Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Where to start with "System Check" manual removal


  • Please log in to reply
15 replies to this topic

#1 LMoseley

LMoseley

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 13 February 2012 - 06:22 PM

I am reading the manual removal steps for System Check in the tutorial on this site. I have rebooted into SAFE MODE WITH NETWORKING. I have RKILL downloaded and burned to a CDROM. I insert the CDROM.

Now what?

My desktop is blank/black. The START / ALL PROGRAMS list is empty. There is no START / RUN command.

How do I run RKILL from the CDROM? Or how do I copy it to the desktop, when I don't have Windows Explorer or any other program?

Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 PM

Posted 13 February 2012 - 08:02 PM

Hi

Press Windows+R key and type

cmd and click ok

Copy the following command and run it

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop

If your task manager is disabled,run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr


Restart the PC into safemode with networking

You should be able to see your desktop and copy files

Edited by narenxp, 13 February 2012 - 08:02 PM.


#3 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 14 February 2012 - 10:07 AM

Thanks, narenxp. I had forgotten about the WINDOWS-R trick.

Well, I guess I better start at the beginning. I thought this was going to be a quick "follow the directions" but it is not to be.

The machine involved is a Dell laptop running Windows XP Home SP3 with all updates, and running Symantec/Norton AV with automatic update. The owner, my friend George, whose wife is just now getting over a Trojan.ZeroAccess attack, received a spoofed business email (that made it through both the server's AV scan and his Symantec scan) containing an "invoice attachment" that zapped him. The fake AV that took over is clearly marked SYSTEM CHECK, so I was following the manual removal guide on this site.

Prior to starting, I booted from a WinPE CDROM and copied all of the variations of RKILL onto the desktop of the laptop. After your registry trick, I could see the files... but that was far as I got. I tried running RKILL almost 250 times... LITERALLY, 250... I can tell by the sequential numbers of the WinRAR SFE temp directory. It never ran. I tried one at a time, then going down the row of various-named executables (from .SCR to COM), then rapid-fire. With TASK MANAGER open, I could see the various apps start up, last a couple of seconds, and then die.

Nor could I run TDSSKiller, aswMBR or GMER to create logs. TYDSSKiller and aswMBR (even renamed) died instantly. GMER came the closest, but gave this error:

Posted Image

After which it started to run, but most of the scan areas are greyed out:

Posted Image

Strangely, I am able to run other programs on the computer, and even was able to install MBAM and update its defs. I let it do a full scan overnight, and it quarantined some files and reversed some registry errors. I do have the MBAM log available.

So, where I stand now is that the computer HAD the System Check trojan, some of it is probably gone, but the rootkit component is still running and resisting any efforts to run tools that will remove it…

Suggestions…

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 PM

Posted 14 February 2012 - 10:50 AM

I want you to run FULL SCAN of malwarebytes and make sure that your log comes out clean.

Run the UNHIDE FIX and let me know if you got the files.

Please create a restore point ,also back up important datas before running this tool.This is just a small precaution

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds



Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#5 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 15 February 2012 - 01:59 AM

OK, moving down the list.

MBAM ran a full scan, no threats reported.

Before all of these scans, the main System Restore window would NOT come up, but after the scans, it does.

The UNHIDE FIX restored most of the start menu (but not all) and removed the H and/or S attributes from all of the folders. The start menu is missing some items from the right side.

Posted Image

FIXTDSS ran to completion. It reported a problem with the MBR and fixed it. No log was available.

After this, TDSSkiller GMER and aswMBR all ran to completion.

After the aswMBR run, Norton Auto-Protect (which had turned itself back on) began throwing up dozens of events like these:

Posted Image

Despite auto-protect being shut off, the Norton background scan is sucking up 50% of the CPU resources doing this

Posted Image

LATER: I manually secure-deleted the two files that aswMBR reported as being infected and rebooted, and the 50% CPU usage and the constant Norton popups went away.

PROBLEMS REMAINING:

Incomplete Start Menu
Very slow loading of web pages (this page takes 65 seconds to load, vs 9 seconds on another computer on the same LAN.
Slow boot up/reboot




Logs

19:06:51.0875 2752 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
19:06:53.0875 2752 ============================================================
19:06:53.0875 2752 Current date / time: 2012/02/14 19:06:53.0875
19:06:53.0875 2752 SystemInfo:
19:06:53.0875 2752
19:06:53.0875 2752 OS Version: 5.1.2600 ServicePack: 3.0
19:06:53.0875 2752 Product type: Workstation
19:06:53.0875 2752 ComputerName: GEORGELAPTOP
19:06:53.0875 2752 UserName: George
19:06:53.0875 2752 Windows directory: C:\WINDOWS
19:06:53.0875 2752 System windows directory: C:\WINDOWS
19:06:53.0875 2752 Processor architecture: Intel x86
19:06:53.0875 2752 Number of processors: 2
19:06:53.0875 2752 Page size: 0x1000
19:06:53.0875 2752 Boot type: Normal boot
19:06:53.0875 2752 ============================================================
19:06:55.0828 2752 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:06:55.0828 2752 \Device\Harddisk0\DR0:
19:06:55.0828 2752 MBR used
19:06:55.0828 2752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x2D849DB
19:06:55.0843 2752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2DA0161, BlocksNum 0x676E360
19:06:55.0921 2752 Initialize success
19:06:55.0921 2752 ============================================================
19:07:17.0734 2796 ============================================================
19:07:17.0734 2796 Scan started
19:07:17.0734 2796 Mode: Manual; TDLFS;
19:07:17.0734 2796 ============================================================
19:07:18.0156 2796 Abiosdsk - ok
19:07:18.0171 2796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:07:18.0171 2796 abp480n5 - ok
19:07:18.0218 2796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:07:18.0218 2796 ACPI - ok
19:07:18.0234 2796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:07:18.0250 2796 ACPIEC - ok
19:07:18.0265 2796 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:07:18.0281 2796 adpu160m - ok
19:07:18.0312 2796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:07:18.0312 2796 aec - ok
19:07:18.0343 2796 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:07:18.0343 2796 AFD - ok
19:07:18.0375 2796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:07:18.0390 2796 agp440 - ok
19:07:18.0421 2796 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:07:18.0421 2796 agpCPQ - ok
19:07:18.0562 2796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:07:18.0562 2796 Aha154x - ok
19:07:18.0609 2796 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:07:18.0609 2796 aic78u2 - ok
19:07:18.0625 2796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:07:18.0625 2796 aic78xx - ok
19:07:18.0656 2796 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:07:18.0656 2796 AliIde - ok
19:07:18.0687 2796 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:07:18.0687 2796 alim1541 - ok
19:07:18.0703 2796 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:07:18.0703 2796 amdagp - ok
19:07:18.0718 2796 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:07:18.0718 2796 amsint - ok
19:07:18.0750 2796 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:07:18.0750 2796 ApfiltrService - ok
19:07:18.0781 2796 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:07:18.0781 2796 APPDRV - ok
19:07:18.0812 2796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:07:18.0812 2796 Arp1394 - ok
19:07:18.0828 2796 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:07:18.0828 2796 asc - ok
19:07:18.0843 2796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:07:18.0843 2796 asc3350p - ok
19:07:18.0859 2796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:07:18.0859 2796 asc3550 - ok
19:07:18.0890 2796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:07:18.0890 2796 AsyncMac - ok
19:07:18.0921 2796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:07:18.0921 2796 atapi - ok
19:07:19.0046 2796 Atdisk - ok
19:07:19.0078 2796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:07:19.0078 2796 Atmarpc - ok
19:07:19.0109 2796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:07:19.0109 2796 audstub - ok
19:07:19.0140 2796 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:07:19.0156 2796 BCM43XX - ok
19:07:19.0171 2796 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:07:19.0171 2796 bcm4sbxp - ok
19:07:19.0203 2796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:07:19.0203 2796 Beep - ok
19:07:19.0250 2796 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
19:07:19.0250 2796 BrPar - ok
19:07:19.0375 2796 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
19:07:19.0375 2796 BrScnUsb - ok
19:07:19.0421 2796 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
19:07:19.0421 2796 BrSerIf - ok
19:07:19.0468 2796 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
19:07:19.0468 2796 BrUsbSer - ok
19:07:19.0531 2796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:07:19.0531 2796 cbidf - ok
19:07:19.0640 2796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:07:19.0640 2796 cbidf2k - ok
19:07:19.0671 2796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:07:19.0671 2796 cd20xrnt - ok
19:07:19.0734 2796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:07:19.0750 2796 Cdaudio - ok
19:07:19.0812 2796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:07:19.0812 2796 Cdfs - ok
19:07:19.0921 2796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:07:19.0921 2796 Cdrom - ok
19:07:19.0984 2796 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:07:20.0000 2796 CmBatt - ok
19:07:20.0062 2796 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:07:20.0062 2796 CmdIde - ok
19:07:20.0125 2796 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:07:20.0125 2796 Compbatt - ok
19:07:20.0203 2796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:07:20.0203 2796 Cpqarray - ok
19:07:20.0265 2796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:07:20.0265 2796 dac2w2k - ok
19:07:20.0312 2796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:07:20.0312 2796 dac960nt - ok
19:07:20.0375 2796 DefragFS (292e9ec82df08cbdd1cc51d963f38248) C:\WINDOWS\system32\drivers\DefragFS.sys
19:07:20.0375 2796 DefragFS - ok
19:07:20.0453 2796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:07:20.0453 2796 Disk - ok
19:07:20.0531 2796 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
19:07:20.0531 2796 DLABMFSM - ok
19:07:20.0562 2796 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:07:20.0562 2796 DLABOIOM - ok
19:07:20.0609 2796 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:07:20.0625 2796 DLACDBHM - ok
19:07:20.0640 2796 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
19:07:20.0656 2796 DLADResM - ok
19:07:20.0656 2796 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:07:20.0671 2796 DLAIFS_M - ok
19:07:20.0687 2796 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:07:20.0687 2796 DLAOPIOM - ok
19:07:20.0687 2796 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:07:20.0703 2796 DLAPoolM - ok
19:07:20.0703 2796 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
19:07:20.0718 2796 DLARTL_M - ok
19:07:20.0734 2796 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:07:20.0734 2796 DLAUDFAM - ok
19:07:20.0750 2796 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:07:20.0750 2796 DLAUDF_M - ok
19:07:20.0812 2796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:07:20.0828 2796 dmboot - ok
19:07:20.0859 2796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:07:20.0875 2796 dmio - ok
19:07:20.0906 2796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:07:20.0921 2796 dmload - ok
19:07:20.0937 2796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:07:20.0937 2796 DMusic - ok
19:07:20.0968 2796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:07:20.0968 2796 dpti2o - ok
19:07:21.0031 2796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:07:21.0031 2796 drmkaud - ok
19:07:21.0109 2796 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:07:21.0109 2796 DRVMCDB - ok
19:07:21.0125 2796 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:07:21.0125 2796 DRVNDDM - ok
19:07:21.0156 2796 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:07:21.0156 2796 E100B - ok
19:07:21.0296 2796 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:07:21.0296 2796 eeCtrl - ok
19:07:21.0296 2796 EraserUtilDrv11110 - ok
19:07:21.0296 2796 EraserUtilDrv11113 - ok
19:07:21.0312 2796 EraserUtilDrv11120 - ok
19:07:21.0343 2796 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:07:21.0343 2796 EraserUtilRebootDrv - ok
19:07:21.0468 2796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:07:21.0500 2796 Fastfat - ok
19:07:21.0593 2796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:07:21.0593 2796 Fdc - ok
19:07:21.0640 2796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:07:21.0656 2796 Fips - ok
19:07:21.0703 2796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:07:21.0703 2796 Flpydisk - ok
19:07:21.0828 2796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:07:21.0828 2796 FltMgr - ok
19:07:21.0859 2796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:07:21.0875 2796 Fs_Rec - ok
19:07:21.0937 2796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:07:21.0937 2796 Ftdisk - ok
19:07:22.0062 2796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:07:22.0062 2796 Gpc - ok
19:07:22.0140 2796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:07:22.0140 2796 HDAudBus - ok
19:07:22.0171 2796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:07:22.0171 2796 HidUsb - ok
19:07:22.0203 2796 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:07:22.0203 2796 hpn - ok
19:07:22.0296 2796 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
19:07:22.0296 2796 HSF_DPV - ok
19:07:22.0375 2796 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
19:07:22.0375 2796 HSXHWAZL - ok
19:07:22.0468 2796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:07:22.0484 2796 HTTP - ok
19:07:22.0500 2796 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:07:22.0515 2796 i2omgmt - ok
19:07:22.0546 2796 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:07:22.0546 2796 i2omp - ok
19:07:22.0593 2796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:07:22.0593 2796 i8042prt - ok
19:07:22.0671 2796 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:07:22.0687 2796 ialm - ok
19:07:22.0812 2796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:07:22.0812 2796 Imapi - ok
19:07:22.0859 2796 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:07:22.0859 2796 ini910u - ok
19:07:22.0890 2796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:07:22.0890 2796 IntelIde - ok
19:07:22.0921 2796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:07:22.0921 2796 intelppm - ok
19:07:22.0953 2796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:07:22.0953 2796 Ip6Fw - ok
19:07:22.0984 2796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:07:22.0984 2796 IpFilterDriver - ok
19:07:23.0015 2796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:07:23.0031 2796 IpInIp - ok
19:07:23.0046 2796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:07:23.0062 2796 IpNat - ok
19:07:23.0078 2796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:07:23.0078 2796 IPSec - ok
19:07:23.0093 2796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:07:23.0093 2796 IRENUM - ok
19:07:23.0234 2796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:07:23.0234 2796 isapnp - ok
19:07:23.0281 2796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:07:23.0281 2796 Kbdclass - ok
19:07:23.0312 2796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:07:23.0312 2796 kbdhid - ok
19:07:23.0375 2796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:07:23.0375 2796 kmixer - ok
19:07:23.0453 2796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:07:23.0453 2796 KSecDD - ok
19:07:23.0500 2796 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:07:23.0500 2796 mdmxsdk - ok
19:07:23.0562 2796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:07:23.0562 2796 mnmdd - ok
19:07:23.0609 2796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:07:23.0625 2796 Modem - ok
19:07:23.0656 2796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:07:23.0656 2796 Mouclass - ok
19:07:23.0687 2796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:07:23.0687 2796 mouhid - ok
19:07:23.0718 2796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:07:23.0718 2796 MountMgr - ok
19:07:23.0750 2796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:07:23.0750 2796 mraid35x - ok
19:07:23.0812 2796 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:07:23.0812 2796 MREMP50 - ok
19:07:23.0828 2796 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:07:23.0828 2796 MRESP50 - ok
19:07:23.0953 2796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:07:23.0953 2796 MRxDAV - ok
19:07:24.0046 2796 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:07:24.0046 2796 MRxSmb - ok
19:07:24.0140 2796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:07:24.0140 2796 Msfs - ok
19:07:24.0171 2796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:07:24.0171 2796 MSKSSRV - ok
19:07:24.0187 2796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:07:24.0187 2796 MSPCLOCK - ok
19:07:24.0203 2796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:07:24.0203 2796 MSPQM - ok
19:07:24.0234 2796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:07:24.0234 2796 mssmbios - ok
19:07:24.0343 2796 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:07:24.0343 2796 Mup - ok
19:07:24.0453 2796 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120209.003\naveng.sys
19:07:24.0468 2796 NAVENG - ok
19:07:24.0578 2796 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120209.003\navex15.sys
19:07:24.0593 2796 NAVEX15 - ok
19:07:24.0734 2796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:07:24.0734 2796 NDIS - ok
19:07:24.0765 2796 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:07:24.0765 2796 NdisTapi - ok
19:07:24.0812 2796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:07:24.0812 2796 Ndisuio - ok
19:07:24.0828 2796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:07:24.0828 2796 NdisWan - ok
19:07:24.0875 2796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:07:24.0875 2796 NDProxy - ok
19:07:24.0921 2796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:07:24.0921 2796 NetBIOS - ok
19:07:24.0953 2796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:07:24.0953 2796 NetBT - ok
19:07:25.0093 2796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:07:25.0093 2796 NIC1394 - ok
19:07:25.0156 2796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:07:25.0156 2796 Npfs - ok
19:07:25.0187 2796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:07:25.0218 2796 Ntfs - ok
19:07:25.0296 2796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:07:25.0296 2796 Null - ok
19:07:25.0453 2796 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:07:25.0468 2796 nv - ok
19:07:25.0531 2796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:07:25.0531 2796 NwlnkFlt - ok
19:07:25.0546 2796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:07:25.0546 2796 NwlnkFwd - ok
19:07:25.0578 2796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:07:25.0578 2796 ohci1394 - ok
19:07:25.0687 2796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:07:25.0687 2796 Parport - ok
19:07:25.0718 2796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:07:25.0734 2796 PartMgr - ok
19:07:25.0750 2796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:07:25.0765 2796 ParVdm - ok
19:07:25.0781 2796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:07:25.0781 2796 PCI - ok
19:07:25.0796 2796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:07:25.0796 2796 PCIIde - ok
19:07:25.0812 2796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:07:25.0812 2796 Pcmcia - ok
19:07:25.0843 2796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:07:25.0843 2796 perc2 - ok
19:07:25.0859 2796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:07:25.0859 2796 perc2hib - ok
19:07:25.0921 2796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:07:25.0921 2796 PptpMiniport - ok
19:07:25.0937 2796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:07:25.0937 2796 PSched - ok
19:07:25.0953 2796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:07:25.0953 2796 Ptilink - ok
19:07:25.0968 2796 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:07:25.0968 2796 PxHelp20 - ok
19:07:25.0984 2796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:07:25.0984 2796 ql1080 - ok
19:07:26.0000 2796 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:07:26.0000 2796 Ql10wnt - ok
19:07:26.0015 2796 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:07:26.0015 2796 ql12160 - ok
19:07:26.0031 2796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:07:26.0031 2796 ql1240 - ok
19:07:26.0046 2796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:07:26.0046 2796 ql1280 - ok
19:07:26.0078 2796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:07:26.0078 2796 RasAcd - ok
19:07:26.0125 2796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:07:26.0125 2796 Rasl2tp - ok
19:07:26.0140 2796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:07:26.0140 2796 RasPppoe - ok
19:07:26.0156 2796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:07:26.0156 2796 Raspti - ok
19:07:26.0203 2796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:07:26.0203 2796 Rdbss - ok
19:07:26.0296 2796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:07:26.0296 2796 RDPCDD - ok
19:07:26.0359 2796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:07:26.0359 2796 rdpdr - ok
19:07:26.0421 2796 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:07:26.0421 2796 RDPWD - ok
19:07:26.0468 2796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:07:26.0468 2796 redbook - ok
19:07:26.0578 2796 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
19:07:26.0593 2796 SAVRT - ok
19:07:26.0593 2796 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
19:07:26.0593 2796 SAVRTPEL - ok
19:07:26.0734 2796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:07:26.0734 2796 Secdrv - ok
19:07:26.0796 2796 ser2pl (b72e991d35d9ebe17e485497ab8cf002) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
19:07:26.0796 2796 ser2pl - ok
19:07:26.0828 2796 ser2plms (227df2e68510d25462ee80136722374e) C:\WINDOWS\system32\DRIVERS\ser2plms.sys
19:07:26.0843 2796 ser2plms - ok
19:07:26.0906 2796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:07:26.0906 2796 serenum - ok
19:07:27.0031 2796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:07:27.0031 2796 Serial - ok
19:07:27.0078 2796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:07:27.0078 2796 Sfloppy - ok
19:07:27.0093 2796 Simbad - ok
19:07:27.0125 2796 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:07:27.0125 2796 sisagp - ok
19:07:27.0156 2796 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:07:27.0171 2796 Sparrow - ok
19:07:27.0234 2796 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
19:07:27.0250 2796 SPBBCDrv - ok
19:07:27.0296 2796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:07:27.0296 2796 splitter - ok
19:07:27.0328 2796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:07:27.0328 2796 sr - ok
19:07:27.0453 2796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:07:27.0468 2796 Srv - ok
19:07:27.0562 2796 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
19:07:27.0562 2796 STHDA - ok
19:07:27.0734 2796 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
19:07:27.0734 2796 StillCam - ok
19:07:27.0781 2796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:07:27.0781 2796 swenum - ok
19:07:27.0812 2796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:07:27.0812 2796 swmidi - ok
19:07:27.0859 2796 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:07:27.0859 2796 symc810 - ok
19:07:27.0937 2796 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:07:27.0937 2796 symc8xx - ok
19:07:28.0031 2796 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:07:28.0031 2796 SymEvent - ok
19:07:28.0093 2796 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
19:07:28.0093 2796 SYMREDRV - ok
19:07:28.0140 2796 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
19:07:28.0140 2796 SYMTDI - ok
19:07:28.0156 2796 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:07:28.0171 2796 sym_hi - ok
19:07:28.0187 2796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:07:28.0187 2796 sym_u3 - ok
19:07:28.0218 2796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:07:28.0218 2796 sysaudio - ok
19:07:28.0265 2796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:07:28.0265 2796 Tcpip - ok
19:07:28.0359 2796 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
19:07:28.0359 2796 Tcpip6 - ok
19:07:28.0437 2796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:07:28.0453 2796 TDPIPE - ok
19:07:28.0500 2796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:07:28.0515 2796 TDTCP - ok
19:07:28.0546 2796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:07:28.0546 2796 TermDD - ok
19:07:28.0593 2796 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:07:28.0593 2796 TosIde - ok
19:07:28.0640 2796 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:07:28.0640 2796 tunmp - ok
19:07:28.0656 2796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:07:28.0671 2796 Udfs - ok
19:07:28.0687 2796 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:07:28.0687 2796 ultra - ok
19:07:28.0718 2796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:07:28.0718 2796 Update - ok
19:07:28.0765 2796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:07:28.0765 2796 usbccgp - ok
19:07:28.0843 2796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:07:28.0843 2796 usbehci - ok
19:07:28.0921 2796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:07:28.0921 2796 usbhub - ok
19:07:28.0968 2796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:07:28.0968 2796 usbprint - ok
19:07:29.0015 2796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:07:29.0015 2796 usbscan - ok
19:07:29.0109 2796 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
19:07:29.0109 2796 usbser - ok
19:07:29.0140 2796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:07:29.0140 2796 USBSTOR - ok
19:07:29.0187 2796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:07:29.0187 2796 usbuhci - ok
19:07:29.0234 2796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:07:29.0234 2796 VgaSave - ok
19:07:29.0312 2796 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:07:29.0312 2796 viaagp - ok
19:07:29.0343 2796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:07:29.0343 2796 ViaIde - ok
19:07:29.0375 2796 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
19:07:29.0375 2796 vncmirror - ok
19:07:29.0421 2796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:07:29.0421 2796 VolSnap - ok
19:07:29.0468 2796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:07:29.0468 2796 Wanarp - ok
19:07:29.0578 2796 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:07:29.0578 2796 Wdf01000 - ok
19:07:29.0671 2796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:07:29.0671 2796 wdmaud - ok
19:07:29.0734 2796 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
19:07:29.0750 2796 winachsf - ok
19:07:29.0843 2796 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:07:29.0843 2796 WmiAcpi - ok
19:07:29.0906 2796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:07:29.0906 2796 WudfPf - ok
19:07:29.0984 2796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:07:29.0984 2796 WudfRd - ok
19:07:30.0015 2796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:07:30.0406 2796 \Device\Harddisk0\DR0 - ok
19:07:30.0406 2796 Boot (0x1200) (0a3007f0613a98b77db65a019ef09d4e) \Device\Harddisk0\DR0\Partition0
19:07:30.0421 2796 \Device\Harddisk0\DR0\Partition0 - ok
19:07:30.0421 2796 Boot (0x1200) (e1eec2c90e8bfb7a75b5452acc0f0166) \Device\Harddisk0\DR0\Partition1
19:07:30.0421 2796 \Device\Harddisk0\DR0\Partition1 - ok
19:07:30.0421 2796 ============================================================
19:07:30.0421 2796 Scan finished
19:07:30.0421 2796 ============================================================
19:07:30.0437 2096 Detected object count: 0
19:07:30.0437 2096 Actual detected object count: 0




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-14 20:33:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS722080K9A300 rev.DCBOC54P
Running: vmeykelu[1].exe; Driver: C:\DOCUME~1\George\LOCALS~1\Temp\fwtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT 8A93CD60 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA9174350]
SSDT 8A9A9B48 ZwQueryValueKey
SSDT 8A9B07F8 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA9174580]

---- Kernel code sections - GMER 1.0.15 ----

.text KDCOM.DLL!KdSendPacket BA5A8345 45 Bytes [F6, C1, 01, 74, 0A, D1, E9, ...]
.text KDCOM.DLL!KdSendPacket BA5A8373 8 Bytes [55, 8B, EC, 51, 51, 83, 65, ...]
.text KDCOM.DLL!KdSendPacket BA5A837C 9 Bytes [83, 7D, 0C, 00, 8A, 81, 00, ...]
.text KDCOM.DLL!KdD0Transition BA5A8386 26 Bytes [8A, 91, 01, 01, 00, 00, 0F, ...]
.text KDCOM.DLL!KdD0Transition + 1C BA5A83A2 27 Bytes [80, 79, 07, 48, 0D, 00, FF, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 18 BA5A83BE 111 Bytes [00, 80, 79, 08, 4A, 81, CA, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 88 BA5A842E 22 Bytes [56, 57, 85, DB, 75, 07, B8, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 9F BA5A8445 10 Bytes [A0, 00, C0, EB, 34, FF, 73, ...]
.text KDCOM.DLL!KdDebuggerInitialize1 + 5 BA5A8451 84 Bytes [00, 8B, F3, 8D, BD, 00, FE, ...]
.text KDCOM.DLL!KdRestore + 46 BA5A84A6 135 Bytes [03, 45, FC, 6A, 10, 50, FF, ...]
.text KDCOM.DLL!KdRestore + CE BA5A852E 37 Bytes [BF, 00, 00, 00, C0, 8B, C8, ...]
.text KDCOM.DLL!KdRestore + F4 BA5A8554 32 Bytes [2A, FF, FF, FF, 8B, C8, 23, ...]
.text KDCOM.DLL!KdRestore + 115 BA5A8575 6 Bytes [46, 10, 50, 68, E8, 82]
.text KDCOM.DLL!KdRestore + 11D BA5A857D 122 Bytes CALL BA5A8482 \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 3D BA5A8F89 55 Bytes [F8, 89, 5F, 78, C6, 47, 7C, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 75 BA5A8FC1 96 Bytes [00, 00, 53, FF, 15, AC, 82, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D6 BA5A9022 40 Bytes [E4, 33, C0, EB, 05, 1B, C0, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + FF BA5A904B 4 Bytes [EB, 0B, 0F, B7]
PAGEKD KDCOM.DLL!KdReceivePacket + 104 BA5A9050 1 Byte [FC]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 39 BA5A91EB 34 Bytes [8A, 08, 40, 84, C9, 75, F9, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 5C BA5A920E 57 Bytes [00, 6A, 64, 8D, 45, 98, 6A, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 97 BA5A9249 134 Bytes [59, 8B, D0, 66, 8B, 08, 83, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSendPacket] [BA5A85F8] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD0Transition] [BA5A85A6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD3Transition] [BA5A85B0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdReceivePacket] [BA5A85D4] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize0] [BA5A85BA] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSave] [BA5A85EC] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize1] [BA5A85C6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdRestore] [BA5A85E0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [BA5A85E0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 00000032
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 736F746E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] 6C6E726B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] 6578652E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] 00000000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A7179D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----





aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-14 20:34:33
-----------------------------
20:34:33.718 OS Version: Windows 5.1.2600 Service Pack 3
20:34:33.718 Number of processors: 2 586 0xF02
20:34:33.718 ComputerName: GEORGELAPTOP UserName: George
20:34:34.218 Initialize success
20:38:12.093 AVAST engine defs: 12021401
20:38:34.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:38:34.031 Disk 0 Vendor: Hitachi_HTS722080K9A300 DCBOC54P Size: 76319MB BusType: 3
20:38:34.046 Disk 0 MBR read successfully
20:38:34.046 Disk 0 MBR scan
20:38:34.093 Disk 0 Windows XP default MBR code
20:38:34.093 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
20:38:34.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 23305 MB offset 112455
20:38:34.109 Disk 0 Partition - 00 05 Extended 52956 MB offset 47841570
20:38:34.140 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52956 MB offset 47841633
20:38:34.140 Disk 0 scanning sectors +156296385
20:38:34.265 Disk 0 scanning C:\WINDOWS\system32\drivers
20:38:54.953 Service scanning
20:38:57.609 Modules scanning
20:40:30.687 Disk 0 trace - called modules:
20:40:30.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:40:30.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa8c528]
20:40:30.734 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000086[0x8a9a4f18]
20:40:30.734 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa1c940]
20:40:31.234 AVAST engine scan C:\WINDOWS
20:41:40.000 AVAST engine scan C:\WINDOWS\system32
20:52:01.515 AVAST engine scan C:\WINDOWS\system32\drivers
20:53:03.765 AVAST engine scan C:\Documents and Settings\George
20:54:23.593 File: C:\Documents and Settings\George\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.dll **INFECTED** Win32:Malware-gen
21:00:40.859 File: C:\Documents and Settings\George\Local Settings\temp\Imgtask.exe **INFECTED** Win32:Malware-gen
21:39:22.062 AVAST engine scan C:\Documents and Settings\All Users
21:47:16.734 Scan finished successfully
23:56:38.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\George\Desktop\MBR.dat"
23:56:38.000 The log file has been saved successfully to "C:\Documents and Settings\George\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 PM

Posted 15 February 2012 - 10:07 AM

Hi

Press Windows+R key and type

%temp% and click ok

If you find a folder called SMTMP ,copy it to a safe location


Right click on your START MENU-Properties

Click on Customize,click on Advanced tab-check mark all the left start items like MY DOCUMENTS,MY PICTURES etc


Press Windows+R key and type

notepad and click ok

Now copy this script
@echo off
del /f /s /q "C:\Documents and Settings\George\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.dll"
del /f /s /q "C:\Documents and Settings\George\Local Settings\temp\Imgtask.exe"
del %0

Save it as Remove.bat

Run the bat file

Post the new aswmbr log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 15 February 2012 - 04:37 PM

Folder SMTMP did not exist. I guess the UNHIDE fix deleted it when it was done. I secure-erased the Temp folder content.

OK, that fixed the Start Menu… didn’t know those options were there.

I manually secure-deleted the two infected files last night. I had to manually stop the Imgtask process before I could delete the corresponding file.

ESET found a bunch of stuff on it first run, much of it in quarantines. I emptied the quarantines, then ran ESET again, with NO THREATS FOUND.

= = = = = = = = =

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-15 11:26:05
-----------------------------
11:26:05.718 OS Version: Windows 5.1.2600 Service Pack 3
11:26:05.718 Number of processors: 2 586 0xF02
11:26:05.718 ComputerName: GEORGELAPTOP UserName: George
11:26:06.171 Initialize success
11:29:16.546 AVAST engine defs: 12021500
11:29:22.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:29:22.125 Disk 0 Vendor: Hitachi_HTS722080K9A300 DCBOC54P Size: 76319MB BusType: 3
11:29:22.140 Disk 0 MBR read successfully
11:29:22.140 Disk 0 MBR scan
11:29:22.171 Disk 0 Windows XP default MBR code
11:29:22.171 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
11:29:22.187 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 23305 MB offset 112455
11:29:22.203 Disk 0 Partition - 00 05 Extended 52956 MB offset 47841570
11:29:22.218 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52956 MB offset 47841633
11:29:22.234 Disk 0 scanning sectors +156296385
11:29:22.296 Disk 0 scanning C:\WINDOWS\system32\drivers
11:29:38.171 Service scanning
11:29:40.875 Modules scanning
11:30:00.187 Disk 0 trace - called modules:
11:30:00.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:30:00.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa281f0]
11:30:00.218 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000085[0x8aa21510]
11:30:00.218 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa20940]
11:30:00.515 AVAST engine scan C:\WINDOWS
11:30:21.703 AVAST engine scan C:\WINDOWS\system32
11:33:59.203 AVAST engine scan C:\WINDOWS\system32\drivers
11:34:16.390 AVAST engine scan C:\Documents and Settings\George
11:36:48.328 AVAST engine scan C:\Documents and Settings\All Users
11:38:38.937 Scan finished successfully
11:55:10.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\George\Desktop\MBR.dat"
11:55:10.765 The log file has been saved successfully to "C:\Documents and Settings\George\Desktop\aswMBR.txt"

= = = = = = = =

ESET Run 1 log


C:\Documents and Settings\All Users\Application Data\Fighters\SLOW-PCfighter\InstallCache\{A2EFF94A-85E9-46A6-B02A-70BA351A2D82}\SLOW-PCfighter.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bredolabfb.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchLeftovers.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws10.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws12.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws14.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws16.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws18.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws20.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws22.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws52.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws54.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws56.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws58.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws60.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws8.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntiMalwares.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KillSec.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadersit.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\George\Application Data\Sun\Java\Deployment\cache\6.0\2\660a5642-6af16a8d multiple threats deleted - quarantined
C:\Program Files\EpicPlay\epicPlayGames.dll a variant of Win32/Adware.Gamevance.BI application cleaned by deleting - quarantined
C:\Program Files\EpicPlay\epicRemoval.exe a variant of Win32/Adware.Gamevance.BN application cleaned by deleting - quarantined
C:\Program Files\Registry Well\RegistryWell.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Program Files\Yontoo Layers Client\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP307\A0025669.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP307\A0025670.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP307\A0025671.dll a variant of Win32/Adware.Gamevance.BI application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP307\A0025672.exe a variant of Win32/Adware.Gamevance.BN application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP307\A0025673.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP307\A0025674.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined



= = = = = = = =

ESET Run 2


No threats found (no log available)


= = = = = = = =

MiniToolBox by Farbar Version: 18-01-2012
Ran by George (administrator) on 15-02-2012 at 14:56:52
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15131 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=static addr=192.168.1.196 mask=255.255.255.0
set address name="Wireless Network Connection" gateway=192.168.1.254 gwmetric=0
set dns name="Wireless Network Connection" source=static addr=192.168.1.254 register=PRIMARY
set wins name="Wireless Network Connection" source=static addr=none

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : GeorgeLaptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-1D-60-52-07-DD



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-1C-23-A0-5C-B9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.27

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21c:23ff:fea0:5cb9%5

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : Wednesday, February 15, 2012 2:39:22 PM

Lease Expires . . . . . . . . . . : Wednesday, February 15, 2012 3:39:22 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-1B

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.27%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.47.138, 74.125.47.139, 74.125.47.100, 74.125.47.101
74.125.47.102, 74.125.47.113



Pinging google.com [74.125.157.101] with 32 bytes of data:



Reply from 74.125.157.101: bytes=32 time=8ms TTL=52

Reply from 74.125.157.101: bytes=32 time=9ms TTL=52



Ping statistics for 74.125.157.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 8ms, Maximum = 9ms, Average = 8ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.127.62, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=28ms TTL=48

Reply from 209.191.122.70: bytes=32 time=28ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 28ms, Average = 28ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 60 52 07 dd ...... Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
0x3 ...00 1c 23 a0 5c b9 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.27 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.27 192.168.1.27 30
192.168.1.0 255.255.255.0 192.168.1.27 192.168.1.27 20
192.168.1.27 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.27 192.168.1.27 20
224.0.0.0 240.0.0.0 192.168.1.27 192.168.1.27 20
255.255.255.255 255.255.255.255 192.168.1.27 192.168.1.27 1
255.255.255.255 255.255.255.255 192.168.1.27 2 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

=========================== Installed Programs ============================

ABBYY FineReader 8.0 Professional Edition (Version: 8.00.1126.4607)
ACDSee 32
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.0)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
ALPS Touch Pad Driver
ArcSoft PhotoImpression 4
Ask Toolbar (Version: 1.9.1.0)
ATT-PRT22
Avanquest update (Version: 1.12)
Avery Wizard 4.0 (Version: 4.0.4)
BCWipe 2.0
Bonjour (Version: 1.0.102)
Broadcom Management Programs (Version: 8.65.05)
Brother 1440
Brother 1470N
Brother HL-5250DN (Version: 1.00)
Brother MFL-Pro Suite (Version: 1.00.000)
Brownie
bxNewFolder 1.0 (Version: 1.0)
Calypso 3
Camera Driver
CCScore (Version: 6.02.1001.0001)
CFi ShellToys v6.1 (Version: 6.1.0)
CHSTprep V1.0 (Version: 1.00.0000)
CmdHere Powertoy For Windows XP (Version: 1.00.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Wireless WLAN Card (Version: 4.100.15.8)
Digital Line Detect (Version: 1.15)
Driver Whiz (Version: 8.0.1)
ESET Online Scanner v3
ESSBrwr (Version: 6.04.0000.0001)
ESSCDBK (Version: 6.04.0000.0001)
ESScore (Version: 6.04.0000.0003)
ESSgui (Version: 6.04.0000.0001)
ESSini (Version: 6.04.0000.0001)
ESSPCD (Version: 6.04.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSSONIC (Version: 6.4.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.04.0000.0001)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.57)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4446)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Jasc Paint Shop Pro 9 (Version: 9.01.0000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.67)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Maxtor Quick Start (Version: 2.00.0210)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 SR-1 Professional (Version: 9.00.9327)
Microsoft Office Outlook 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft Streets & Trips 2007 with GPS Locator (Version: 14.0.09.1100)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Modem Helper (Version: 3.02)
Motorola Driver Installation (Version: 2.7.2)
Motorola Phone Tools (Version: 4.0.4b 12-01-2005)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
National Fire Code Set
netbrdg (Version: 6.04.0000.0001)
OfotoXMI (Version: 6.04.0000.0001)
PaperPort (Version: 9.02.0814)
pdfFactory Pro
PerfectDisk 10 Professional (Version: 10.0.119)
Post-it® Software Notes
PowerDVD (Version: 7.0)
QuickSet (Version: 8.1.12)
ResumeMaker (Version: 16.0.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
Seagate Drive Settings Installer (Version: 1.00.0000)
SFR (Version: 6.04.0000.0001)
SHASTA (Version: 6.04.0000.0001)
skin0001 (Version: 6.04.0000.0004)
SKINXSDK (Version: 6.02.1001.0001)
Sonic Activation Module (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
staticcr (Version: 6.04.0000.0005)
Symantec AntiVirus (Version: 10.1.7000.7)
TablePCRT (Version: 1.0.0.0)
TeraCopy 2.12
tooltips (Version: 6.04.0000.0001)
TreeSize 1.7
Trojan Remover 6.8.2 (Version: 6.8.2)
TTS Wrapper (Version: 1.0.0.0)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VNC Enterprise Edition E4.6.1 (Version: E4.6.1)
VNC Mirror Driver 1.8.0 (Version: 1.8.0)
VNC Printer Driver 1.7.0 (Version: 1.7.0)
VPRINTOL (Version: 6.04.0000.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinSnap (Version: 3.5.5)
WinZip (Version: 9.0 SR-1 (6224))
WIRELESS (Version: 6.04.0000.0001)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 2038.37 MB
Available physical RAM: 1232.85 MB
Total Pagefile: 3421.23 MB
Available Pagefile: 2813.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:22.76 GB) (Free:1.96 GB) NTFS
2 Drive d: () (Fixed) (Total:51.72 GB) (Free:1.66 GB) NTFS
3 Drive w: (HBCD 10.6) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\GEORGELAPTOP

Administrator George Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 PM

Posted 15 February 2012 - 04:51 PM

That looks good

Uninstall ask toolbar

DOwnload HOSTS fix

http://go.microsoft.com/?linkid=9668866

Run the fixit

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 15 February 2012 - 04:52 PM.


#9 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 15 February 2012 - 06:16 PM

I will do these things.

Question: do you have any thoughts on Norton AV vs Microsoft Security Essentials? Norton can be a pain in the rear, and I am considering changing over.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 PM

Posted 15 February 2012 - 06:54 PM

Microsoft security essentials+malwarebytes+superantispyware should be good.

:thumbup2:

#11 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 17 February 2012 - 12:12 AM

Well, as Larry the Cable Guy says, "Something ain't right." Although we seem to be rid of the trojans and the rootkit, we are not rid of the mischief they have caused. Browsing the internet is still badly messed us.

I have a link to this post on the desktop. From a freshly booted computer, when I double-click on the link, Internet Explorer 8 opens (to a blank screen) in 6 seconds. From that point, it takes a measured 1 min 40 seconds -- 2 min 0 sec to show this page in full. Other pages on this site and other sites load similarly slowly.

It isn't the internet connection. After (slowly) loading speedtest.net, I get these results

Posted Image

This is almost exactly what another computer my home network gets. Something is slowing the browser down to the point where it is unusable.

Loading the special version of IE with add-ons disabled from System Tools made no difference in time.

Any ideas?

Edited by LMoseley, 17 February 2012 - 12:18 AM.


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 PM

Posted 17 February 2012 - 08:42 AM

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log

Click Go and post the result.

#13 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 17 February 2012 - 01:15 PM

Log attached.

There is other mild wierdness, like the "remember me" login not working from this computer for this website, but the slow loading is the killer.

The computer is connected to the internet with the wired connection. The WiFi should be turned off. The entry of 192,168.1.254 is correct for the router/DHCP Server/DNS Server. A Netscan from another computer does show this computer at 192.168.1.27, as shown in the log below.

I have no idea what the "Tunnel adapter Automatic Tunneling Pseudo-Interface" is.



================================

MiniToolBox by Farbar Version: 18-01-2012
Ran by George (administrator) on 17-02-2012 at 10:03:39
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=static addr=192.168.1.196 mask=255.255.255.0
set address name="Wireless Network Connection" gateway=192.168.1.254 gwmetric=0
set dns name="Wireless Network Connection" source=static addr=192.168.1.254 register=PRIMARY
set wins name="Wireless Network Connection" source=static addr=none

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : GeorgeLaptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-1D-60-52-07-DD

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-1C-23-A0-5C-B9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.27

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21c:23ff:fea0:5cb9%5

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : Friday, February 17, 2012 9:36:09 AM

Lease Expires . . . . . . . . . . : Friday, February 17, 2012 10:36:09 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-1B

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.27%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.45.101, 74.125.45.102, 74.125.45.113, 74.125.45.138
74.125.45.139, 74.125.45.100



Pinging google.com [74.125.45.101] with 32 bytes of data:



Reply from 74.125.45.101: bytes=32 time=9ms TTL=51

Reply from 74.125.45.101: bytes=32 time=9ms TTL=51



Ping statistics for 74.125.45.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 9ms, Maximum = 9ms, Average = 9ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.127.62, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=28ms TTL=48

Reply from 209.191.122.70: bytes=32 time=28ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 28ms, Average = 28ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 60 52 07 dd ...... Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
0x3 ...00 1c 23 a0 5c b9 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.27 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.27 192.168.1.27 30
192.168.1.0 255.255.255.0 192.168.1.27 192.168.1.27 20
192.168.1.27 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.27 192.168.1.27 20
224.0.0.0 240.0.0.0 192.168.1.27 192.168.1.27 20
255.255.255.255 255.255.255.255 192.168.1.27 192.168.1.27 1
255.255.255.255 255.255.255.255 192.168.1.27 2 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/17/2012 03:40:29 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (02/17/2012 03:40:29 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/17/2012 03:38:07 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/17/2012 03:18:19 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

Error: (02/17/2012 03:18:19 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/17/2012 03:18:17 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (02/17/2012 03:18:17 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/17/2012 03:18:15 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The
Error code is the first DWORD in Data section.

Error: (02/17/2012 03:18:15 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (02/17/2012 03:04:48 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The
Error code is the first DWORD in Data section.


System errors:
=============
Error: (02/17/2012 03:37:54 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service hung on starting.

Error: (02/17/2012 03:36:23 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/17/2012 03:36:23 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (02/17/2012 03:36:23 AM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (02/16/2012 07:27:52 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service hung on starting.

Error: (02/16/2012 07:26:21 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/16/2012 07:26:21 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (02/16/2012 07:26:21 PM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (02/16/2012 07:24:00 PM) (Source: Service Control Manager) (User: )
Description: The Seagate Drive Settings Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/16/2012 07:24:00 PM) (Source: Service Control Manager) (User: )
Description: The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/17/2012 03:40:29 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (02/17/2012 03:40:29 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (02/17/2012 03:38:07 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/17/2012 03:18:19 AM) (Source: LoadPerf)(User: )
Description: ASP.NETASP.NET

Error: (02/17/2012 03:18:19 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (02/17/2012 03:18:17 AM) (Source: LoadPerf)(User: )
Description: aspnet_stateASP.NET State Service

Error: (02/17/2012 03:18:17 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (02/17/2012 03:18:15 AM) (Source: LoadPerf)(User: )
Description: ASP.NET_2.0.50727ASP.NET_2.0.50727

Error: (02/17/2012 03:18:15 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (02/17/2012 03:04:48 AM) (Source: LoadPerf)(User: )
Description: MSDTC Bridge 4.0.0.0MSDTC Bridge 4.0.0.0


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 PM

Posted 17 February 2012 - 09:18 PM

Does the page loads faster in firefox?

You can try to reset INternet explorer to default settings.If that doesnt work then try reinstalling IE 8 if slowness is specific to internet explorer alone.

#15 LMoseley

LMoseley
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 19 February 2012 - 05:20 PM

OK to close. Thanks for your help, narenxp.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users