Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVChost.exe 400k 100% windows XP sp3


  • Please log in to reply
12 replies to this topic

#1 hitman619

hitman619

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 09 January 2012 - 03:59 PM

Running windows xp sp3 IE8 and firefox
here are the symptoms
SVChost.exe is running at 400k

I tried system restore the other day and that gave me an error.

My automatic windows update also quick working.
i keep getting an error "we're sorry the Security Center could not change your settings. Try changing
it yourself in control Panel"
When i try the control panel i get the same thing

I started getting this error message "the other day when i turn on the computer
oprating system or hard disk partitions have been altered and do match current hard drive"

Tried MBAM and it came back with nothing???

Thank you in advance for you time! :)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:14 AM

Posted 09 January 2012 - 04:57 PM

Hello and welcome.. Lets do these now.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hitman619

hitman619
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 09 January 2012 - 07:02 PM

performing those now!

#4 hitman619

hitman619
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 09 January 2012 - 07:22 PM

MiniToolBox by Farbar
Ran by Kim (administrator) on 09-01-2012 at 16:04:18
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "127.0.0.1,*.local"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14942 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection 2 (Connected)
VIA PCI 10/100Mb Fast Ethernet Adapter = Local Area Connection 3 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : HotMomma

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : sd.cox.net



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : sd.cox.net

Description . . . . . . . . . . . : VIA PCI 10/100Mb Fast Ethernet Adapter #2

Physical Address. . . . . . . . . : 00-14-2A-48-23-8E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

Lease Obtained. . . . . . . . . . : Monday, January 09, 2012 3:13:46 PM

Lease Expires . . . . . . . . . . : Tuesday, January 10, 2012 3:13:46 PM

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 74.125.227.114, 74.125.227.115, 74.125.227.116, 74.125.227.112
74.125.227.113



Pinging google.com [74.125.227.146] with 32 bytes of data:



Reply from 74.125.227.146: bytes=32 time=58ms TTL=53

Reply from 74.125.227.146: bytes=32 time=58ms TTL=53



Ping statistics for 74.125.227.146:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 58ms, Maximum = 58ms, Average = 58ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=26ms TTL=54

Reply from 98.137.149.56: bytes=32 time=21ms TTL=54



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 26ms, Average = 23ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 2a 48 23 8e ...... VIA PCI 10/100Mb Fast Ethernet Adapter #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.104 192.168.1.104 20
192.168.1.0 255.255.255.0 192.168.1.104 192.168.1.104 20
192.168.1.104 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.104 192.168.1.104 20
224.0.0.0 240.0.0.0 192.168.1.104 192.168.1.104 20
255.255.255.255 255.255.255.255 192.168.1.104 192.168.1.104 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/08/2012 11:54:54 AM) (Source: PerfNet) (User: )
Description: Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (01/08/2012 11:54:54 AM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (01/07/2012 09:54:23 AM) (Source: Microsoft Security Client) (User: )
Description: Microsoft Security ClientFEP clean-up policy0x80040154

Error: (01/06/2012 05:37:27 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/06/2012 05:37:05 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/06/2012 05:36:36 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/06/2012 05:36:34 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/06/2012 05:36:32 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (01/06/2012 05:36:19 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/06/2012 05:22:09 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL


System errors:
=============
Error: (01/09/2012 03:14:03 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/09/2012 03:14:03 PM) (Source: Service Control Manager) (User: )
Description: The Take-it DV Series service failed to start due to the following error:
%%1058

Error: (01/09/2012 02:10:00 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/09/2012 02:10:00 PM) (Source: Service Control Manager) (User: )
Description: The Take-it DV Series service failed to start due to the following error:
%%1058

Error: (01/09/2012 00:12:49 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/09/2012 10:04:25 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/09/2012 10:04:25 AM) (Source: Service Control Manager) (User: )
Description: The Take-it DV Series service failed to start due to the following error:
%%1058

Error: (01/09/2012 09:43:56 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/09/2012 09:43:56 AM) (Source: Service Control Manager) (User: )
Description: The Take-it DV Series service failed to start due to the following error:
%%1058

Error: (01/09/2012 09:41:44 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (07/22/2008 06:50:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
32bit Fax
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Amazon MP3 Downloader 1.0.10
AnyTime Deluxe 8.0 SE (Version: 8.0 SE)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AQUAZONE DESKTOP GARDEN
AudibleManager (Version: 2089884134.2089884196.2090320000.2089884154)
Beatnik Player
BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.37)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite (Version: 1.00)
Brother MFL-Pro Suite (Version: 1.00.000)
Browser Mouse
Capsule (Version: 1.0.000)
CDDRV_Installer (Version: 4.60)
Concord Telephony Translation
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.1)
Creative Centrale
Creative Centrale (Version: 1.02.04)
Creative Removable Disk Manager
Creative Software Update (Version: 1.00.14)
Creative ZEN Mozaic User's Guide
CTIAPI32 (remove only)
CtiLogC (remove only)
CueClub
Digital Lifeline (Version: 4.03.01.1)
Discover PC and Windows Basics
DM ²
DriverAgent by eSupport.com
Easy Language 61 (Version: 1.00.0000)
Encyclopaedia Britannica 2005 Ready Reference CD (Version: 2005.0.0.0)
EZ Plug-N-Go (Version: 2.1)
EZPhoto Browser (Version: 2.1)
EZPhoto Panorama (Version: 2.1)
EZPhoto Tools (Version: 2.1)
EZShowtime MMS (Version: 1.1)
EZSuite For BestOn (Version: 1.0)
EZVideo Mail (Version: 2.1)
FastTouch Typing Teacher
Garmin USB Drivers (Version: 1.0.0.0)
Garmin WebUpdater (Version: 2.4.2)
Google Talk Plugin (Version: 2.5.8.4958)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.79)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
HTC Driver Installer (Version: 2.0.7.015)
HTC Sync (Version: 2.0.25)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
ImgBurn (Version: 2.5.6.0)
InterVideo WinDVD (Version: 5.0-B11.141)
InterVideo WinDVR 3
IrfanView (remove only)
iTunes (Version: 10.3.1.55)
Java 2 Runtime Environment Standard Edition v1.3.1_06
Java 2 Runtime Environment, SE v1.4.2 (Version: 1.4.2)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 26 (Version: 6.0.260)
JS World 2nd Grade
JSWPFCom (Version: 1.04.1000)
JSWPFGrade2 (Version: 1.07.0000)
KhalInstallWrapper (Version: 4.60.122)
Kool Kart Racers
Last.fm 1.5.4.24567
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger (Version: 2.52.18)
Logitech Registration (Version: 0.70.206)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
McAfee® Desktop Security
MegaStat Excel 2007
Merriam-Webster 3.0
Metamail
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Excel Viewer 97
Microsoft IntelliType Pro 6.2 (Version: 6.20.182.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Web Publishing Wizard 1.52
MotoHelper MergeModules (Version: 1.0.0)
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSN Toolbar (Version: 3.0.1203.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NOOK Study (Version: 2.0.2.18590)
On-line Help Console (Version: 1.00.000)
PaperPort Image Printer (Version: 1.00.0000)
Peachtree First Accounting 2005 (Version: 12.00.01)
PeerGuardian 2.0 (Version: 2.0.6.4)
PERRLA
Personal RecordKeeper
Phoenix Core Managed Environment (cME) (Version: 1.0.2.7)
Phoenix FirstWare Recover Pro 2004
PhotoShow Deluxe 3 (Version: 3.0)
Photovista Panorama SE 3.02 (Version: 3.0.2.1672)
PlayTV MPEG2
PowerISO (Version: 4.6)
Professional Resumes Quick & Easy
Quicken 2005 (Version: 14.00.0000)
Quicken Legal Business Pro 2005
Quicken WillMaker Plus 2005
QuickTime (Version: 7.69.80.9)
Radio@Netscape Plus
RealPlayer Basic
Realtek AC'97 Audio
Rhapsody Player Engine (Version: 1.0.604)
RingCentral Fax
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Sapi (Version: 1.0.0.0)
ScanSoft PaperPort 11 (Version: 11.1.0000)
SendPhotos Gold (Version: 3.0.2.1)
Smart Attorney 8.0
Smart Business & Marketing Plan 8.0
Smart Contact Manager Pro
Smart Link 56K Voice Modem
Spongebob Pizza toss
Spybot - Search & Destroy (Version: 1.6.2)
Stamps.com
StuffIt Standard
SUPERAntiSpyware (Version: 5.0.1142)
Take-it MV320
The Print Shop 20 (Version: 20.00.0000)
TurboProject v.4 (Version: 4.0.0.0000)
Ulead Photo Explorer 8.0 SE Basic (Version: 8.0)
Ulead PhotoImpact 10 SE (Version: 10.0)
Ulead VideoStudio 7 SE Basic (Version: 7.0)
UniChrome IGP Driver and Utilities
Unity Web Player (Version: 2.1.0f5_16147)
Veetle TV 0.9.18 (Version: 0.9.18)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Visual FoxPro ODBC Driver (Version: 1.0.0)
VLC media player 1.0.5 (Version: 1.0.5)
Vorton Financial Power Tools
WD Anywhere Backup (Version: 3.50.3846)
WebFldrs XP (Version: 9.50.5318)
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows 7 USB/DVD Download Tool (Version: 1.0.24.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Woman's Day
WordPerfect Office 11 (Version: 11.2)
WriteExpress 3,001 Business & Sales Letters (Version: 6.0)

========================= Devices: ================================

Name: Smart Link 56K Voice Modem
Description: Smart Link 56K Voice Modem
Class Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Smart Link (www.smlink.com)
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 73%
Total physical RAM: 959.29 MB
Available physical RAM: 249.46 MB
Total Pagefile: 1545.51 MB
Available Pagefile: 777.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:203.27 GB) (Free:81.52 GB) FAT32

========================= Users: ========================================

User accounts for \\HOTMOMMA

Administrator Arthur ASPNET
Cory Guest HelpAssistant
Kim Mikayla SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini092404-01.dmp
C:\WINDOWS\Minidump\Mini062105-01.dmp
C:\WINDOWS\Minidump\Mini062105-02.dmp
C:\WINDOWS\Minidump\Mini062105-03.dmp
C:\WINDOWS\Minidump\Mini062105-04.dmp
C:\WINDOWS\Minidump\Mini062105-05.dmp
C:\WINDOWS\Minidump\Mini010610-01.dmp
C:\WINDOWS\Minidump\Mini121810-01.dmp
C:\WINDOWS\Minidump\Mini121910-01.dmp
C:\WINDOWS\Minidump\Mini121910-02.dmp

**** End of log ****

#5 hitman619

hitman619
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 09 January 2012 - 07:44 PM

Here's the 2nd thing you ask me to do!

16:30:20.0390 2312 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:30:21.0062 2312 ============================================================
16:30:21.0062 2312 Current date / time: 2012/01/09 16:30:21.0062
16:30:21.0062 2312 SystemInfo:
16:30:21.0062 2312
16:30:21.0062 2312 OS Version: 5.1.2600 ServicePack: 3.0
16:30:21.0062 2312 Product type: Workstation
16:30:21.0062 2312 ComputerName: HOTMOMMA
16:30:21.0062 2312 UserName: Kim
16:30:21.0062 2312 Windows directory: C:\WINDOWS
16:30:21.0062 2312 System windows directory: C:\WINDOWS
16:30:21.0062 2312 Processor architecture: Intel x86
16:30:21.0062 2312 Number of processors: 2
16:30:21.0062 2312 Page size: 0x1000
16:30:21.0062 2312 Boot type: Normal boot
16:30:21.0062 2312 ============================================================
16:30:21.0515 2312 Initialize success
16:30:25.0593 3824 ============================================================
16:30:25.0593 3824 Scan started
16:30:25.0593 3824 Mode: Manual;
16:30:25.0593 3824 ============================================================
16:30:26.0000 3824 Abiosdsk - ok
16:30:26.0156 3824 abp480n5 - ok
16:30:26.0265 3824 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:30:26.0281 3824 ACPI - ok
16:30:26.0343 3824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:30:26.0343 3824 ACPIEC - ok
16:30:26.0500 3824 adpu160m - ok
16:30:26.0593 3824 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:30:26.0593 3824 aec - ok
16:30:26.0703 3824 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
16:30:26.0703 3824 AFD - ok
16:30:26.0859 3824 Aha154x - ok
16:30:27.0015 3824 aic78u2 - ok
16:30:27.0171 3824 aic78xx - ok
16:30:27.0328 3824 ALCXWDM (3cb2e2c258bfff962f90e26c0649c638) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:30:27.0406 3824 ALCXWDM - ok
16:30:27.0578 3824 AliIde - ok
16:30:27.0734 3824 amsint - ok
16:30:27.0906 3824 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:30:27.0906 3824 Arp1394 - ok
16:30:28.0062 3824 asc - ok
16:30:28.0218 3824 asc3350p - ok
16:30:28.0375 3824 asc3550 - ok
16:30:28.0484 3824 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
16:30:28.0484 3824 ASCTRM - ok
16:30:28.0640 3824 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:30:28.0671 3824 AsyncMac - ok
16:30:28.0828 3824 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:30:28.0828 3824 atapi - ok
16:30:28.0984 3824 Atdisk - ok
16:30:29.0125 3824 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:30:29.0125 3824 Atmarpc - ok
16:30:29.0171 3824 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:30:29.0171 3824 audstub - ok
16:30:29.0343 3824 bbtcbplb - ok
16:30:29.0375 3824 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:30:29.0375 3824 Beep - ok
16:30:29.0515 3824 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
16:30:29.0531 3824 BrScnUsb - ok
16:30:29.0640 3824 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
16:30:29.0640 3824 BrSerIf - ok
16:30:29.0750 3824 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
16:30:29.0750 3824 BrUsbSer - ok
16:30:29.0890 3824 Ca536av (48fed7d4ef20020bc6020200256cb8b3) C:\WINDOWS\system32\Drivers\Ca536av.sys
16:30:29.0906 3824 Ca536av - ok
16:30:29.0953 3824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:30:29.0953 3824 cbidf2k - ok
16:30:30.0140 3824 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:30:30.0140 3824 CCDECODE - ok
16:30:30.0281 3824 cd20xrnt - ok
16:30:30.0328 3824 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:30:30.0328 3824 Cdaudio - ok
16:30:30.0406 3824 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:30:30.0406 3824 Cdfs - ok
16:30:30.0546 3824 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:30:30.0562 3824 Cdrom - ok
16:30:30.0703 3824 Changer - ok
16:30:30.0875 3824 CmdIde - ok
16:30:31.0031 3824 Cpqarray - ok
16:30:31.0187 3824 CXTuner (e3f1de43bf7af0d1c2d81f433648ecdc) C:\WINDOWS\system32\drivers\CXTuner.sys
16:30:31.0187 3824 CXTuner - ok
16:30:31.0328 3824 CXVideo (c673fb0d43cb00e7445c289e18bf4ec3) C:\WINDOWS\system32\drivers\CXVCap.sys
16:30:31.0328 3824 CXVideo - ok
16:30:31.0453 3824 CXXBar (21f22ece54ace15d1217df9eed22584d) C:\WINDOWS\system32\drivers\CXXBar.sys
16:30:31.0453 3824 CXXBar - ok
16:30:31.0609 3824 dac2w2k - ok
16:30:31.0765 3824 dac960nt - ok
16:30:31.0921 3824 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:30:31.0921 3824 Disk - ok
16:30:32.0031 3824 DJUSB (c8247dce26e233a33cd6fc5d8f829880) C:\WINDOWS\system32\Drivers\DM2.sys
16:30:32.0046 3824 DJUSB - ok
16:30:32.0218 3824 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:30:32.0234 3824 dmboot - ok
16:30:32.0390 3824 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:30:32.0390 3824 dmio - ok
16:30:32.0437 3824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:30:32.0437 3824 dmload - ok
16:30:32.0578 3824 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:30:32.0578 3824 DMusic - ok
16:30:32.0734 3824 dpti2o - ok
16:30:32.0859 3824 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:30:32.0859 3824 drmkaud - ok
16:30:32.0953 3824 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
16:30:32.0968 3824 DrvAgent32 - ok
16:30:33.0109 3824 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:30:33.0109 3824 Fastfat - ok
16:30:33.0250 3824 FBAPI (7f1cfddda3e6d0907ae8f447812169f7) C:\WINDOWS\System32\drivers\FBAPI.sys
16:30:33.0250 3824 FBAPI - ok
16:30:33.0296 3824 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:30:33.0296 3824 Fdc - ok
16:30:33.0359 3824 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
16:30:33.0375 3824 FETND5BV - ok
16:30:33.0437 3824 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
16:30:33.0437 3824 FETNDIS - ok
16:30:33.0531 3824 FETNDISB (2900c0b6e723b48a8952e4d64abf95ad) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
16:30:33.0531 3824 FETNDISB - ok
16:30:33.0671 3824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:30:33.0671 3824 Fips - ok
16:30:33.0796 3824 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:30:33.0796 3824 Flpydisk - ok
16:30:33.0968 3824 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:30:33.0968 3824 FltMgr - ok
16:30:34.0000 3824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:30:34.0000 3824 Fs_Rec - ok
16:30:34.0046 3824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:30:34.0046 3824 Ftdisk - ok
16:30:34.0109 3824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:30:34.0109 3824 GEARAspiWDM - ok
16:30:34.0250 3824 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:30:34.0250 3824 Gpc - ok
16:30:34.0312 3824 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
16:30:34.0328 3824 grmnusb - ok
16:30:34.0421 3824 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:30:34.0421 3824 hidusb - ok
16:30:34.0578 3824 hpn - ok
16:30:34.0734 3824 hpt3xx - ok
16:30:34.0890 3824 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:30:34.0906 3824 HTTP - ok
16:30:35.0062 3824 i2omgmt - ok
16:30:35.0218 3824 i2omp - ok
16:30:35.0359 3824 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:30:35.0359 3824 i8042prt - ok
16:30:35.0500 3824 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:30:35.0500 3824 Imapi - ok
16:30:35.0656 3824 ini910u - ok
16:30:35.0812 3824 IntelIde - ok
16:30:35.0968 3824 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:30:35.0968 3824 intelppm - ok
16:30:36.0109 3824 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:30:36.0109 3824 ip6fw - ok
16:30:36.0171 3824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:30:36.0171 3824 IpFilterDriver - ok
16:30:36.0250 3824 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:30:36.0250 3824 IpInIp - ok
16:30:36.0406 3824 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:30:36.0406 3824 IpNat - ok
16:30:36.0531 3824 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:30:36.0531 3824 IPSec - ok
16:30:36.0578 3824 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:30:36.0578 3824 IRENUM - ok
16:30:36.0656 3824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:30:36.0656 3824 isapnp - ok
16:30:36.0734 3824 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:30:36.0734 3824 Kbdclass - ok
16:30:36.0796 3824 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:30:36.0796 3824 kbdhid - ok
16:30:36.0921 3824 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:30:36.0921 3824 kmixer - ok
16:30:37.0078 3824 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:30:37.0078 3824 KSecDD - ok
16:30:37.0171 3824 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
16:30:37.0171 3824 L8042mou - ok
16:30:37.0328 3824 lbrtfdc - ok
16:30:37.0421 3824 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
16:30:37.0421 3824 LHidFilt - ok
16:30:37.0500 3824 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
16:30:37.0500 3824 LMouFilt - ok
16:30:37.0593 3824 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
16:30:37.0609 3824 LMouKE - ok
16:30:38.0546 3824 Machnm32 (fd65bef5ff8275711d9a56f0b8bb43f1) C:\WINDOWS\System32\Machnm32.sys
16:30:38.0546 3824 Machnm32 - ok
16:30:38.0640 3824 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
16:30:38.0640 3824 MBAMProtector - ok
16:30:38.0812 3824 MCSTRM - ok
16:30:38.0875 3824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:30:38.0875 3824 mnmdd - ok
16:30:38.0953 3824 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:30:38.0953 3824 Modem - ok
16:30:39.0015 3824 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:30:39.0015 3824 MODEMCSA - ok
16:30:39.0140 3824 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:30:39.0140 3824 Mouclass - ok
16:30:39.0250 3824 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:30:39.0250 3824 mouhid - ok
16:30:39.0375 3824 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:30:39.0375 3824 MountMgr - ok
16:30:39.0484 3824 MpKsl15789cc5 - ok
16:30:39.0515 3824 MpKsl1f33507b - ok
16:30:39.0531 3824 MpKsl726aade7 - ok
16:30:39.0562 3824 MpKsl8579b32b - ok
16:30:39.0578 3824 MpKsl926e63f6 - ok
16:30:39.0609 3824 MpKsl937c4680 - ok
16:30:39.0640 3824 MpKsl943229af - ok
16:30:39.0656 3824 MpKsla0a636f5 - ok
16:30:39.0687 3824 MpKsla251bcee - ok
16:30:39.0703 3824 MpKsla8e57c3b - ok
16:30:39.0734 3824 MpKslaa8a13d6 - ok
16:30:39.0750 3824 MpKslfa43b683 - ok
16:30:39.0921 3824 mraid35x - ok
16:30:40.0000 3824 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:30:40.0015 3824 MRxDAV - ok
16:30:40.0093 3824 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:30:40.0140 3824 MRxSmb - ok
16:30:40.0296 3824 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:30:40.0296 3824 Msfs - ok
16:30:40.0421 3824 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:30:40.0421 3824 MSKSSRV - ok
16:30:40.0531 3824 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:30:40.0531 3824 MSPCLOCK - ok
16:30:40.0640 3824 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:30:40.0640 3824 MSPQM - ok
16:30:40.0781 3824 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:30:40.0781 3824 mssmbios - ok
16:30:40.0906 3824 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:30:40.0906 3824 MSTEE - ok
16:30:41.0031 3824 Mtlmnt5 (1216d4313e1860da4bc449ae3ca2dec5) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
16:30:41.0031 3824 Mtlmnt5 - ok
16:30:41.0187 3824 Mtlstrm (8fdee3babbe294391fbe91dc1d03a744) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
16:30:41.0218 3824 Mtlstrm - ok
16:30:41.0343 3824 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:30:41.0343 3824 Mup - ok
16:30:41.0468 3824 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:30:41.0468 3824 NABTSFEC - ok
16:30:41.0593 3824 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:30:41.0593 3824 NDIS - ok
16:30:41.0625 3824 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:30:41.0625 3824 NdisIP - ok
16:30:41.0734 3824 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:30:41.0734 3824 NdisTapi - ok
16:30:41.0843 3824 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:30:41.0843 3824 Ndisuio - ok
16:30:41.0875 3824 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:30:41.0875 3824 NdisWan - ok
16:30:41.0984 3824 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:30:41.0984 3824 NDProxy - ok
16:30:42.0109 3824 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:30:42.0109 3824 NetBIOS - ok
16:30:42.0218 3824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:30:42.0234 3824 NetBT - ok
16:30:42.0421 3824 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:30:42.0421 3824 NIC1394 - ok
16:30:42.0484 3824 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:30:42.0484 3824 Npfs - ok
16:30:42.0609 3824 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:30:42.0625 3824 Ntfs - ok
16:30:42.0734 3824 NtMtlFax (1b073810ee2270cac9e532d1bcd826cf) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
16:30:42.0734 3824 NtMtlFax - ok
16:30:42.0781 3824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:30:42.0781 3824 Null - ok
16:30:42.0843 3824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:30:42.0859 3824 NwlnkFlt - ok
16:30:42.0890 3824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:30:42.0890 3824 NwlnkFwd - ok
16:30:43.0000 3824 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:30:43.0000 3824 ohci1394 - ok
16:30:43.0046 3824 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:30:43.0046 3824 Parport - ok
16:30:43.0156 3824 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:30:43.0156 3824 PartMgr - ok
16:30:43.0203 3824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:30:43.0218 3824 ParVdm - ok
16:30:43.0375 3824 pbbbqeeu - ok
16:30:43.0500 3824 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:30:43.0500 3824 PCI - ok
16:30:43.0656 3824 PCIDump - ok
16:30:43.0796 3824 PCIIde - ok
16:30:43.0921 3824 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:30:43.0921 3824 Pcmcia - ok
16:30:44.0078 3824 pcrmqrl - ok
16:30:44.0234 3824 PDCOMP - ok
16:30:44.0390 3824 PDFRAME - ok
16:30:44.0546 3824 PDRELI - ok
16:30:44.0687 3824 PDRFRAME - ok
16:30:44.0843 3824 perc2 - ok
16:30:45.0000 3824 perc2hib - ok
16:30:45.0125 3824 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
16:30:45.0125 3824 pfc - ok
16:30:45.0281 3824 pgfilter (79bad6756154335d5304f0fe39961f5b) C:\Program Files\PeerGuardian2\pgfilter.sys
16:30:45.0281 3824 pgfilter - ok
16:30:45.0406 3824 PhnxVcd (ed365dde1878c0804ec3b5263954a081) C:\WINDOWS\system32\Drivers\PhnxVcd.sys
16:30:45.0406 3824 PhnxVcd - ok
16:30:45.0484 3824 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:30:45.0484 3824 PptpMiniport - ok
16:30:45.0578 3824 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:30:45.0578 3824 Processor - ok
16:30:45.0734 3824 PROCEXP151 - ok
16:30:45.0843 3824 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:30:45.0843 3824 PSched - ok
16:30:45.0890 3824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:30:45.0890 3824 Ptilink - ok
16:30:46.0000 3824 ptpd (6e172558daa6cfc0502fe5297e90dc9c) C:\WINDOWS\system32\drivers\ptpd.sys
16:30:46.0000 3824 ptpd - ok
16:30:46.0140 3824 ql1080 - ok
16:30:46.0296 3824 Ql10wnt - ok
16:30:46.0453 3824 ql12160 - ok
16:30:46.0609 3824 ql1240 - ok
16:30:46.0765 3824 ql1280 - ok
16:30:46.0796 3824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:30:46.0796 3824 RasAcd - ok
16:30:46.0890 3824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:30:46.0890 3824 Rasl2tp - ok
16:30:47.0000 3824 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:30:47.0000 3824 RasPppoe - ok
16:30:47.0015 3824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:30:47.0015 3824 Raspti - ok
16:30:47.0140 3824 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:30:47.0140 3824 Rdbss - ok
16:30:47.0187 3824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:30:47.0187 3824 RDPCDD - ok
16:30:47.0296 3824 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:30:47.0296 3824 RDPWD - ok
16:30:47.0406 3824 RecAgent (ec209831790859cb39fa732af0ce9732) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
16:30:47.0406 3824 RecAgent - ok
16:30:47.0500 3824 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:30:47.0500 3824 redbook - ok
16:30:47.0656 3824 RimUsb - ok
16:30:47.0750 3824 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:30:47.0750 3824 RimVSerPort - ok
16:30:47.0859 3824 RITCPT (f76971070b64a4e7ea3da23b772ca356) C:\WINDOWS\system32\drivers\RITCPT.sys
16:30:47.0859 3824 RITCPT - ok
16:30:47.0906 3824 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:30:47.0906 3824 ROOTMODEM - ok
16:30:48.0015 3824 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:30:48.0015 3824 SASDIFSV - ok
16:30:48.0109 3824 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:30:48.0109 3824 SASKUTIL - ok
16:30:48.0218 3824 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
16:30:48.0234 3824 SCDEmu - ok
16:30:48.0296 3824 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:30:48.0296 3824 Secdrv - ok
16:30:48.0421 3824 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:30:48.0421 3824 serenum - ok
16:30:48.0546 3824 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:30:48.0546 3824 Serial - ok
16:30:48.0640 3824 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:30:48.0656 3824 Sfloppy - ok
16:30:48.0812 3824 Simbad - ok
16:30:48.0906 3824 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:30:48.0906 3824 SLIP - ok
16:30:49.0046 3824 Slntamr (ab70bd783b119360cd039383b003b148) C:\WINDOWS\system32\DRIVERS\slntamr.sys
16:30:49.0140 3824 Slntamr - ok
16:30:49.0328 3824 SlNtHal (492452f9bd91d8eb317f32bb14ca493f) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
16:30:49.0343 3824 SlNtHal - ok
16:30:49.0500 3824 SlWdmSup (97d37e0af55256bf7307805654dfd472) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
16:30:49.0500 3824 SlWdmSup - ok
16:30:49.0656 3824 Sparrow - ok
16:30:49.0750 3824 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:30:49.0750 3824 splitter - ok
16:30:49.0828 3824 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:30:49.0828 3824 sr - ok
16:30:49.0953 3824 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
16:30:49.0968 3824 Srv - ok
16:30:50.0046 3824 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:30:50.0046 3824 StillCam - ok
16:30:50.0140 3824 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:30:50.0140 3824 streamip - ok
16:30:50.0203 3824 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:30:50.0203 3824 swenum - ok
16:30:50.0296 3824 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:30:50.0296 3824 swmidi - ok
16:30:50.0453 3824 symc810 - ok
16:30:50.0609 3824 symc8xx - ok
16:30:50.0765 3824 sym_hi - ok
16:30:50.0984 3824 sym_u3 - ok
16:30:51.0109 3824 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:30:51.0109 3824 sysaudio - ok
16:30:51.0234 3824 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:30:51.0265 3824 Tcpip - ok
16:30:51.0578 3824 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:30:51.0578 3824 TDPIPE - ok
16:30:51.0734 3824 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:30:51.0734 3824 TDTCP - ok
16:30:51.0812 3824 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:30:51.0812 3824 TermDD - ok
16:30:52.0000 3824 TosIde - ok
16:30:52.0078 3824 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:30:52.0078 3824 Udfs - ok
16:30:52.0234 3824 ultra - ok
16:30:52.0437 3824 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:30:52.0468 3824 Update - ok
16:30:52.0625 3824 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:30:52.0625 3824 USBAAPL - ok
16:30:52.0718 3824 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:30:52.0718 3824 usbaudio - ok
16:30:52.0937 3824 usbbus - ok
16:30:53.0078 3824 USBCamera (2038824260efdffa6f78d9bef767622d) C:\WINDOWS\system32\Drivers\Bulk536.sys
16:30:53.0078 3824 USBCamera - ok
16:30:53.0171 3824 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:30:53.0187 3824 usbccgp - ok
16:30:53.0390 3824 UsbDiag - ok
16:30:53.0562 3824 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:30:53.0562 3824 usbehci - ok
16:30:53.0765 3824 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:30:53.0765 3824 usbhub - ok
16:30:53.0968 3824 USBModem - ok
16:30:54.0093 3824 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:30:54.0109 3824 usbprint - ok
16:30:54.0234 3824 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:30:54.0234 3824 usbscan - ok
16:30:54.0359 3824 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:30:54.0359 3824 usbstor - ok
16:30:54.0500 3824 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:30:54.0500 3824 usbuhci - ok
16:30:54.0609 3824 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:30:54.0609 3824 VgaSave - ok
16:30:54.0718 3824 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
16:30:54.0718 3824 viaagp1 - ok
16:30:54.0875 3824 viagfx (b7555e12bb19ef334234f14abc43d686) C:\WINDOWS\system32\DRIVERS\vtmini.sys
16:30:54.0890 3824 viagfx - ok
16:30:54.0984 3824 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
16:30:54.0984 3824 ViaIde - ok
16:30:55.0156 3824 viamraid (f199939205dccc7836ae5ab8b5dd5e83) C:\WINDOWS\system32\DRIVERS\viamraid.sys
16:30:55.0156 3824 viamraid - ok
16:30:55.0296 3824 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:30:55.0296 3824 VolSnap - ok
16:30:55.0562 3824 VVBackd5 (5dad496574478534ec5f31ce58d9f10a) C:\WINDOWS\system32\drivers\VVBackd5.sys
16:30:55.0562 3824 VVBackd5 - ok
16:30:55.0687 3824 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:30:55.0687 3824 Wanarp - ok
16:30:55.0890 3824 wanatw - ok
16:30:56.0031 3824 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:30:56.0062 3824 Wdf01000 - ok
16:30:56.0328 3824 WDICA - ok
16:30:56.0468 3824 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:30:56.0468 3824 wdmaud - ok
16:30:56.0671 3824 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:30:56.0703 3824 WpdUsb - ok
16:30:56.0765 3824 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:30:56.0765 3824 WS2IFSL - ok
16:30:56.0906 3824 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:30:56.0906 3824 WSTCODEC - ok
16:30:57.0000 3824 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:30:57.0000 3824 WudfPf - ok
16:30:57.0125 3824 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:30:57.0125 3824 WudfRd - ok
16:30:57.0218 3824 MBR (0x1B8) (a3ed5efd0096273e8da5d0c0c6f2a2d7) \Device\Harddisk0\DR0
16:30:57.0234 3824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:30:57.0250 3824 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:30:57.0281 3824 Boot (0x1200) (6373837095ff0e610b62c191fa09472d) \Device\Harddisk0\DR0\Partition0
16:30:57.0281 3824 \Device\Harddisk0\DR0\Partition0 - ok
16:30:57.0296 3824 ============================================================
16:30:57.0296 3824 Scan finished
16:30:57.0296 3824 ============================================================
16:30:57.0328 2044 Detected object count: 1
16:30:57.0328 2044 Actual detected object count: 1
16:31:41.0984 2044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:31:41.0984 2044 \Device\Harddisk0\DR0 - ok
16:31:41.0984 2044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:32:28.0406 2444 Deinitialize success
16:35:35.0515 2540 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:35:37.0515 2540 ============================================================
16:35:37.0515 2540 Current date / time: 2012/01/09 16:35:37.0515
16:35:37.0515 2540 SystemInfo:
16:35:37.0515 2540
16:35:37.0515 2540 OS Version: 5.1.2600 ServicePack: 3.0
16:35:37.0515 2540 Product type: Workstation
16:35:37.0640 2540 ComputerName: HOTMOMMA
16:35:37.0656 2540 UserName: Kim
16:35:37.0671 2540 Windows directory: C:\WINDOWS
16:35:37.0671 2540 System windows directory: C:\WINDOWS
16:35:37.0671 2540 Processor architecture: Intel x86
16:35:37.0671 2540 Number of processors: 2
16:35:37.0671 2540 Page size: 0x1000
16:35:37.0671 2540 Boot type: Normal boot
16:35:37.0687 2540 ============================================================
16:35:43.0187 2540 Initialize success


Edited by hitman619, 09 January 2012 - 07:48 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:14 AM

Posted 09 January 2012 - 08:03 PM

OK, good,if you didn't reboot after the TDSS then do so after ESET.
Let me know how it is after.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 hitman619

hitman619
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 09 January 2012 - 08:46 PM

OK, good,if you didn't reboot after the TDSS then do so after ESET.
Let me know how it is after.

Thanks you so much!
Eset is about 30 percent in with 7 infected files

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:14 AM

Posted 09 January 2012 - 09:22 PM

OK, post that when ready. I should be around till about 11 pm Eastern.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 hitman619

hitman619
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 10 January 2012 - 12:48 AM

Eset clean

C:\WINDOWS\system32\cqjyuoup.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\cxbrwali.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\odalijkt.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\jldqgbqw.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\DMlnmnpo.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\WGjTCcdd.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\Temp\A9R9AB2.tmp JS/Exploit.Pdfka.PGF.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity32.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVancePlaySushi20.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\Kim\Application Data\Sun\Java\Deployment\cache\6.0\43\e5a51ab-34753232 a variant of Java/Agent.DZ trojan deleted - quarantined
C:\Documents and Settings\Kim\Application Data\Sun\Java\Deployment\cache\6.0\52\543a3f4-126d7b7f multiple threats deleted - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017702.INI Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017703.INI Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017704.INI Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017744.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017745.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017746.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017747.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017748.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{627BEF57-C8FA-4930-B766-E7A44887C531}\RP205\A0017749.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined



#10 hitman619

hitman619
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 10 January 2012 - 01:00 AM

yea
when i restarted the computer no "disk partition message" :P

Edited by hitman619, 10 January 2012 - 01:01 AM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:14 AM

Posted 10 January 2012 - 10:11 AM

Good we need to update Java and Adobe

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional




If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 hitman619

hitman619
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 10 January 2012 - 02:05 PM

Thank you!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:14 AM

Posted 10 January 2012 - 10:21 PM

:thumbup2:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users