Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe slowing down computer


  • Please log in to reply
16 replies to this topic

#1 mgm3494

mgm3494

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 02 January 2012 - 02:45 PM

Hi, I've been dealing with this for a few days now trying to get rid of this "virus". I've run norton anti-virus scans, malwarebytes scans, and super anti-spyware scans so far. Still, nothing is working. When I open up task manager svchost.exe will slowing rise to the top of the memory usage list, I've seen it over 1,000,000K and it slows down my computer to the point where I can't open up the start menu to shutdown. Any help would be appreciated! Thanks.
P.S. I'm using my laptop to access this forum but can still use my infected desktop to give you more information on the problem.

BC AdBot (Login to Remove)

 


#2 mgm3494

mgm3494
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 03 January 2012 - 08:11 PM

I tried this http://www.technibble.com/how-to-fix-svchost-using-100-cpu-memory-leak/ but it didn't seem to help my cause.

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 03 January 2012 - 08:51 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#4 mgm3494

mgm3494
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 03 January 2012 - 10:28 PM

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Norton AntiVirus
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

arbar Service Scanner
Ran by Owner (administrator) on 03-01-2012 at 19:59:15
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\System32\srsvc.dll".


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) MDC8021X(9) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox by Farbar
Ran by Owner (administrator) on 03-01-2012 at 20:00:21
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : RON-1M06XRCF2RB

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-39-EA-04

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Tuesday, January 03, 2012 6:57:19 PM

Lease Expires . . . . . . . . . . : Wednesday, January 04, 2012 6:57:19 PM

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.52, 74.125.225.48, 74.125.225.50, 74.125.225.49
74.125.225.51



Pinging google.com [74.125.225.48] with 32 bytes of data:



Reply from 74.125.225.48: bytes=32 time=18ms TTL=51

Reply from 74.125.225.48: bytes=32 time=19ms TTL=51



Ping statistics for 74.125.225.48:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 19ms, Average = 18ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=40ms TTL=55

Reply from 209.191.122.70: bytes=32 time=44ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 44ms, Average = 42ms

Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 39 ea 04 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/02/2012 07:06:21 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (01/01/2012 07:01:55 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (12/31/2011 11:03:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Not enough storage is available to process this command.

Error: (12/31/2011 11:03:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Not enough storage is available to process this command.

Error: (12/31/2011 10:38:50 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1612583200.

Error: (12/31/2011 10:38:32 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2011 10:28:39 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2011 10:28:11 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2011 10:27:15 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2011 10:24:05 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/03/2012 07:04:14 PM) (Source: Service Control Manager) (User: )
Description: The MSSQL$MICROSOFTBCM service failed to start due to the following error:
%%1053

Error: (01/03/2012 07:04:14 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the MSSQL$MICROSOFTBCM service to connect.

Error: (01/03/2012 07:04:14 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error:
%%1053

Error: (01/03/2012 07:04:14 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the MBAMService service to connect.

Error: (01/03/2012 07:04:14 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%1053

Error: (01/03/2012 07:04:14 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.

Error: (01/03/2012 06:55:01 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/03/2012 06:53:03 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/03/2012 06:52:51 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/03/2012 06:52:39 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (01/02/2012 07:06:21 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BB

Error: (01/01/2012 07:01:55 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L

Error: (12/31/2011 11:03:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtNot enough storage is available to process this command.

Error: (12/31/2011 11:03:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtNot enough storage is available to process this command.

Error: (12/31/2011 10:38:50 PM) (Source: Application Hang)(User: )
Description: -1612583200

Error: (12/31/2011 10:38:32 PM) (Source: Application Hang)(User: )
Description: firefox.exe8.0.0.4325hungapp0.0.0.000000000

Error: (12/31/2011 10:28:39 PM) (Source: Application Hang)(User: )
Description: firefox.exe8.0.0.4325hungapp0.0.0.000000000

Error: (12/31/2011 10:28:11 PM) (Source: Application Hang)(User: )
Description: firefox.exe8.0.0.4325hungapp0.0.0.000000000

Error: (12/31/2011 10:27:15 PM) (Source: Application Hang)(User: )
Description: firefox.exe8.0.0.4325hungapp0.0.0.000000000

Error: (12/31/2011 10:24:05 PM) (Source: Application Hang)(User: )
Description: firefox.exe8.0.0.4325hungapp0.0.0.000000000


=========================== Installed Programs ============================

(Version: 6.9.1)
2570 (Version: 50.0.214.000)
2570_Help (Version: 50.0.214.000)
2570Trb (Version: 50.0.214.000)
2Wire Wireless Client
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.4.5 (Version: 9.4.5)
AiO_Scan_CDA (Version: 50.0.214.000)
AiOSoftwareNPI (Version: 50.0.214.000)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.1.116)
AT&T Yahoo! High Speed Internet Home Networking Installer
Bing Bar (Version: 7.0.822.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 2.0.4.0)
BufferChm (Version: 53.0.13.000)
Business Contact Manager for Outlook 2003 (Version: 1.0.2002.1)
Combat Arms
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Counter-Strike: Source
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
Creative MediaSource
Dell ResourceCD
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diablo II
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.5.0.15)
DivX Version Checker (Version: 7.1.0.9)
DocProc (Version: 5.2.0.0)
Download Manager 2.3.10 (Version: 2.3.10)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
eSupportQFolder (Version: 1.00.0000)
Fax_CDA (Version: 50.0.214.000)
FirstClass® Client (Version: 9.1 (build 9.126))
Garry's Mod
GIMP 2.6.8
Google Updater (Version: 2.4.2432.1652)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP PSC & OfficeJet 5.3.A
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HPProductAssistant (Version: 53.0.13.000)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
jZip
League of Legends (Version: 1.0020)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MLB.TV NexDef Plug-in
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Near Reality (Version: 8.2.0)
NewCopy_CDA (Version: 50.0.214.000)
Nexon Game Manager
Nokia Connectivity Cable Driver (Version: 7.1.23.0)
Norton AntiVirus (Version: 17.9.0.12)
Norton Security Scan (Version: 3.0.1.8)
Pando Media Booster (Version: 2.3.6.0)
PC Connectivity Solution (Version: 9.44.0.3)
ProductContextNPI (Version: 50.0.214.000)
QuickTime (Version: 7.69.80.9)
Readme (Version: 50.0.214.000)
RuneScape (Version: 1.0.7)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
Skype™ 4.1 (Version: 4.1.179)
SmartMusic 2011 (Version: 13.0.0)
SolutionCenter (Version: 50.0.152.000)
Sound Blaster Live! 24-bit
SoundMAX
Speccy (Version: 1.12)
SpeedFan (remove only)
Status (Version: 53.0.13.000)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1142)
TI Connect 1.6 (Version: 1.6)
TrayApp (Version: 53.0.13.000)
Unload (Version: 5.0.0)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.5 (Version: 1.0.5)
Vuze_Remote Toolbar (Version: )
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 53.0.13.000)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 14.5 (Version: 14.5.9095)
XML Paper Specification Shared Components Pack 1.0
ZapShares 3.6 (Version: 3.6)
ZSMC USB PC Camera (ZS0211) (Version: 2007.04.19)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 2045.98 MB
Available physical RAM: 1080.8 MB
Total Pagefile: 2664.2 MB
Available Pagefile: 1506.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.27 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:142.84 GB) NTFS
3 Drive d: (TI-83_TI-84Plus) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


**** End of log ****

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: [administrator]

Protection: Disabled

1/3/2012 8:01:54 PM
mbam-log-2012-01-03 (20-01-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214175
Time elapsed: 19 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


GMER wasn't working correctly even in safe mode.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 03 January 2012 - 10:34 PM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 mgm3494

mgm3494
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 03 January 2012 - 11:36 PM

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-03 21:38:51
-----------------------------
21:38:51.609 OS Version: Windows 5.1.2600 Service Pack 3
21:38:51.609 Number of processors: 2 586 0x304
21:38:51.609 ComputerName: RON-1M06XRCF2RB UserName: Owner
21:38:53.187 Initialize success
21:41:43.015 AVAST engine defs: 12010301
21:42:33.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
21:42:33.796 Disk 0 Vendor: WDC_WD3200JD-00KLB0 08.05J08 Size: 305245MB BusType: 3
21:42:33.796 Device \Driver\atapi -> DriverStartIo 8a4752c6
21:42:33.828 Disk 0 MBR read successfully
21:42:33.828 Disk 0 MBR scan
21:42:34.015 Disk 0 MBR:Pihar-C [Rtk]
21:42:34.015 Disk 0 TDL4@MBR code has been found
21:42:34.015 Disk 0 Windows XP default MBR code found via API
21:42:34.015 Disk 0 MBR hidden
21:42:34.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
21:42:34.046 Disk 0 MBR [TDL4] **ROOTKIT**
21:42:34.046 Disk 0 trace - called modules:
21:42:34.046 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a47549f]<<
21:42:34.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c7ab8]
21:42:34.265 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8a597030]
21:42:34.265 \Driver\atapi[0x8a524708] -> IRP_MJ_CREATE -> 0x8a47549f
21:42:35.828 AVAST engine scan C:\WINDOWS
21:42:59.531 AVAST engine scan C:\WINDOWS\system32
21:46:45.203 AVAST engine scan C:\WINDOWS\system32\drivers
21:47:09.468 AVAST engine scan C:\Documents and Settings\Owner
22:11:21.718 File: C:\Documents and Settings\Owner\Desktop\Ron\Local Settings\Temp\twcUpdatePromo.exe **INFECTED** Win32:Malware-gen
22:17:52.500 File: C:\Documents and Settings\Owner\Local Settings\Temp\A566.tmp **INFECTED** Win32:Malware-gen
22:23:58.203 AVAST engine scan C:\Documents and Settings\All Users
22:31:08.390 Scan finished successfully
22:35:08.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:35:08.765 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 03 January 2012 - 11:41 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 mgm3494

mgm3494
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 03 January 2012 - 11:49 PM

22:46:11.0593 1316 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:46:12.0109 1316 ============================================================
22:46:12.0109 1316 Current date / time: 2012/01/03 22:46:12.0109
22:46:12.0109 1316 SystemInfo:
22:46:12.0109 1316
22:46:12.0109 1316 OS Version: 5.1.2600 ServicePack: 3.0
22:46:12.0109 1316 Product type: Workstation
22:46:12.0109 1316 ComputerName: RON-1M06XRCF2RB
22:46:12.0125 1316 UserName: Owner
22:46:12.0125 1316 Windows directory: C:\WINDOWS
22:46:12.0125 1316 System windows directory: C:\WINDOWS
22:46:12.0125 1316 Processor architecture: Intel x86
22:46:12.0125 1316 Number of processors: 2
22:46:12.0125 1316 Page size: 0x1000
22:46:12.0125 1316 Boot type: Normal boot
22:46:12.0125 1316 ============================================================
22:46:14.0250 1316 Initialize success
22:46:21.0500 1660 ============================================================
22:46:21.0500 1660 Scan started
22:46:21.0500 1660 Mode: Manual;
22:46:21.0500 1660 ============================================================
22:46:22.0421 1660 Abiosdsk - ok
22:46:22.0453 1660 abp480n5 - ok
22:46:22.0500 1660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:46:22.0515 1660 ACPI - ok
22:46:22.0546 1660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:46:22.0562 1660 ACPIEC - ok
22:46:22.0578 1660 adpu160m - ok
22:46:22.0609 1660 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:46:22.0625 1660 aeaudio - ok
22:46:22.0656 1660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:46:22.0687 1660 aec - ok
22:46:22.0734 1660 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:46:22.0750 1660 AFD - ok
22:46:22.0765 1660 Aha154x - ok
22:46:22.0781 1660 aic78u2 - ok
22:46:22.0796 1660 aic78xx - ok
22:46:22.0812 1660 AliIde - ok
22:46:22.0828 1660 amsint - ok
22:46:22.0859 1660 asc - ok
22:46:22.0875 1660 asc3350p - ok
22:46:22.0890 1660 asc3550 - ok
22:46:22.0937 1660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:46:22.0953 1660 AsyncMac - ok
22:46:22.0968 1660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:46:22.0968 1660 atapi - ok
22:46:22.0984 1660 Atdisk - ok
22:46:23.0015 1660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:46:23.0046 1660 Atmarpc - ok
22:46:23.0109 1660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:46:23.0156 1660 audstub - ok
22:46:23.0296 1660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:46:23.0343 1660 Beep - ok
22:46:23.0593 1660 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
22:46:23.0609 1660 BHDrvx86 - ok
22:46:23.0671 1660 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\System32\drivers\bvrp_pci.sys
22:46:23.0703 1660 bvrp_pci - ok
22:46:23.0765 1660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:46:23.0781 1660 cbidf2k - ok
22:46:23.0859 1660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:46:23.0906 1660 CCDECODE - ok
22:46:23.0984 1660 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\WINDOWS\system32\drivers\NAV\1109000.00C\ccHPx86.sys
22:46:24.0031 1660 ccHP - ok
22:46:24.0046 1660 cd20xrnt - ok
22:46:24.0062 1660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:46:24.0078 1660 Cdaudio - ok
22:46:24.0125 1660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:46:24.0140 1660 Cdfs - ok
22:46:24.0156 1660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:46:24.0234 1660 Cdrom - ok
22:46:24.0250 1660 Changer - ok
22:46:24.0281 1660 CmdIde - ok
22:46:24.0312 1660 Cpqarray - ok
22:46:24.0375 1660 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
22:46:24.0390 1660 ctsfm2k - ok
22:46:24.0406 1660 dac2w2k - ok
22:46:24.0421 1660 dac960nt - ok
22:46:24.0468 1660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:46:24.0484 1660 Disk - ok
22:46:24.0531 1660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:46:24.0562 1660 dmboot - ok
22:46:24.0593 1660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:46:24.0609 1660 dmio - ok
22:46:24.0656 1660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:46:24.0703 1660 dmload - ok
22:46:24.0781 1660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:46:24.0796 1660 DMusic - ok
22:46:24.0812 1660 dpti2o - ok
22:46:24.0843 1660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:46:24.0843 1660 drmkaud - ok
22:46:24.0906 1660 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:46:24.0906 1660 E100B - ok
22:46:24.0921 1660 EagleXNt - ok
22:46:25.0031 1660 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:46:25.0078 1660 eeCtrl - ok
22:46:25.0093 1660 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:46:25.0140 1660 EraserUtilRebootDrv - ok
22:46:25.0171 1660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:46:25.0250 1660 Fastfat - ok
22:46:25.0281 1660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:46:25.0296 1660 Fdc - ok
22:46:25.0328 1660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:46:25.0343 1660 Fips - ok
22:46:25.0359 1660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:46:25.0375 1660 Flpydisk - ok
22:46:25.0406 1660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:46:25.0421 1660 FltMgr - ok
22:46:25.0453 1660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:46:25.0468 1660 Fs_Rec - ok
22:46:25.0500 1660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:46:25.0515 1660 Ftdisk - ok
22:46:25.0546 1660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:46:25.0562 1660 GEARAspiWDM - ok
22:46:25.0593 1660 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
22:46:25.0656 1660 giveio - ok
22:46:25.0734 1660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:46:25.0750 1660 Gpc - ok
22:46:25.0781 1660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:46:25.0796 1660 HidUsb - ok
22:46:25.0812 1660 hpn - ok
22:46:25.0859 1660 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:46:25.0890 1660 HPZid412 - ok
22:46:25.0921 1660 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:46:25.0937 1660 HPZipr12 - ok
22:46:25.0968 1660 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:46:25.0984 1660 HPZius12 - ok
22:46:26.0031 1660 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:46:26.0046 1660 HSFHWBS2 - ok
22:46:26.0093 1660 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:46:26.0187 1660 HSF_DP - ok
22:46:26.0234 1660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:46:26.0250 1660 HTTP - ok
22:46:26.0265 1660 i2omgmt - ok
22:46:26.0281 1660 i2omp - ok
22:46:26.0296 1660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:46:26.0312 1660 i8042prt - ok
22:46:26.0375 1660 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:46:26.0421 1660 ialm - ok
22:46:26.0562 1660 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20111228.001\IDSxpx86.sys
22:46:26.0562 1660 IDSxpx86 - ok
22:46:26.0656 1660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:46:26.0671 1660 Imapi - ok
22:46:26.0703 1660 ini910u - ok
22:46:26.0718 1660 IntelIde - ok
22:46:26.0750 1660 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:46:26.0765 1660 intelppm - ok
22:46:26.0796 1660 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:46:26.0812 1660 ip6fw - ok
22:46:26.0843 1660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:46:26.0859 1660 IpFilterDriver - ok
22:46:26.0906 1660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:46:26.0906 1660 IpInIp - ok
22:46:26.0937 1660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:46:26.0953 1660 IpNat - ok
22:46:26.0968 1660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:46:27.0015 1660 IPSec - ok
22:46:27.0046 1660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:46:27.0062 1660 IRENUM - ok
22:46:27.0093 1660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:46:27.0171 1660 isapnp - ok
22:46:27.0203 1660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:46:27.0218 1660 Kbdclass - ok
22:46:27.0234 1660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:46:27.0250 1660 kbdhid - ok
22:46:27.0265 1660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:46:27.0281 1660 kmixer - ok
22:46:27.0328 1660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:46:27.0343 1660 KSecDD - ok
22:46:27.0359 1660 lbrtfdc - ok
22:46:27.0437 1660 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:46:27.0468 1660 MBAMProtector - ok
22:46:27.0593 1660 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
22:46:27.0609 1660 MDC8021X - ok
22:46:27.0640 1660 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:46:27.0640 1660 mdmxsdk - ok
22:46:27.0671 1660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:46:27.0687 1660 mnmdd - ok
22:46:27.0703 1660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:46:27.0703 1660 Modem - ok
22:46:27.0734 1660 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:46:27.0750 1660 MODEMCSA - ok
22:46:27.0765 1660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:46:27.0781 1660 Mouclass - ok
22:46:27.0828 1660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:46:27.0843 1660 mouhid - ok
22:46:27.0859 1660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:46:27.0875 1660 MountMgr - ok
22:46:27.0890 1660 mraid35x - ok
22:46:27.0906 1660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:46:27.0906 1660 MRxDAV - ok
22:46:27.0937 1660 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:46:27.0953 1660 MRxSmb - ok
22:46:27.0984 1660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:46:28.0000 1660 Msfs - ok
22:46:28.0015 1660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:46:28.0031 1660 MSKSSRV - ok
22:46:28.0046 1660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:46:28.0078 1660 MSPCLOCK - ok
22:46:28.0109 1660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:46:28.0125 1660 MSPQM - ok
22:46:28.0140 1660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:46:28.0140 1660 mssmbios - ok
22:46:28.0187 1660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:46:28.0203 1660 MSTEE - ok
22:46:28.0265 1660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:46:28.0281 1660 Mup - ok
22:46:28.0328 1660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:46:28.0343 1660 NABTSFEC - ok
22:46:28.0515 1660 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120103.007\NAVENG.SYS
22:46:28.0515 1660 NAVENG - ok
22:46:28.0593 1660 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120103.007\NAVEX15.SYS
22:46:28.0609 1660 NAVEX15 - ok
22:46:28.0687 1660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:46:28.0765 1660 NDIS - ok
22:46:28.0796 1660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:46:28.0828 1660 NdisIP - ok
22:46:28.0875 1660 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:46:28.0890 1660 NdisTapi - ok
22:46:28.0937 1660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:46:28.0937 1660 Ndisuio - ok
22:46:28.0953 1660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:46:29.0015 1660 NdisWan - ok
22:46:29.0062 1660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:46:29.0078 1660 NDProxy - ok
22:46:29.0093 1660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:46:29.0109 1660 NetBIOS - ok
22:46:29.0187 1660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:46:29.0203 1660 NetBT - ok
22:46:29.0265 1660 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
22:46:29.0281 1660 nmwcd - ok
22:46:29.0296 1660 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:46:29.0312 1660 nmwcdc - ok
22:46:29.0328 1660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:46:29.0343 1660 Npfs - ok
22:46:29.0406 1660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:46:29.0421 1660 Ntfs - ok
22:46:29.0484 1660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:46:29.0484 1660 Null - ok
22:46:29.0578 1660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:46:29.0593 1660 NwlnkFlt - ok
22:46:29.0625 1660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:46:29.0640 1660 NwlnkFwd - ok
22:46:29.0750 1660 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
22:46:29.0750 1660 OMCI - ok
22:46:29.0812 1660 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
22:46:29.0843 1660 ossrv - ok
22:46:29.0921 1660 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
22:46:29.0953 1660 P17 - ok
22:46:29.0968 1660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:46:30.0000 1660 Parport - ok
22:46:30.0015 1660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:46:30.0031 1660 PartMgr - ok
22:46:30.0062 1660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:46:30.0078 1660 ParVdm - ok
22:46:30.0125 1660 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:46:30.0125 1660 pccsmcfd - ok
22:46:30.0140 1660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:46:30.0156 1660 PCI - ok
22:46:30.0171 1660 PCIDump - ok
22:46:30.0187 1660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:46:30.0203 1660 PCIIde - ok
22:46:30.0234 1660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:46:30.0250 1660 Pcmcia - ok
22:46:30.0250 1660 PDCOMP - ok
22:46:30.0265 1660 PDFRAME - ok
22:46:30.0281 1660 PDRELI - ok
22:46:30.0296 1660 PDRFRAME - ok
22:46:30.0312 1660 perc2 - ok
22:46:30.0328 1660 perc2hib - ok
22:46:30.0375 1660 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
22:46:30.0390 1660 PfModNT - ok
22:46:30.0437 1660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:46:30.0484 1660 PptpMiniport - ok
22:46:30.0531 1660 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:46:30.0546 1660 Processor - ok
22:46:30.0562 1660 PROCEXP151 - ok
22:46:30.0578 1660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:46:30.0593 1660 PSched - ok
22:46:30.0625 1660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:46:30.0640 1660 Ptilink - ok
22:46:30.0687 1660 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:46:30.0718 1660 PxHelp20 - ok
22:46:30.0765 1660 ql1080 - ok
22:46:30.0781 1660 Ql10wnt - ok
22:46:30.0796 1660 ql12160 - ok
22:46:30.0812 1660 ql1240 - ok
22:46:30.0828 1660 ql1280 - ok
22:46:30.0859 1660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:46:30.0875 1660 RasAcd - ok
22:46:30.0890 1660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:46:30.0906 1660 Rasl2tp - ok
22:46:30.0953 1660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:46:30.0984 1660 RasPppoe - ok
22:46:31.0000 1660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:46:31.0031 1660 Raspti - ok
22:46:31.0046 1660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:46:31.0046 1660 Rdbss - ok
22:46:31.0062 1660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:46:31.0078 1660 RDPCDD - ok
22:46:31.0125 1660 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:46:31.0140 1660 RDPWD - ok
22:46:31.0187 1660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:46:31.0250 1660 redbook - ok
22:46:31.0359 1660 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:46:31.0390 1660 SASDIFSV - ok
22:46:31.0390 1660 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:46:31.0406 1660 SASKUTIL - ok
22:46:31.0453 1660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:46:31.0468 1660 Secdrv - ok
22:46:31.0500 1660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:46:31.0531 1660 serenum - ok
22:46:31.0562 1660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:46:31.0578 1660 Serial - ok
22:46:31.0609 1660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:46:31.0625 1660 Sfloppy - ok
22:46:31.0640 1660 Simbad - ok
22:46:31.0671 1660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:46:31.0687 1660 SLIP - ok
22:46:31.0765 1660 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
22:46:31.0796 1660 smwdm - ok
22:46:31.0796 1660 Sparrow - ok
22:46:31.0843 1660 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys
22:46:31.0859 1660 speedfan - ok
22:46:31.0906 1660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:46:31.0937 1660 splitter - ok
22:46:32.0000 1660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:46:32.0015 1660 sr - ok
22:46:32.0125 1660 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NAV\1109000.00C\SRTSP.SYS
22:46:32.0140 1660 SRTSP - ok
22:46:32.0156 1660 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NAV\1109000.00C\SRTSPX.SYS
22:46:32.0187 1660 SRTSPX - ok
22:46:32.0250 1660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:46:32.0281 1660 Srv - ok
22:46:32.0328 1660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:46:32.0328 1660 streamip - ok
22:46:32.0375 1660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:46:32.0390 1660 swenum - ok
22:46:32.0421 1660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:46:32.0437 1660 swmidi - ok
22:46:32.0468 1660 symc810 - ok
22:46:32.0484 1660 symc8xx - ok
22:46:32.0515 1660 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NAV\1109000.00C\SYMDS.SYS
22:46:32.0562 1660 SymDS - ok
22:46:32.0593 1660 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\WINDOWS\system32\drivers\NAV\1109000.00C\SYMEFA.SYS
22:46:32.0625 1660 SymEFA - ok
22:46:32.0656 1660 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:46:32.0687 1660 SymEvent - ok
22:46:32.0718 1660 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NAV\1109000.00C\Ironx86.SYS
22:46:32.0750 1660 SymIRON - ok
22:46:32.0781 1660 SYMTDI (be6de8fbf2df9f13a90b8b6e943871b7) C:\WINDOWS\System32\Drivers\NAV\1109000.00C\SYMTDI.SYS
22:46:32.0812 1660 SYMTDI - ok
22:46:32.0828 1660 sym_hi - ok
22:46:32.0843 1660 sym_u3 - ok
22:46:32.0875 1660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:46:32.0875 1660 sysaudio - ok
22:46:32.0953 1660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:46:32.0984 1660 Tcpip - ok
22:46:33.0031 1660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:46:33.0046 1660 TDPIPE - ok
22:46:33.0062 1660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:46:33.0093 1660 TDTCP - ok
22:46:33.0125 1660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:46:33.0125 1660 TermDD - ok
22:46:33.0171 1660 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
22:46:33.0187 1660 TIEHDUSB - ok
22:46:33.0265 1660 TosIde - ok
22:46:33.0421 1660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:46:33.0437 1660 Udfs - ok
22:46:33.0453 1660 ultra - ok
22:46:33.0515 1660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:46:33.0531 1660 Update - ok
22:46:33.0578 1660 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:46:33.0593 1660 upperdev - ok
22:46:33.0640 1660 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:46:33.0656 1660 USBAAPL - ok
22:46:33.0687 1660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:46:33.0718 1660 usbccgp - ok
22:46:33.0734 1660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:46:33.0750 1660 usbehci - ok
22:46:33.0765 1660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:46:33.0828 1660 usbhub - ok
22:46:33.0843 1660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:46:33.0875 1660 usbprint - ok
22:46:33.0890 1660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:46:33.0890 1660 usbscan - ok
22:46:33.0921 1660 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
22:46:33.0953 1660 usbser - ok
22:46:33.0968 1660 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:46:34.0000 1660 UsbserFilt - ok
22:46:34.0046 1660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:46:34.0046 1660 USBSTOR - ok
22:46:34.0078 1660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:46:34.0093 1660 usbuhci - ok
22:46:34.0109 1660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:46:34.0125 1660 VgaSave - ok
22:46:34.0125 1660 ViaIde - ok
22:46:34.0156 1660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:46:34.0187 1660 VolSnap - ok
22:46:34.0234 1660 vvftav211 (af0850cfd99e9e5e142537cd601bcb72) C:\WINDOWS\system32\drivers\vvftav211.sys
22:46:34.0281 1660 vvftav211 - ok
22:46:34.0328 1660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:46:34.0359 1660 Wanarp - ok
22:46:34.0406 1660 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:46:34.0437 1660 Wdf01000 - ok
22:46:34.0453 1660 WDICA - ok
22:46:34.0484 1660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:46:34.0515 1660 wdmaud - ok
22:46:34.0578 1660 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:46:34.0625 1660 winachsf - ok
22:46:34.0718 1660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:46:34.0750 1660 WSTCODEC - ok
22:46:34.0781 1660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:46:34.0796 1660 WudfPf - ok
22:46:34.0812 1660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:46:34.0843 1660 WudfRd - ok
22:46:34.0859 1660 XDva342 - ok
22:46:34.0937 1660 ZSMC30x (17ee5fa37c15edae826a7cfae227bc0b) C:\WINDOWS\system32\Drivers\ZS211.sys
22:46:35.0000 1660 ZSMC30x - ok
22:46:35.0015 1660 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
22:46:35.0046 1660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:46:35.0046 1660 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:46:35.0062 1660 Boot (0x1200) (38095d9c577d64c4500bc3ed469aeed2) \Device\Harddisk0\DR0\Partition0
22:46:35.0062 1660 \Device\Harddisk0\DR0\Partition0 - ok
22:46:35.0062 1660 ============================================================
22:46:35.0062 1660 Scan finished
22:46:35.0062 1660 ============================================================
22:46:35.0078 3824 Detected object count: 1
22:46:35.0078 3824 Actual detected object count: 1
22:47:01.0656 3824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:47:01.0656 3824 \Device\Harddisk0\DR0 - ok
22:47:01.0671 3824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 03 January 2012 - 11:56 PM

How is computer doing?

Post new aswMBR log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 mgm3494

mgm3494
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 04 January 2012 - 09:37 AM

My computer seems to be running well. I'll monitor it for the next few days just to make sure, but thank you so much for your help!

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-03 22:59:08
-----------------------------
22:59:08.890 OS Version: Windows 5.1.2600 Service Pack 3
22:59:08.890 Number of processors: 2 586 0x304
22:59:08.890 ComputerName: RON-1M06XRCF2RB UserName: Owner
22:59:09.812 Initialize success
22:59:21.515 AVAST engine defs: 12010301
22:59:24.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
22:59:24.453 Disk 0 Vendor: WDC_WD3200JD-00KLB0 08.05J08 Size: 305245MB BusType: 3
22:59:24.468 Disk 0 MBR read successfully
22:59:24.468 Disk 0 MBR scan
22:59:24.515 Disk 0 Windows XP default MBR code
22:59:24.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
22:59:24.531 Disk 0 scanning sectors +625121280
22:59:24.593 Disk 0 scanning C:\WINDOWS\system32\drivers
22:59:45.312 Service scanning
22:59:47.234 Modules scanning
22:59:54.562 Disk 0 trace - called modules:
22:59:54.593 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:59:54.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c1ab8]
22:59:54.953 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a6c3d98]
22:59:55.531 AVAST engine scan C:\WINDOWS
23:00:13.125 AVAST engine scan C:\WINDOWS\system32
23:03:30.546 AVAST engine scan C:\WINDOWS\system32\drivers
23:03:55.640 AVAST engine scan C:\Documents and Settings\Owner
23:51:18.421 File: C:\Documents and Settings\Owner\Desktop\Ron\Local Settings\Temp\twcUpdatePromo.exe **INFECTED** Win32:Malware-gen
00:07:39.703 File: C:\Documents and Settings\Owner\Local Settings\Temp\A566.tmp **INFECTED** Win32:Malware-gen
00:23:43.359 AVAST engine scan C:\Documents and Settings\All Users
00:51:21.890 Scan finished successfully
08:35:04.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
08:35:04.281 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR2.txt"

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 04 January 2012 - 11:37 AM

Good news :)

Run couple more steps for me...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 mgm3494

mgm3494
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 04 January 2012 - 07:30 PM

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sfm6nvbz.default\extensions\{285bf5cb-1593-498a-ab8f-d934808ae4e9}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sfm6nvbz.default\extensions\{285bf5cb-1593-498a-ab8f-d934808ae4e9}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Owner\Desktop\Ron\Application Data\Sun\Java\Deployment\cache\6.0\52\3e8a55f4-112b6358 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\beocakjogccniifbclppajnojoakdifk\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

Edited by mgm3494, 04 January 2012 - 07:33 PM.


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 04 January 2012 - 08:20 PM

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/04/27/download-the-latest-adobe-flash-for-firefox-and-ie-without-any-extras/

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

===========================================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 mgm3494

mgm3494
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 04 January 2012 - 08:58 PM

Thank you for being so helpful!

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 AM

Posted 04 January 2012 - 10:00 PM

You're very welcome Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users