.0125 3076 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
20:19:50.0171 3076 usbser - ok
20:19:50.0250 3076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:19:50.0250 3076 USBSTOR - ok
20:19:50.0296 3076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:19:50.0312 3076 usbuhci - ok
20:19:50.0375 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:19:50.0375 3076 VgaSave - ok
20:19:50.0468 3076 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
20:19:50.0515 3076 viaagp - ok
20:19:50.0578 3076 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
20:19:50.0625 3076 ViaIde - ok
20:19:50.0687 3076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:19:50.0734 3076 VolSnap - ok
20:19:50.0843 3076 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) C:\WINDOWS\system32\vsdatant.sys
20:19:50.0890 3076 Vsdatant - ok
20:19:51.0453 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:19:51.0468 3076 Wanarp - ok
20:19:51.0531 3076 wanatw - ok
20:19:51.0671 3076 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:19:51.0687 3076 wceusbsh - ok
20:19:51.0734 3076 WDICA - ok
20:19:51.0781 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:19:51.0796 3076 wdmaud - ok
20:19:51.0937 3076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:19:51.0984 3076 WSTCODEC - ok
20:19:52.0062 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:19:52.0093 3076 WudfPf - ok
20:19:52.0171 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:19:52.0187 3076 WudfRd - ok
20:19:52.0265 3076 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
20:19:52.0296 3076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:19:52.0296 3076 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:19:52.0343 3076 Boot (0x1200) (562a8c3cb055f0324ae038875988ac2d) \Device\Harddisk0\DR0\Partition0
20:19:52.0343 3076 \Device\Harddisk0\DR0\Partition0 - ok
20:19:52.0343 3076 ============================================================
20:19:52.0343 3076 Scan finished
20:19:52.0343 3076 ============================================================
20:19:52.0359 3212 Detected object count: 1
20:19:52.0359 3212 Actual detected object count: 1
20:21:22.0078 3212 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:21:22.0078 3212 \Device\Harddisk0\DR0 - ok
20:21:22.0078 3212 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:22:24.0625 2728 Deinitialize success





ESETScan log:

C:\Documents and Settings\bigtimer\Desktop\unlocker1.8.6.exe Win32/Adware.ADON application deleted - quarantined
C:\Documents and Settings\bigtimer\Desktop\YouTubeDownloaderSetup265.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Documents and Settings\bigtimer\Desktop\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Documents and Settings\bigtimer\Desktop\TEMP LEXAR DUMP\FULL_FELIX21.EXE Win32/Joke.ScreenMate application cleaned by deleting - quarantined
C:\Documents and Settings\bigtimer\Desktop\temppppppppp\CertExams[1].Network.Simulator.for.CCNA.v3.00.WinALL-BLiZZARD.rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
C:\Documents and Settings\bigtimer\Desktop\temppppppppp\DVDFAB5075SG.rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
C:\Documents and Settings\bigtimer\Desktop\temppppppppp\dvdfab5.0.2.0\DVDFab[1].Plat.5020.F.LD.rar Win32/HackTool.Patcher.A application deleted - quarantined
C:\Documents and Settings\bigtimer\Desktop\temppppppppp\unlocker1[1].8.7\unlocker1.8.7.exe Win32/Adware.ADON application deleted - quarantined
C:\Documents and Settings\bigtimer\My Documents\dvdstuph\DVDFABFPlatinum5075\universal.dvdfab.platinum.5-patch.2.0.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\Documents and Settings\bigtimer\My Documents\dvdstuph\slysoft - anydvd-clonedvd\AnyDVD 5[1].9.6.1 May-17-2006.zip probably a variant of Win32/Spy.Agent.ESBBSTG trojan deleted - quarantined
C:\Documents and Settings\bigtimer\My Documents\dvdstuph\slysoft - anydvd-clonedvd\anydvd 5[1].9.6.3.rar probably a variant of Win32/Spy.Agent.ESBBSTG trojan deleted - quarantined
C:\Documents and Settings\bigtimer\My Documents\dvdstuph\slysoft - anydvd-clonedvd\anydvd 6[1].0.1.1.rar probably a variant of Win32/Spy.Agent.ESBBSTG trojan deleted - quarantined
C:\Documents and Settings\bigtimer\My Documents\dvdstuph\slysoft - anydvd-clonedvd\AnyDVD HD 6511\AnyDVD6511BDD.rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0Y0OIRC3\vrhnjcyqnyhckbhapbenm[1].jar a variant of Java/Agent.DZ trojan deleted - quarantined
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe Win32/Adware.ADON application deleted - quarantined
C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined



notes:
- it looks like the svchost file i posted about in post #6 is no longer as big :)
- Avira was getting hits as i was running the programs. I didn't take any action, just closed that window and let the progs continue.
- Should i delete the ESET files?

thanks

Edited by hitpro, 07 January 2012 - 07:50 AM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 PM

Posted 07 January 2012 - 11:15 PM

Yes remove those ESET files. Let me know how it is after all this..
You did reoot after the TDSS scan,it was needed.

We still have some work to do. I will post it all as it needs to get done.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes) FULL:
Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


>>>>>>>>>>>>>>>>>>>>
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional


Also I would remove these toolbars if you do not use them.
Yahoo! Toolbar
YouTube Downloader Toolbar v4.9 (Version: 4.9)
ZoneAlarm Toolbar
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 hitpro

hitpro
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 09 January 2012 - 11:14 PM

removed ESET files. pc's running much better now.
and, yes, i had to reboot after TDSS.


here are the logs:

SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/08/2012 at 09:58 PM

Application Version : 5.0.1142

Core Rules Database Version : 8112
Trace Rules Database Version: 5924

Scan type : Complete Scan
Total Scan Time : 03:03:09

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 279
Memory threats detected : 0
Registry items scanned : 38931
Registry threats detected : 0
File items scanned : 250576
File threats detected : 185

Adware.Tracking Cookie
C:\Documents and Settings\bigtimer\Cookies\PERUEP3P.txt [ /ar.atwola.com ]
C:\Documents and Settings\bigtimer\Cookies\Y0NAG52K.txt [ /travelholdings.112.2o7.net ]
C:\Documents and Settings\bigtimer\Cookies\80I94TFK.txt [ /invitemedia.com ]
C:\Documents and Settings\bigtimer\Cookies\6R3QTNIA.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\bigtimer\Cookies\U9BR80B1.txt [ /adxpose.com ]
C:\Documents and Settings\bigtimer\Cookies\R9UO3XM6.txt [ /collective-media.net ]
C:\Documents and Settings\bigtimer\Cookies\72UYEBWK.txt [ /averydennison.112.2o7.net ]
C:\Documents and Settings\bigtimer\Cookies\FMC6MKZX.txt [ /adinterax.com ]
C:\Documents and Settings\bigtimer\Cookies\9CFR7QLZ.txt [ /serving-sys.com ]
C:\Documents and Settings\bigtimer\Cookies\HIZ06PLS.txt [ /adbrite.com ]
C:\Documents and Settings\bigtimer\Cookies\T397ND2V.txt [ /media6degrees.com ]
C:\Documents and Settings\bigtimer\Cookies\X1HM0UI9.txt [ /dmtracker.com ]
C:\Documents and Settings\bigtimer\Cookies\202V06FR.txt [ /a.intentmedia.net ]
C:\Documents and Settings\bigtimer\Cookies\1I4B5MNI.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\bigtimer\Cookies\YFNIEWS3.txt [ /questionmarket.com ]
C:\Documents and Settings\bigtimer\Cookies\NSSFZF5Q.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\bigtimer\Cookies\J8VXL38A.txt [ /interclick.com ]
C:\Documents and Settings\bigtimer\Cookies\Y8ISBOOZ.txt [ /zedo.com ]
C:\Documents and Settings\bigtimer\Cookies\Q6V5U7XT.txt [ /realmedia.com ]
C:\Documents and Settings\bigtimer\Cookies\6HKQ3RFE.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\bigtimer\Cookies\Y24OFSIH.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\bigtimer\Cookies\XWRPOTKC.txt [ /247realmedia.com ]
C:\Documents and Settings\bigtimer\Cookies\ZYNR9TWI.txt [ /revsci.net ]
C:\Documents and Settings\bigtimer\Cookies\B0PC18CP.txt [ /at.atwola.com ]
C:\Documents and Settings\bigtimer\Cookies\YO1AUTUK.txt [ /mm.chitika.net ]
C:\Documents and Settings\bigtimer\Cookies\UPHT6KWH.txt [ /pro-market.net ]
C:\Documents and Settings\bigtimer\Cookies\CD7XD6G5.txt [ /ads.undertone.com ]
C:\Documents and Settings\bigtimer\Cookies\82LAVCH1.txt [ /bizrate.com ]
C:\Documents and Settings\bigtimer\Cookies\XFZ8FJMA.txt [ /atwola.com ]
C:\Documents and Settings\bigtimer\Cookies\XXW58O0D.txt [ /yieldmanager.net ]
C:\Documents and Settings\bigtimer\Cookies\5IQII4JQ.txt [ /accounts.google.com ]
C:\Documents and Settings\bigtimer\Cookies\GEQP8OK5.txt [ /tribalfusion.com ]
C:\Documents and Settings\bigtimer\Cookies\56KHWDHN.txt [ /casalemedia.com ]
C:\Documents and Settings\bigtimer\Cookies\3OLUP2C0.txt [ /imrworldwide.com ]
C:\Documents and Settings\bigtimer\Cookies\R3105FIU.txt [ /ru4.com ]
C:\Documents and Settings\bigtimer\Cookies\HN4VBVQ7.txt [ /apmebf.com ]
C:\Documents and Settings\bigtimer\Cookies\P31PU816.txt [ /2o7.net ]
C:\Documents and Settings\bigtimer\Cookies\M1HYKHN6.txt [ /specificclick.net ]
C:\Documents and Settings\bigtimer\Cookies\KNV48YRX.txt [ /a1.interclick.com ]
C:\Documents and Settings\bigtimer\Cookies\FJF70CAH.txt [ /akamai.interclickproxy.com ]
C:\DOCUMENTS AND SETTINGS\bigtimer\Cookies\E2K26M9L.txt [ Cookie:bigtimer@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\R7NNUUFV.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0ZZO07U2.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\53G1XHU1.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\6WHME2MJ.txt [ Cookie:system@www.google.com/adsense/support ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\S4ZDAQAD.txt [ Cookie:system@google.com/adsense/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7LIKM8ZE.txt [ Cookie:system@support.google.com/adsense/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\MOQYYR2H.txt [ Cookie:system@lovecomm.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8D0FH3KC.txt [ Cookie:system@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\EZJYRI9A.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\DW67FEVL.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HHFGCPQU.txt [ Cookie:system@google.com/intl/en/ads/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AXWP9CSE.txt [ Cookie:system@mediadakine.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ACG4R137.txt [ Cookie:system@eas.apm.emediate.eu/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4JSJ034F.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XYJUT3BD.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QLFV36HL.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\DTGGXVCF.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0JQBTS41.txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\5DC3520H.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\74JFGS1Y.txt [ Cookie:system@xml.prostreammedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\G7J7860U.txt [ Cookie:system@amazon-adsystem.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\5ADJG3GT.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\G9DHMB5I.txt [ Cookie:system@lfstmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZP0VYMKA.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3AN1BCJ4.txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SUKPJSRE.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\LD7IQ86W.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1NKHZCYA.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\Q7SLOG2Q.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\2K3APIO9.txt [ Cookie:system@www.google.com/adsense/v3/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QDA8470T.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BUD4B1MT.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\X53RVLTD.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\903IQ2HG.txt [ Cookie:system@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\X3N9DARH.txt [ Cookie:system@stevesmithmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\78FX52TZ.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\PCCZLC73.txt [ Cookie:system@lokyfind.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4VBXFBCZ.txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\KSJ3HT1K.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UWWGI0H6.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\Z3X16XIR.txt [ Cookie:system@youngbucks.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TGZE9A45.txt [ Cookie:system@citygridmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BV0WT22D.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZINL6N61.txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\G83BXQXU.txt [ Cookie:system@d.mediadakine.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\58Y1MWGN.txt [ Cookie:system@intfind.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\PGJ5T38U.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7G27UIHI.txt [ Cookie:system@kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZZQ81860.txt [ Cookie:system@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\OBU7VAW5.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HVOKFLXM.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7ZHKBX3A.txt [ Cookie:system@azjmp.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1JJN0329.txt [ Cookie:system@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt155034 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1F21AZHM.txt [ Cookie:system@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6IDS1F7I.txt [ Cookie:system@weborama.fr/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QDV36UY2.txt [ Cookie:system@d.mediadakine.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IV4LV1N2.txt [ Cookie:system@lfstmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\R3KS1O2F.txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LWDLSTRM.txt [ Cookie:system@indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U432248Z.txt [ Cookie:system@eas.apm.emediate.eu/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9P5MQE1A.txt [ Cookie:system@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3Z0QOIDD.txt [ Cookie:system@lovecomm.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9E4V6AG8.txt [ Cookie:system@weborama.fr/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6N65J9GB.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SBX4VLNL.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C5K1SWG2.txt [ Cookie:system@trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\G2LIXBN3.txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HJQ5GOFR.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KXUE5ELF.txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YFEU2QBU.txt [ Cookie:system@www.googleadservices.com/pagead/conversion/1028988717/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C3IKDM61.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UFQTMBPG.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X7TYXVRK.txt [ Cookie:system@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YNB80E4C.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NDFU5OGV.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HUHT3R1W.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8B8BTCW5.txt [ Cookie:system@optimize.indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\62G0T5DV.txt [ Cookie:system@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RSMY1ACC.txt [ Cookie:system@www.googleadservices.com/pagead/conversion/1069112250/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XJIAPU19.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IK3YQ6JL.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Q7URLA1V.txt [ Cookie:system@adtrackrs.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VZBSHCHG.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Z5R6SJBG.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T8TV502T.txt [ Cookie:system@keepufind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0HFWB9N8.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TV2866M3.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W037J163.txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RO4P6J14.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DHTEUH0J.txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4SGPU0S1.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6TXO7LRW.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3RWVEIDW.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1YXWT1P5.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\URPSBGWC.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SXDF1RJE.txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7VG8ABDJ.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NHQKQOPL.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HWB4NUMQ.txt [ Cookie:system@demandwarecrocs.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZXIQ7YMG.txt [ Cookie:system@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8MBAJ32X.txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MRNUJ76D.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\63G0FNKJ.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3RBVD3K7.txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HXVN4JQX.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IX0VWLI3.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GEMS6IBV.txt [ Cookie:system@www.googleadservices.com/pagead/conversion/1055156473/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PENTBOCZ.txt [ Cookie:system@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\F85TQVOE.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6H21J8V5.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M2TAPR6E.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\O7DDJLAT.txt [ Cookie:system@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2DFPCKCI.txt [ Cookie:system@adserver.leanmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ASEDLG4R.txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GZBZ4JT1.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WUDCYH20.txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VB8EXXH8.txt [ Cookie:system@ggpublishing.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HMRMNKH4.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IBI4F45W.txt [ Cookie:system@ads.saymedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\E4JTHM4D.txt [ Cookie:system@crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9D6IECJB.txt [ Cookie:system@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\G1WANOXA.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JMR29ECY.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PK9Y66RN.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ND413LFM.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\67HSXKEP.txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\A9JI82LL.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2E9MC52Q.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZUQDRQQB.txt [ Cookie:system@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt155034 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\32UOXO1N.txt [ Cookie:system@youngbucks.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4R0X1R7K.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X8YZLFPV.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\J1RX9KR8.txt [ Cookie:system@adsonar.com/adserving ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KZJDN5PM ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
crackle.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
media.heavy.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
media.oprah.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
mediacast.realgravity.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2AA72MZW ]




MBAM:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.09.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bigtimer :: NEWPC [administrator]

1/8/2012 22:08:10
mbam-log-2012-01-08 (22-08-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 441934
Time elapsed: 2 hour(s), 51 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.

(end)




things:
- although it's no big deal for me, there were a couple of the steps you outlined for SAS that didn't quite match what their windows show. maybe the steps are for an older version?
- i didn't see how to disable the JQS service by going to Start > Control Panel > Java > Advanced > Miscellaneous. after Control Panel ther is no Java option.
- i uninstalled the youtube downloader toolbar. the Zone Alarm toolbar actually says "ZoneAlarm Security Engine".when i deselect it, it says it's an add-on, and i get another window saying that i can disable the ZoneAlarm Security Engine Registrar as well. i don't know what that means. i don't know if i'll be disabling something important in Zone Alarm. and lastly, i use the yahoo toolbar, so i left it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users