Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My printer randomly prints out website pages


  • Please log in to reply
24 replies to this topic

#1 Fruit

Fruit

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 AM

Posted 30 March 2012 - 09:38 PM

Hello,

Iím seeking some help here once more because Iím thankful for the helper that solved my problem completely last time.

My problem started March 26 or 27 when I was printing out several pages about daily news. It randomly printed out a news page that I didnít request. I was confident that I did not misclick, but maybe accidents could have happened so I just left it.

2 days later, my mother used the computer to surf the web. After a while I noticed a little printer icon at the bottom right taskbar. My printer was off at the moment so I clicked on it to see what documents were waiting to be printed. Again, it was a random page from a website that she visited. I canceled the print and asked my mother whether she requested the print but she answered no.

Today, when I turned on my printer, it started printing a random page from a website I visited last night. Now Iím sure that this isnít just an accident but perhaps a malware, virus or keylogger doing the trick.

I also believe that itís an issue related to the computer rather than the commended printer.


Extra info: I do AVG and Malwarebytes scans very often, about once a week, once every 2 weeks at most. My computer has been cleaned for the past 2 months as far as I know. I did full scans a few days ago and the logs were clean.




Few minutes ago:

*I just ran an online ESET scan and hereíre the results:

- a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted Ė quarantined

Not sure if this clears the problem.


*I just installed the KeyScrambler Personal to improve security against keyloggers.

OS: Windows XP

Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 04 April 2012 - 09:40 AM

Hello, are you printing Wirelessly?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 AM

Posted 04 April 2012 - 10:15 PM

Hello thanks for the reply,

No my printer isn't wireless.


MiniToolBox by Farbar Version: 18-01-2012
Ran by HP_Administrator (administrator) on 04-04-2012 at 23:13:16
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-55e5f9e3d2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : myhome.westell.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : myhome.westell.com

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-13-D4-0E-6D-34

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.5.46

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.5.1

DHCP Server . . . . . . . . . . . : 192.168.5.1

DNS Servers . . . . . . . . . . . : 192.168.5.1

192.168.5.1

Lease Obtained. . . . . . . . . . : Wednesday, April 04, 2012 11:08:06 PM

Lease Expires . . . . . . . . . . : Thursday, April 05, 2012 11:08:06 PM

Server: dslrouter
Address: 192.168.5.1

Name: google.com
Addresses: 173.194.43.41, 173.194.43.32, 173.194.43.46, 173.194.43.38
173.194.43.40, 173.194.43.39, 173.194.43.34, 173.194.43.36, 173.194.43.35
173.194.43.33, 173.194.43.37



Pinging google.com [173.194.43.41] with 32 bytes of data:



Reply from 173.194.43.41: bytes=32 time=36ms TTL=56

Reply from 173.194.43.41: bytes=32 time=35ms TTL=56



Ping statistics for 173.194.43.41:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 36ms, Average = 35ms

Server: dslrouter
Address: 192.168.5.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=83ms TTL=57

Reply from 209.191.122.70: bytes=32 time=83ms TTL=57



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 83ms, Maximum = 83ms, Average = 83ms

Server: dslrouter
Address: 192.168.5.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 d4 0e 6d 34 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.5.1 192.168.5.46 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.5.46 192.168.5.46 20
192.168.5.0 255.255.255.0 192.168.5.46 192.168.5.46 20
192.168.5.46 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.5.255 255.255.255.255 192.168.5.46 192.168.5.46 20
224.0.0.0 240.0.0.0 192.168.5.46 192.168.5.46 20
255.255.255.255 255.255.255.255 192.168.5.46 192.168.5.46 1
Default Gateway: 192.168.5.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/02/2012 06:15:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6375

Error: (04/02/2012 06:15:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6375

Error: (04/02/2012 06:15:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2012 06:15:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4391

Error: (04/02/2012 06:15:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4391

Error: (04/02/2012 06:15:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2012 06:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2407

Error: (04/02/2012 06:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2407

Error: (04/02/2012 06:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2012 09:36:38 AM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: Microsoft Office XP Professional with FrontPage - Update '{0B6B5895-479A-4240-81B7-323D27218E63}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (03/31/2012 00:39:45 PM) (Source: System Error) (User: )
Description: Error code 100000ce, parameter1 a8782f60, parameter2 00000008, parameter3 a8782f60, parameter4 00000000.

Error: (03/31/2012 00:39:04 PM) (Source: System Error) (User: )
Description: Error code 100000ce, parameter1 a85baf60, parameter2 00000008, parameter3 a85baf60, parameter4 00000000.

Error: (03/31/2012 00:39:01 PM) (Source: System Error) (User: )
Description: Error code 100000ce, parameter1 a89b4f60, parameter2 00000008, parameter3 a89b4f60, parameter4 00000000.

Error: (03/31/2012 00:38:59 PM) (Source: System Error) (User: )
Description: Error code 100000ce, parameter1 a7deff60, parameter2 00000008, parameter3 a7deff60, parameter4 00000000.

Error: (03/31/2012 00:38:09 PM) (Source: System Error) (User: )
Description: Error code 100000ce, parameter1 a870bf60, parameter2 00000008, parameter3 a870bf60, parameter4 00000000.


Microsoft Office Sessions:
=========================
Error: (04/02/2012 06:15:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6375

Error: (04/02/2012 06:15:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6375

Error: (04/02/2012 06:15:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2012 06:15:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4391

Error: (04/02/2012 06:15:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4391

Error: (04/02/2012 06:15:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2012 06:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2407

Error: (04/02/2012 06:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2407

Error: (04/02/2012 06:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2012 09:36:38 AM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Microsoft Office XP Professional with FrontPage{0B6B5895-479A-4240-81B7-323D27218E63}1603(NULL)


=========================== Installed Programs ============================

5600 (Version: 50.0.206.000)
5600_Help (Version: 50.0.206.000)
5600Trb (Version: 50.0.206.000)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Agere Systems PCI Soft Modem
AIM 7
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2409)
AVG 2012 (Version: 2012.0.1913)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Bonjour (Version: 3.0.0.10)
Bounce Symphony from HP Media Center (remove only)
BufferChm (Version: 53.0.13.000)
CameraDrivers (Version: 4.5.0.211)
Copy (Version: 45.4.157.000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwSharkTaleAlbums1 (Version: 45.4.157.000)
cp_dwSharkTaleCards1 (Version: 45.4.157.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_PLSBusinessFlyers (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
Crystal Maze from HP Media Center (remove only)
CueTour (Version: 45.4.157.000)
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 5.2.0.0)
DocumentViewer (Version: 45.4.157.000)
Download Updater (AOL LLC)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 50.0.206.000)
Final Drive Nitro from HP Media Center (remove only)
GemMaster Mystic
Google Toolbar for Internet Explorer
Happy Feet Screen Saver
Help and Support Additions (Version: 3.0.5)
HF_screensaver
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Boot Optimizer (Version: 1.0.2)
HP Deskjet Printer Preload (Version: 10.1.0)
HP Extended Capabilities 5.3 (Version: 5.3)
HP Help and Support 4.0 (Version: 4.00.0025)
HP Image Zone 4.8.6 (Version: 4.8.6)
HP Image Zone Express (Version: 1.5.1.29)
HP Image Zone for Media Center PC (Version: 1.02.001)
HP Image Zone Plus 4.8.6 (Version: 4.8.6)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP Photosmart Cameras 4.5 (Version: 4.5)
HP PSC & OfficeJet 5.3.B
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HP Tunes (Version: 2.0.0.0)
HPIZplus450 (Version: 48.2.6.0)
HPProductAssistant (Version: 53.0.13.000)
HpSdpAppCoreApp (Version: 3.00.0000)
HPSystemDiagnostics (Version: 1.6.0.0)
InstantShare (Version: 45.4.157.000)
Intel® Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
InterVideo WinDVD Player (Version: 5.0-B11.776)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
KBD
KeyScrambler (Version: 2.9.1.0)
Lexibox Deluxe from HP Media Center (remove only)
LS_HSI (Version: 1.4.27.1)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MapleStory
MarketResearch (Version: 53.0.13.000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.4330.0)
Microsoft Plus! Dancer LE (Version: 1.1.0.3522)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3500)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 4.0 (Version: 4.00.050)
muvee autoProducer unPlugged - HPD (Version: 1.0.000)
NewCopy (Version: 50.0.206.000)
Nexon Game Manager
Otto
Overball from HP Media Center (remove only)
Pando Media Booster (Version: 2.3.6.0)
PanoStandAlone (Version: 45.4.157.000)
PC-Doctor for Windows (Version: 1.06.005)
Phoenix Assault from HP Media Center (remove only)
PhotoGallery (Version: 45.4.157.000)
Photosmart 320,370,7400,8100,8400 Series (Version: 2.0)
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 50.0.206.000)
PS2
PSPrinters06 (Version: 1.00.0000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.71.80.42)
Readme (Version: 50.0.206.000)
RealPlayer
Remove Quicken New User Edition installer
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
Segoe UI (Version: 14.0.4327.805)
Shooting Stars Pool from HP Media Center (remove only)
SkinsHP1 (Version: 45.4.157.000)
Slyder from HP Media Center (remove only)
SolutionCenter (Version: 50.0.152.000)
Sonic Encoders (Version: 1.00)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.1.0)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
SpySubtract
Status (Version: 53.0.13.000)
Super Granny from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
TrayApp (Version: 53.0.13.000)
Unload (Version: 5.0.0)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 1015.29 MB
Available physical RAM: 414.65 MB
Total Pagefile: 2442.69 MB
Available Pagefile: 1829.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.21 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:224.87 GB) (Free:168.37 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8 GB) (Free:1.37 GB) FAT32

========================= Users: ========================================

User accounts for \\YOUR-55E5F9E3D2

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini010212-01.dmp
C:\WINDOWS\Minidump\Mini010212-02.dmp
C:\WINDOWS\Minidump\Mini010312-01.dmp
C:\WINDOWS\Minidump\Mini010412-01.dmp
C:\WINDOWS\Minidump\Mini010812-01.dmp
C:\WINDOWS\Minidump\Mini011612-01.dmp
C:\WINDOWS\Minidump\Mini011612-02.dmp
C:\WINDOWS\Minidump\Mini012012-01.dmp
C:\WINDOWS\Minidump\Mini012112-01.dmp
C:\WINDOWS\Minidump\Mini012212-01.dmp
C:\WINDOWS\Minidump\Mini012312-01.dmp
C:\WINDOWS\Minidump\Mini012612-01.dmp
C:\WINDOWS\Minidump\Mini012612-02.dmp
C:\WINDOWS\Minidump\Mini012612-03.dmp
C:\WINDOWS\Minidump\Mini012812-01.dmp
C:\WINDOWS\Minidump\Mini012812-02.dmp
C:\WINDOWS\Minidump\Mini012912-01.dmp
C:\WINDOWS\Minidump\Mini012912-02.dmp
C:\WINDOWS\Minidump\Mini012912-03.dmp
C:\WINDOWS\Minidump\Mini013012-01.dmp
C:\WINDOWS\Minidump\Mini013112-01.dmp
C:\WINDOWS\Minidump\Mini013112-02.dmp
C:\WINDOWS\Minidump\Mini020512-01.dmp
C:\WINDOWS\Minidump\Mini020512-02.dmp
C:\WINDOWS\Minidump\Mini020812-01.dmp
C:\WINDOWS\Minidump\Mini020912-01.dmp
C:\WINDOWS\Minidump\Mini021112-01.dmp
C:\WINDOWS\Minidump\Mini021112-02.dmp
C:\WINDOWS\Minidump\Mini021112-03.dmp
C:\WINDOWS\Minidump\Mini021112-04.dmp
C:\WINDOWS\Minidump\Mini021508-01.dmp
C:\WINDOWS\Minidump\Mini071411-01.dmp
C:\WINDOWS\Minidump\Mini071511-01.dmp
C:\WINDOWS\Minidump\Mini071911-01.dmp
C:\WINDOWS\Minidump\Mini072011-01.dmp
C:\WINDOWS\Minidump\Mini072111-01.dmp
C:\WINDOWS\Minidump\Mini072811-01.dmp
C:\WINDOWS\Minidump\Mini073011-01.dmp
C:\WINDOWS\Minidump\Mini073111-01.dmp
C:\WINDOWS\Minidump\Mini080211-01.dmp
C:\WINDOWS\Minidump\Mini080311-01.dmp
C:\WINDOWS\Minidump\Mini080511-01.dmp
C:\WINDOWS\Minidump\Mini080611-01.dmp
C:\WINDOWS\Minidump\Mini080611-02.dmp
C:\WINDOWS\Minidump\Mini080811-01.dmp
C:\WINDOWS\Minidump\Mini082011-01.dmp
C:\WINDOWS\Minidump\Mini082111-01.dmp
C:\WINDOWS\Minidump\Mini082711-01.dmp
C:\WINDOWS\Minidump\Mini083011-01.dmp
C:\WINDOWS\Minidump\Mini090111-01.dmp
C:\WINDOWS\Minidump\Mini090911-01.dmp
C:\WINDOWS\Minidump\Mini091011-01.dmp
C:\WINDOWS\Minidump\Mini091111-01.dmp
C:\WINDOWS\Minidump\Mini091111-02.dmp
C:\WINDOWS\Minidump\Mini091211-01.dmp
C:\WINDOWS\Minidump\Mini091411-01.dmp
C:\WINDOWS\Minidump\Mini091711-01.dmp
C:\WINDOWS\Minidump\Mini092511-01.dmp
C:\WINDOWS\Minidump\Mini092611-01.dmp
C:\WINDOWS\Minidump\Mini093011-01.dmp
C:\WINDOWS\Minidump\Mini093011-02.dmp
C:\WINDOWS\Minidump\Mini100111-01.dmp
C:\WINDOWS\Minidump\Mini101811-01.dmp
C:\WINDOWS\Minidump\Mini101911-01.dmp
C:\WINDOWS\Minidump\Mini102211-01.dmp
C:\WINDOWS\Minidump\Mini102710-01.dmp
C:\WINDOWS\Minidump\Mini102811-01.dmp
C:\WINDOWS\Minidump\Mini102910-01.dmp
C:\WINDOWS\Minidump\Mini102911-01.dmp
C:\WINDOWS\Minidump\Mini102911-02.dmp
C:\WINDOWS\Minidump\Mini102911-03.dmp
C:\WINDOWS\Minidump\Mini103111-01.dmp
C:\WINDOWS\Minidump\Mini110211-01.dmp
C:\WINDOWS\Minidump\Mini110411-01.dmp
C:\WINDOWS\Minidump\Mini110611-01.dmp
C:\WINDOWS\Minidump\Mini111111-01.dmp
C:\WINDOWS\Minidump\Mini111211-01.dmp
C:\WINDOWS\Minidump\Mini111311-01.dmp
C:\WINDOWS\Minidump\Mini111411-01.dmp
C:\WINDOWS\Minidump\Mini112211-01.dmp
C:\WINDOWS\Minidump\Mini112911-01.dmp
C:\WINDOWS\Minidump\Mini121011-01.dmp
C:\WINDOWS\Minidump\Mini121111-01.dmp
C:\WINDOWS\Minidump\Mini122111-01.dmp
C:\WINDOWS\Minidump\Mini122311-01.dmp
C:\WINDOWS\Minidump\Mini122411-01.dmp
C:\WINDOWS\Minidump\Mini122411-02.dmp
C:\WINDOWS\Minidump\Mini122611-01.dmp
C:\WINDOWS\Minidump\Mini122711-01.dmp

**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 05 April 2012 - 06:18 PM

Hello. This doen't appear to be malware. I have a few suggestions. If they do not solve it then ask in the External Hardware forum. Give your printer model and state its XP.

Clear Printer Memory
Clear the print spool
Clear all jobs from a print queue

Edited by boopme, 05 April 2012 - 06:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 AM

Posted 06 April 2012 - 05:27 PM

HP 5600, I'll try your suggestions soon because I have another problem at hand right now.

This is quite unrelated to my printer problems but more serious. My printer seems to stop printing random things after the ESET scan so I'd appreciate it very much if you would help me with my new problem. Please tell me if I should open a new topic instead.


Today, I was surfing the web normally and my computer starts to lag. It started as a small lag then it became very slow. I found it strange because I had only 2 web browers opened and it would normally run fast.

So I opened task manager to see my CPU Useage reaches 80%. I checked process tab and found one of the svchost.exe - System taking up 400k-600k Mem useage. I Noticed this was abnormal so I ran Malwarebytes. In the middle of that, an AVG "Threat blocked" notice popped out and read this:

File name: carsfordin.com/index.php?showtopic=809846
Threat name: Exploit Blackhole Exploit Kit Detection (type 1889)
Process name: C:\WINDOWS\system32\svchost.exe
Process ID: 1224

After I closed the popup, my computer mem useage seemed to calm down a lot.

My Malewarebytes log came out to be clean though, so I restarted my computer. After that, the svchost.exe once again take up a huge amount of mem usage.

Not sure of what to do now, thanks.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 06 April 2012 - 06:04 PM

Can I see the ESET log?

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 AM

Posted 06 April 2012 - 08:58 PM

That big svchost.exe mem useage thing starts up soon after I start up the system everytime.

Here's the ESET log, I ran another one after the one I mentioned,


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ed4385f1d55fec4f8db895485fd7dc88
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-06 04:44:49
# local_time=2012-01-05 11:44:49 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 8498158 8498158 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=167156
# found=4
# cleaned=4
# scan_time=8352
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7BE.tmp a variant of Win32/Kryptik.TFJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7C0.tmp a variant of Win32/Kryptik.TFJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sun\Java\Deployment\cache\6.0\29\1b0b81d-1f2a6a70 a variant of Java/Agent.DZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ed4385f1d55fec4f8db895485fd7dc88
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-06 10:53:18
# local_time=2012-01-06 05:53:18 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 8564952 8564952 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=168139
# found=0
# cleaned=0
# scan_time=6868
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ed4385f1d55fec4f8db895485fd7dc88
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-31 02:22:38
# local_time=2012-03-30 10:22:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 15833028 15833028 0 0
# compatibility_mode=8192 67108863 100 0 6417306 6417306 0 0
# scanned=187511
# found=1
# cleaned=1
# scan_time=8950
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sun\Java\Deployment\cache\6.0\9\64a5ca89-637fc92e a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ed4385f1d55fec4f8db895485fd7dc88
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-04 10:54:21
# local_time=2012-04-04 06:54:21 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 16254883 16254883 0 0
# compatibility_mode=8192 67108863 100 0 6839161 6839161 0 0
# scanned=189321
# found=0
# cleaned=0
# scan_time=6600

#8 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 AM

Posted 06 April 2012 - 09:18 PM

TDSSKiller(reboot was needed):

22:13:07.0671 1236 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:13:09.0687 1236 ============================================================
22:13:09.0687 1236 Current date / time: 2012/04/06 22:13:09.0687
22:13:09.0687 1236 SystemInfo:
22:13:09.0687 1236
22:13:09.0687 1236 OS Version: 5.1.2600 ServicePack: 3.0
22:13:09.0687 1236 Product type: Workstation
22:13:09.0687 1236 ComputerName: YOUR-55E5F9E3D2
22:13:09.0687 1236 UserName: HP_Administrator
22:13:09.0687 1236 Windows directory: C:\WINDOWS
22:13:09.0687 1236 System windows directory: C:\WINDOWS
22:13:09.0687 1236 Processor architecture: Intel x86
22:13:09.0687 1236 Number of processors: 2
22:13:09.0687 1236 Page size: 0x1000
22:13:09.0687 1236 Boot type: Normal boot
22:13:09.0687 1236 ============================================================
22:13:24.0093 1236 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:13:24.0687 1236 \Device\Harddisk0\DR0:
22:13:24.0796 1236 MBR used
22:13:24.0796 1236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1005231
22:13:24.0796 1236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1005270, BlocksNum 0x1C1BB450
22:13:25.0375 1236 Initialize success
22:13:25.0375 1236 ============================================================
22:14:03.0531 5280 ============================================================
22:14:03.0531 5280 Scan started
22:14:03.0531 5280 Mode: Manual; TDLFS;
22:14:03.0531 5280 ============================================================
22:14:07.0234 5280 Abiosdsk - ok
22:14:07.0296 5280 abp480n5 - ok
22:14:07.0500 5280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:14:07.0515 5280 ACPI - ok
22:14:07.0593 5280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:14:07.0656 5280 ACPIEC - ok
22:14:07.0750 5280 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:14:07.0843 5280 AdobeFlashPlayerUpdateSvc - ok
22:14:07.0875 5280 adpu160m - ok
22:14:07.0953 5280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:14:07.0953 5280 aec - ok
22:14:08.0031 5280 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:14:08.0062 5280 AFD - ok
22:14:08.0203 5280 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:14:08.0296 5280 AgereSoftModem - ok
22:14:08.0328 5280 Aha154x - ok
22:14:08.0375 5280 aic78u2 - ok
22:14:08.0421 5280 aic78xx - ok
22:14:08.0625 5280 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:14:08.0625 5280 Alerter - ok
22:14:08.0703 5280 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:14:08.0703 5280 ALG - ok
22:14:08.0718 5280 AliIde - ok
22:14:08.0750 5280 amsint - ok
22:14:08.0953 5280 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:14:08.0953 5280 Apple Mobile Device - ok
22:14:09.0015 5280 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:14:09.0031 5280 AppMgmt - ok
22:14:09.0156 5280 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:14:09.0156 5280 Arp1394 - ok
22:14:09.0250 5280 asc - ok
22:14:09.0265 5280 asc3350p - ok
22:14:09.0281 5280 asc3550 - ok
22:14:09.0421 5280 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:14:09.0531 5280 aspnet_state - ok
22:14:09.0656 5280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:14:09.0687 5280 AsyncMac - ok
22:14:09.0734 5280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:14:09.0765 5280 atapi - ok
22:14:09.0828 5280 Atdisk - ok
22:14:09.0843 5280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:14:09.0843 5280 Atmarpc - ok
22:14:09.0890 5280 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:14:09.0890 5280 AudioSrv - ok
22:14:09.0953 5280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:14:09.0968 5280 audstub - ok
22:14:10.0328 5280 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
22:14:10.0468 5280 AVGIDSAgent - ok
22:14:10.0781 5280 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:14:10.0968 5280 AVGIDSDriver - ok
22:14:11.0046 5280 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:14:11.0046 5280 AVGIDSEH - ok
22:14:11.0093 5280 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:14:11.0171 5280 AVGIDSFilter - ok
22:14:11.0250 5280 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:14:11.0265 5280 AVGIDSShim - ok
22:14:11.0328 5280 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:14:11.0359 5280 Avgldx86 - ok
22:14:11.0406 5280 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:14:11.0406 5280 Avgmfx86 - ok
22:14:11.0531 5280 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:14:11.0546 5280 Avgrkx86 - ok
22:14:11.0671 5280 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:14:11.0671 5280 Avgtdix - ok
22:14:11.0906 5280 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:14:11.0921 5280 avgwd - ok
22:14:12.0015 5280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:14:12.0046 5280 Beep - ok
22:14:12.0125 5280 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:14:12.0171 5280 BITS - ok
22:14:12.0312 5280 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:14:12.0328 5280 Bonjour Service - ok
22:14:12.0406 5280 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:14:12.0421 5280 Browser - ok
22:14:12.0500 5280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:14:12.0515 5280 cbidf2k - ok
22:14:12.0531 5280 cd20xrnt - ok
22:14:12.0609 5280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:14:12.0609 5280 Cdaudio - ok
22:14:12.0687 5280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:14:12.0734 5280 Cdfs - ok
22:14:12.0765 5280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:14:12.0781 5280 Cdrom - ok
22:14:12.0796 5280 Changer - ok
22:14:12.0859 5280 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:14:12.0859 5280 CiSvc - ok
22:14:12.0906 5280 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:14:12.0921 5280 ClipSrv - ok
22:14:12.0937 5280 CmdIde - ok
22:14:12.0968 5280 COMSysApp - ok
22:14:12.0984 5280 Cpqarray - ok
22:14:13.0031 5280 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:14:13.0031 5280 CryptSvc - ok
22:14:13.0046 5280 dac2w2k - ok
22:14:13.0078 5280 dac960nt - ok
22:14:13.0390 5280 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:14:13.0468 5280 DcomLaunch - ok
22:14:13.0625 5280 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:14:13.0640 5280 Dhcp - ok
22:14:13.0750 5280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:14:13.0750 5280 Disk - ok
22:14:13.0781 5280 dmadmin - ok
22:14:13.0843 5280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:14:14.0062 5280 dmboot - ok
22:14:14.0765 5280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:14:14.0843 5280 dmio - ok
22:14:15.0453 5280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:14:15.0468 5280 dmload - ok
22:14:15.0656 5280 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:14:15.0671 5280 dmserver - ok
22:14:15.0781 5280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:14:15.0796 5280 DMusic - ok
22:14:15.0843 5280 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:14:15.0843 5280 Dnscache - ok
22:14:15.0921 5280 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:14:15.0937 5280 Dot3svc - ok
22:14:16.0000 5280 dpti2o - ok
22:14:16.0078 5280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:14:16.0078 5280 drmkaud - ok
22:14:16.0109 5280 EagleXNt - ok
22:14:16.0140 5280 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:14:16.0140 5280 EapHost - ok
22:14:16.0203 5280 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:14:16.0203 5280 ERSvc - ok
22:14:16.0390 5280 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:14:16.0406 5280 Eventlog - ok
22:14:16.0515 5280 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:14:16.0531 5280 EventSystem - ok
22:14:16.0703 5280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:14:16.0718 5280 Fastfat - ok
22:14:16.0796 5280 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
22:14:16.0812 5280 fasttx2k - ok
22:14:16.0984 5280 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:14:17.0000 5280 FastUserSwitchingCompatibility - ok
22:14:17.0187 5280 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
22:14:17.0218 5280 Fax - ok
22:14:17.0359 5280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:14:17.0359 5280 Fdc - ok
22:14:17.0421 5280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:14:17.0437 5280 Fips - ok
22:14:17.0484 5280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:14:17.0484 5280 Flpydisk - ok
22:14:17.0546 5280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:14:17.0546 5280 FltMgr - ok
22:14:17.0640 5280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:14:17.0640 5280 Fs_Rec - ok
22:14:17.0671 5280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:14:17.0671 5280 Ftdisk - ok
22:14:17.0750 5280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:14:17.0796 5280 GEARAspiWDM - ok
22:14:18.0062 5280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:14:18.0078 5280 Gpc - ok
22:14:18.0296 5280 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
22:14:18.0296 5280 HdAudAddService - ok
22:14:18.0406 5280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:14:18.0406 5280 HDAudBus - ok
22:14:18.0484 5280 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:14:18.0484 5280 helpsvc - ok
22:14:18.0515 5280 HidServ - ok
22:14:18.0671 5280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:14:18.0671 5280 HidUsb - ok
22:14:19.0171 5280 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:14:19.0234 5280 hkmsvc - ok
22:14:19.0437 5280 hpn - ok
22:14:19.0937 5280 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:14:19.0968 5280 HPZid412 - ok
22:14:20.0312 5280 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:14:20.0328 5280 HPZipr12 - ok
22:14:20.0515 5280 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:14:20.0546 5280 HPZius12 - ok
22:14:20.0734 5280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:14:20.0843 5280 HTTP - ok
22:14:21.0031 5280 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:14:21.0046 5280 HTTPFilter - ok
22:14:21.0156 5280 i2omgmt - ok
22:14:21.0484 5280 i2omp - ok
22:14:21.0718 5280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:14:21.0718 5280 i8042prt - ok
22:14:22.0625 5280 ialm (7c7560001937dd47fe933de2181227f2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:14:22.0906 5280 ialm - ok
22:14:23.0171 5280 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:14:23.0250 5280 IDriverT - ok
22:14:23.0484 5280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:14:23.0500 5280 Imapi - ok
22:14:23.0750 5280 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:14:23.0750 5280 ImapiService - ok
22:14:24.0593 5280 ini910u - ok
22:14:26.0546 5280 IntcAzAudAddService (44792ccbc7b41b42ec068c6416d17de1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:14:28.0765 5280 IntcAzAudAddService - ok
22:14:30.0171 5280 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:14:30.0203 5280 IntelIde - ok
22:14:30.0453 5280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:14:30.0453 5280 intelppm - ok
22:14:31.0578 5280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:14:31.0609 5280 Ip6Fw - ok
22:14:33.0546 5280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:14:33.0546 5280 IpFilterDriver - ok
22:14:35.0156 5280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:14:35.0218 5280 IpInIp - ok
22:14:38.0171 5280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:14:40.0343 5280 IpNat - ok
22:14:43.0328 5280 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
22:14:44.0296 5280 iPod Service - ok
22:14:45.0203 5280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:14:45.0312 5280 IPSec - ok
22:14:46.0312 5280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:14:46.0312 5280 IRENUM - ok
22:14:47.0062 5280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:14:47.0140 5280 isapnp - ok
22:14:52.0453 5280 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
22:14:52.0484 5280 JavaQuickStarterService - ok
22:14:52.0812 5280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:14:52.0812 5280 Kbdclass - ok
22:14:52.0968 5280 KeyScrambler (1223a8b567ffdb4b8bb5f59e5f033fdb) C:\WINDOWS\system32\drivers\keyscrambler.sys
22:14:53.0000 5280 KeyScrambler - ok
22:14:53.0140 5280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:14:53.0171 5280 kmixer - ok
22:14:53.0406 5280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:14:53.0531 5280 KSecDD - ok
22:14:53.0906 5280 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:14:53.0906 5280 lanmanserver - ok
22:14:54.0359 5280 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:14:54.0375 5280 lanmanworkstation - ok
22:14:54.0546 5280 lbrtfdc - ok
22:14:54.0687 5280 LightScribeService (9bd7add61b031307dd075e5e6a917c4d) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:14:54.0703 5280 LightScribeService - ok
22:14:55.0437 5280 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:14:55.0453 5280 LmHosts - ok
22:14:55.0687 5280 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:14:55.0734 5280 MDM - ok
22:14:58.0015 5280 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:14:58.0031 5280 Messenger - ok
22:14:58.0328 5280 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
22:14:58.0328 5280 MHN - ok
22:14:58.0578 5280 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:14:58.0640 5280 MHNDRV - ok
22:14:58.0906 5280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:14:58.0937 5280 mnmdd - ok
22:15:00.0250 5280 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:15:00.0265 5280 mnmsrvc - ok
22:15:00.0656 5280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:15:00.0703 5280 Modem - ok
22:15:01.0593 5280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:15:01.0593 5280 Mouclass - ok
22:15:01.0843 5280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:15:01.0859 5280 mouhid - ok
22:15:02.0250 5280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:15:02.0265 5280 MountMgr - ok
22:15:02.0453 5280 mraid35x - ok
22:15:02.0656 5280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:15:02.0671 5280 MRxDAV - ok
22:15:02.0875 5280 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:15:03.0078 5280 MRxSmb - ok
22:15:03.0625 5280 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:15:03.0625 5280 MSDTC - ok
22:15:03.0796 5280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:15:03.0796 5280 Msfs - ok
22:15:03.0921 5280 MSIServer - ok
22:15:04.0062 5280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:15:04.0078 5280 MSKSSRV - ok
22:15:04.0578 5280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:15:04.0578 5280 MSPCLOCK - ok
22:15:04.0828 5280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:15:04.0843 5280 MSPQM - ok
22:15:05.0000 5280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:15:05.0000 5280 mssmbios - ok
22:15:05.0062 5280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:15:05.0187 5280 Mup - ok
22:15:05.0703 5280 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:15:05.0718 5280 napagent - ok
22:15:06.0812 5280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:15:06.0812 5280 NDIS - ok
22:15:07.0375 5280 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:15:07.0390 5280 NdisTapi - ok
22:15:08.0000 5280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:15:08.0140 5280 Ndisuio - ok
22:15:09.0453 5280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:15:09.0500 5280 NdisWan - ok
22:15:10.0015 5280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:15:11.0843 5280 NDProxy - ok
22:15:12.0718 5280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:15:12.0734 5280 NetBIOS - ok
22:15:13.0109 5280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:15:13.0156 5280 NetBT - ok
22:15:13.0500 5280 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:15:13.0515 5280 NetDDE - ok
22:15:13.0515 5280 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:15:13.0531 5280 NetDDEdsdm - ok
22:15:13.0718 5280 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:15:13.0734 5280 Netlogon - ok
22:15:13.0890 5280 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:15:13.0937 5280 Netman - ok
22:15:14.0140 5280 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:15:14.0140 5280 NIC1394 - ok
22:15:14.0203 5280 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:15:14.0218 5280 Nla - ok
22:15:14.0390 5280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:15:14.0437 5280 Npfs - ok
22:15:14.0937 5280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:15:15.0546 5280 Ntfs - ok
22:15:15.0812 5280 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:15:15.0828 5280 NtLmSsp - ok
22:15:16.0375 5280 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:15:16.0437 5280 NtmsSvc - ok
22:15:16.0937 5280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:15:16.0953 5280 Null - ok
22:15:18.0140 5280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:15:18.0406 5280 NwlnkFlt - ok
22:15:19.0390 5280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:15:19.0390 5280 NwlnkFwd - ok
22:15:19.0500 5280 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:15:19.0515 5280 ohci1394 - ok
22:15:19.0656 5280 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:15:19.0671 5280 ose - ok
22:15:19.0796 5280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:15:19.0796 5280 Parport - ok
22:15:19.0828 5280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:15:19.0828 5280 PartMgr - ok
22:15:19.0906 5280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:15:19.0906 5280 ParVdm - ok
22:15:19.0953 5280 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
22:15:19.0968 5280 PcdrNdisuio - ok
22:15:19.0984 5280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:15:19.0984 5280 PCI - ok
22:15:20.0015 5280 PCIDump - ok
22:15:20.0109 5280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:15:20.0109 5280 PCIIde - ok
22:15:20.0156 5280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:15:20.0156 5280 Pcmcia - ok
22:15:20.0187 5280 PDCOMP - ok
22:15:20.0203 5280 PDFRAME - ok
22:15:20.0218 5280 PDRELI - ok
22:15:20.0250 5280 PDRFRAME - ok
22:15:20.0265 5280 perc2 - ok
22:15:20.0296 5280 perc2hib - ok
22:15:20.0359 5280 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:15:20.0375 5280 PlugPlay - ok
22:15:20.0437 5280 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
22:15:20.0500 5280 Pml Driver HPZ12 - ok
22:15:20.0546 5280 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:15:20.0546 5280 PolicyAgent - ok
22:15:20.0593 5280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:15:20.0593 5280 PptpMiniport - ok
22:15:20.0609 5280 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:15:20.0609 5280 ProtectedStorage - ok
22:15:20.0671 5280 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
22:15:20.0703 5280 Ps2 - ok
22:15:20.0750 5280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:15:20.0750 5280 PSched - ok
22:15:20.0796 5280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:15:20.0796 5280 Ptilink - ok
22:15:20.0843 5280 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:15:20.0843 5280 PxHelp20 - ok
22:15:20.0875 5280 ql1080 - ok
22:15:20.0906 5280 Ql10wnt - ok
22:15:20.0953 5280 ql12160 - ok
22:15:20.0968 5280 ql1240 - ok
22:15:20.0984 5280 ql1280 - ok
22:15:21.0031 5280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:15:21.0031 5280 RasAcd - ok
22:15:21.0109 5280 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:15:21.0109 5280 RasAuto - ok
22:15:21.0187 5280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:15:21.0218 5280 Rasl2tp - ok
22:15:21.0281 5280 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:15:21.0281 5280 RasMan - ok
22:15:21.0453 5280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:15:21.0468 5280 RasPppoe - ok
22:15:21.0578 5280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:15:21.0593 5280 Raspti - ok
22:15:21.0640 5280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:15:21.0687 5280 Rdbss - ok
22:15:21.0750 5280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:15:21.0750 5280 RDPCDD - ok
22:15:21.0796 5280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:15:21.0796 5280 rdpdr - ok
22:15:21.0875 5280 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:15:21.0890 5280 RDPWD - ok
22:15:22.0203 5280 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:15:22.0218 5280 RDSessMgr - ok
22:15:22.0281 5280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:15:22.0296 5280 redbook - ok
22:15:22.0359 5280 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:15:22.0375 5280 RemoteAccess - ok
22:15:22.0437 5280 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:15:22.0453 5280 RemoteRegistry - ok
22:15:22.0515 5280 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:15:22.0531 5280 RpcLocator - ok
22:15:22.0609 5280 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:15:22.0625 5280 RpcSs - ok
22:15:22.0703 5280 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:15:22.0734 5280 RSVP - ok
22:15:22.0843 5280 RTL8023xp (1a2a445e8968b2019e75e08f3a1344fc) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
22:15:22.0843 5280 RTL8023xp - ok
22:15:22.0875 5280 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:15:22.0890 5280 rtl8139 - ok
22:15:22.0937 5280 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:15:22.0937 5280 SamSs - ok
22:15:23.0531 5280 SASDIFSV (39763504067962108505bff25f024345) C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
22:15:23.0562 5280 SASDIFSV - ok
22:15:23.0640 5280 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
22:15:23.0656 5280 SASKUTIL - ok
22:15:23.0843 5280 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:15:23.0859 5280 SCardSvr - ok
22:15:23.0937 5280 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:15:23.0953 5280 Schedule - ok
22:15:24.0031 5280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:15:24.0046 5280 Secdrv - ok
22:15:24.0109 5280 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:15:24.0109 5280 seclogon - ok
22:15:24.0125 5280 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:15:24.0140 5280 SENS - ok
22:15:24.0171 5280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:15:24.0250 5280 Serial - ok
22:15:24.0312 5280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:15:24.0312 5280 Sfloppy - ok
22:15:24.0359 5280 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:15:24.0359 5280 SharedAccess - ok
22:15:24.0437 5280 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:15:24.0453 5280 ShellHWDetection - ok
22:15:24.0531 5280 Simbad - ok
22:15:24.0546 5280 Sparrow - ok
22:15:24.0593 5280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:15:24.0640 5280 splitter - ok
22:15:24.0671 5280 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:15:24.0687 5280 Spooler - ok
22:15:24.0781 5280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:15:24.0890 5280 sr - ok
22:15:25.0125 5280 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:15:25.0140 5280 srservice - ok
22:15:25.0390 5280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:15:25.0390 5280 Srv - ok
22:15:25.0531 5280 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:15:25.0546 5280 SSDPSRV - ok
22:15:25.0671 5280 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:15:25.0687 5280 stisvc - ok
22:15:25.0796 5280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:15:25.0828 5280 swenum - ok
22:15:25.0859 5280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:15:25.0859 5280 swmidi - ok
22:15:25.0921 5280 SwPrv - ok
22:15:25.0937 5280 symc810 - ok
22:15:25.0968 5280 symc8xx - ok
22:15:26.0015 5280 sym_hi - ok
22:15:26.0062 5280 sym_u3 - ok
22:15:26.0203 5280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:15:26.0203 5280 sysaudio - ok
22:15:26.0312 5280 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:15:26.0328 5280 SysmonLog - ok
22:15:26.0437 5280 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:15:26.0453 5280 TapiSrv - ok
22:15:26.0593 5280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:15:26.0609 5280 Tcpip - ok
22:15:26.0671 5280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:15:26.0687 5280 TDPIPE - ok
22:15:26.0765 5280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:15:26.0781 5280 TDTCP - ok
22:15:27.0046 5280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:15:27.0062 5280 TermDD - ok
22:15:27.0703 5280 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:15:27.0718 5280 TermService - ok
22:15:28.0421 5280 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:15:28.0421 5280 Themes - ok
22:15:28.0640 5280 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:15:28.0640 5280 TlntSvr - ok
22:15:29.0078 5280 TosIde - ok
22:15:29.0375 5280 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:15:29.0437 5280 TrkWks - ok
22:15:30.0453 5280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:15:30.0453 5280 Udfs - ok
22:15:30.0609 5280 ultra - ok
22:15:30.0671 5280 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) C:\WINDOWS\system32\wdfmgr.exe
22:15:30.0671 5280 UMWdf - ok
22:15:30.0890 5280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:15:30.0906 5280 Update - ok
22:15:31.0140 5280 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:15:31.0156 5280 upnphost - ok
22:15:31.0296 5280 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:15:31.0296 5280 UPS - ok
22:15:31.0609 5280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:15:31.0609 5280 usbccgp - ok
22:15:33.0703 5280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:15:33.0703 5280 usbehci - ok
22:15:34.0718 5280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:15:34.0765 5280 usbhub - ok
22:15:37.0640 5280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:15:39.0859 5280 usbprint - ok
22:15:40.0921 5280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:15:40.0968 5280 usbscan - ok
22:15:41.0031 5280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:15:41.0031 5280 USBSTOR - ok
22:15:41.0046 5280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:15:41.0046 5280 usbuhci - ok
22:15:41.0078 5280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:15:41.0078 5280 VgaSave - ok
22:15:41.0125 5280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:15:41.0125 5280 ViaIde - ok
22:15:41.0171 5280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:15:41.0171 5280 VolSnap - ok
22:15:41.0234 5280 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:15:41.0250 5280 VSS - ok
22:15:41.0437 5280 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:15:41.0437 5280 W32Time - ok
22:15:41.0515 5280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:15:41.0515 5280 Wanarp - ok
22:15:41.0562 5280 WDICA - ok
22:15:41.0593 5280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:15:41.0609 5280 wdmaud - ok
22:15:41.0656 5280 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:15:41.0656 5280 WebClient - ok
22:15:41.0734 5280 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:15:41.0734 5280 winmgmt - ok
22:15:41.0796 5280 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) C:\WINDOWS\system32\mspmsnsv.dll
22:15:41.0812 5280 WmdmPmSN - ok
22:15:41.0984 5280 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:15:42.0031 5280 Wmi - ok
22:15:42.0093 5280 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:15:42.0093 5280 WmiApSrv - ok
22:15:42.0296 5280 WpdUsb (d87ea9f191df6731818ffd93659badf4) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:15:42.0296 5280 WpdUsb - ok
22:15:42.0390 5280 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:15:42.0453 5280 wscsvc - ok
22:15:42.0484 5280 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:15:42.0515 5280 wuauserv - ok
22:15:42.0656 5280 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:15:42.0671 5280 WZCSVC - ok
22:15:42.0750 5280 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:15:42.0765 5280 xmlprov - ok
22:15:42.0828 5280 MBR (0x1B8) (f11278f48fcd5bcd817ce7d82d98cf15) \Device\Harddisk0\DR0
22:15:42.0843 5280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:15:42.0843 5280 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:15:42.0875 5280 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:15:42.0875 5280 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:15:42.0937 5280 Boot (0x1200) (52bc3291965972e8a28c49ac35e03ba9) \Device\Harddisk0\DR0\Partition0
22:15:42.0937 5280 \Device\Harddisk0\DR0\Partition0 - ok
22:15:42.0953 5280 Boot (0x1200) (8a3a8eb0f69cf9ff44c33169dd111625) \Device\Harddisk0\DR0\Partition1
22:15:42.0968 5280 \Device\Harddisk0\DR0\Partition1 - ok
22:15:42.0968 5280 ============================================================
22:15:42.0968 5280 Scan finished
22:15:42.0968 5280 ============================================================
22:15:43.0015 5424 Detected object count: 2
22:15:43.0015 5424 Actual detected object count: 2
22:16:40.0875 5424 \Device\Harddisk0\DR0\# - copied to quarantine
22:16:40.0875 5424 \Device\Harddisk0\DR0 - copied to quarantine
22:16:41.0468 5424 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:16:42.0687 5424 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:16:43.0625 5424 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:16:43.0921 5424 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:16:43.0968 5424 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:16:43.0968 5424 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:16:44.0000 5424 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:16:44.0000 5424 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:16:44.0000 5424 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:16:44.0015 5424 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:16:44.0015 5424 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:16:44.0062 5424 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:16:44.0109 5424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:16:44.0109 5424 \Device\Harddisk0\DR0 - ok
22:16:44.0218 5424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:16:44.0218 5424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:16:44.0218 5424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 06 April 2012 - 09:30 PM

OK that was a real good remaoval between eSEt and TDSS.. let do thes and hope we got it all/

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.



Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 AM

Posted 06 April 2012 - 09:40 PM

My computer is running way faster for now. :)

I'll run the scans first thing in the morning.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 06 April 2012 - 09:50 PM

Cool.. I'll look back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 AM

Posted 07 April 2012 - 11:35 AM

When I first turned on up my computer today, svchost.exe goes up to 300K and then drops to 30k-50k and stays there, same goes for wuacult.exe. Not sure if this is normal but it doesn't seem to happen again after a few more reboots. svchost stays around 22k.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2012 at 12:12 PM

Application Version : 5.0.1146

Core Rules Database Version : 8424
Trace Rules Database Version: 6236

Scan type : Complete Scan
Total Scan Time : 01:56:15

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 520
Memory threats detected : 0
Registry items scanned : 35110
Registry threats detected : 0
File items scanned : 59196
File threats detected : 201

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\U9DHE4OV.txt [ /apmebf.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\041EPO0R.txt [ /questionmarket.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\OROD9W4U.txt [ /ads.lycos.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\0V6MC1V6.txt [ /casalemedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\GPREU16N.txt [ /burstnet.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\GLPL28Q8.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\HRR3BGUW.txt [ /adbrite.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\RIRY83PP.txt [ /serving-sys.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\G6BDQ38C.txt [ /ads.pointroll.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\5SXYKEWN.txt [ /statcounter.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\HFRY5U8M.txt [ /kontera.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\H8LC5G9H.txt [ /www.pixeltrack66.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\HADCY4YA.txt [ /adxpose.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\P0AWC8VX.txt [ /pro-market.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\MRSR223C.txt [ /insightexpressai.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\074AGJF8.txt [ /serving-sys.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\PCTZJKU5.txt [ /www.burstbeacon.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\UY5CR9HN.txt [ /burstnet.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\B2K2YFV9.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\DV9WUDW0.txt [ /interclick.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\0LOLSSMU.txt [ /adbrite.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\5DVA7IPJ.txt [ /atdmt.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\AF9Y3PSI.txt [ /ads.al.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\AY3RLHTX.txt [ /ru4.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\31X0E226.txt [ /doubleclick.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\P91KJ3EP.txt [ /beatthetraffic.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\56RHZF0N.txt [ /atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\QNH8I4RR.txt [ /tribalfusion.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\H6RLQIBJ.txt [ /revsci.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\3FURCEKL.txt [ /estat.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\XZSTFB8B.txt [ /intermundomedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\QA4YU42J.txt [ /doubleclick.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\VZ3TNRY8.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\562A8K7H.txt [ /ads.intergi.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\90O4K0Q9.txt [ /lfstmedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\V7J8FN8R.txt [ /trafficmp.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\7CCGWAXD.txt [ /specificclick.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\9UWI8GVV.txt [ /content2.kitnmedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\32R1A6XC.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\MTA089LM.txt [ /accounts.youtube.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\UYMZR1I1.txt [ /myroitracking.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\TENTTA5O.txt [ /invitemedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\HG1N56VL.txt [ /eyewonder.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\59WM81WJ.txt [ /azjmp.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\S7CEO03K.txt [ /avgtechnologies.112.2o7.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\TSXQEG0B.txt [ /verizontelecom.112.2o7.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\IOH333C4.txt [ /accounts.google.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\SVQU5E99.txt [ /akamai.interclickproxy.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\0AVDXO81.txt [ /lfscpttracking.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\0XXJEFJG.txt [ /ads.nj.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\XC76ZV71.txt [ /affiliate.utatracker.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\U5HSPGMA.txt [ /ar.atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\PP6VDKD8.txt [ /imrworldwide.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\9NK7POSM.txt [ /media6degrees.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\DQXIHI65.txt [ /www.burstnet.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\8AH7PLX5.txt [ /www.burstbeacon.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\0KIMHLI2.txt [ /serving-sys.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\I07ZBT40.txt [ /adtech.de ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\DBK7XU26.txt [ /mediaplex.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\GMCY8YSY.txt [ /casalemedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\L22A0EUL.txt [ /adbrite.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\T5U9PGAK.txt [ /ads.undertone.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\P1PRULKS.txt [ /overture.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\QQ2VM37U.txt [ /burstbeacon.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\I979MKA6.txt [ /advertising.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\TOIY4CHH.txt [ /ad.360yield.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\NOI00XBZ.txt [ /ar.atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\8W3X7WSQ.txt [ /cdn.at.atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\2JZ3935E.txt [ /adinterax.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\9A3VA7II.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\786XRLQM.txt [ /zedo.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\V1DKPRK1.txt [ /clickztrax.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\KCTET7B9.txt [ /www.burstnet.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\TVGQBUJ6.txt [ /adxpose.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\5I5ZP5Y3.txt [ /cdn.at.atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\93WIWJGK.txt [ /cdn.at.atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\CPXYNUCE.txt [ /questionmarket.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\YZKWLORH.txt [ /at.atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\8ZOCLPIT.txt [ /yieldmanager.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\U14BOFY6.txt [ /media2.legacy.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\ZDMFNL6J.txt [ /content.yieldmanager.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\ZTWRPALJ.txt [ /atdmt.combing.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\WTFMO9EY.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\E0AICCOQ.txt [ /a1.interclick.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\OHYLJHEH.txt [ /www.burstnet.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\0BFVZF4P.txt [ /casalemedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\TKX9LRLU.txt [ /ads.undertone.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\C85ROVQG.txt [ /yieldmanager.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\RNBV6B8O.txt [ /questionmarket.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\12OJA7JH.txt [ /ad2.adfarm1.adition.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\LUHF22ZT.txt [ /ads.saymedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\9ORLDSQ0.txt [ /tracking.revimedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\VAMDFU8P.txt [ /www.burstnet.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\V31E65IY.txt [ /adbrite.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\ZS2WPNKV.txt [ /pointroll.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\3SYZ6UGF.txt [ /legolas-media.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\SOUTQL60.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\8HKVPP61.txt [ /realmedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\A1NIGCM6.txt [ /interclick.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\C967FGBM.txt [ /media6degrees.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\41JX95OF.txt [ /www.googleadservices.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\VDU85N8K.txt [ /questionmarket.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\TR4SACY8.txt [ /ads.nola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\LS666DOE.txt [ /kanoodle.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\NS47QEEM.txt [ /media.adfrontiers.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\1XOOQOWN.txt [ /traveladvertising.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\XUU5UW88.txt [ /atdmt.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\RRS4G2SY.txt [ /coolsavings.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\106FXI8F.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\QJR23MBE.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\27RH5A6W.txt [ /solvemedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\K53E9UQE.txt [ /ads.masslive.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\6LH8EXIC.txt [ /ads.cleveland.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\JJ1W3217.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\H7G6OQKE.txt [ /clients.pointroll.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\5UAXWI26.txt [ /mm.chitika.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\MNVA7TFG.txt [ /a1.interclick.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\B01057AS.txt [ /ads.pennlive.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\6B6G7N08.txt [ /gr.burstnet.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\NLP04D6U.txt [ /ehg-verizon.hitbox.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\EK2IMINY.txt [ /xiti.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\KRG75EP1.txt [ /247realmedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\U5C3S5DJ.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\P2BEUL9V.txt [ /tribalfusion.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\72AUW17J.txt [ /clickfuse.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\3789L3XZ.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\CXIWKJCY.txt [ /hitbox.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\1GPRNPAB.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\IQ09AUXP.txt [ /efeducationfirst.112.2o7.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\FP4Q1L5Q.txt [ /invitemedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\JN4TL2HN.txt [ /atwola.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\HMRX71JK.txt [ /burstnet.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\G93GNBNB.txt [ /ad2.adfarm1.adition.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\L21V4BVV.txt [ /advertising.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\RCPPBZPR.txt [ /2o7.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\HBTIOUTC.txt [ /content.yieldmanager.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\PQNBE70S.txt [ /twctsg.122.2o7.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\XO1M81UR.txt [ /ad.wsod.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\7UJM8JHA.txt [ /www.googleadservices.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\AO9W06QG.txt [ /survey.g.doubleclick.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\9W84S5K5.txt [ /ads.justlanded.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\VJ4U2QCT.txt [ /fastclick.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\AD1QJDA9.txt [ /lucidmedia.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\SSQ4HNVS.txt [ /yadro.ru ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\R81N0CRS.txt [ /nextag.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\KW4L5QEO.txt [ /www.googleadservices.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\HR5IRQF3.txt [ /ads.collegeconfidential.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\MDPXOTYB.txt [ /www.googleadservices.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\JA1MQI0X.txt [ /googleads.g.doubleclick.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\3YAGFIXL.txt [ /ads.alliancehealth.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\BT3HG7QD.txt [ /collective-media.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\CZP63SWG.txt [ /doubleclick.net ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\A341GVSN.txt [ /clicksor.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\UPPCP38S.txt [ /ads.oregonlive.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\86KM5BQ7.txt [ /ads.mlive.com ]
C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Cookies\3EUMR1JQ.txt [ /clickbooth.com ]
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.YOUR-55E5F9E3D2\Cookies\791TQW9H.txt [ Cookie:hp_administrator@aastocks.com/ad/banner/image/ ]
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.YOUR-55E5F9E3D2\Cookies\L741Y3AS.txt [ Cookie:hp_administrator@verizon.com/foryourhome/myaccount/ ]
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.YOUR-55E5F9E3D2\Cookies\D26Q4V0V.txt [ Cookie:hp_administrator@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.YOUR-55E5F9E3D2\Cookies\VG3ZDVNV.txt [ Cookie:hp_administrator@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5IYB5KDI.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\R0YQY552.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8GASBT1H.txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DQDR9KP2.txt [ Cookie:system@stat.onestat.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YI3WBSB5.txt [ Cookie:system@s2.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XJTR01OS.txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WBRU1PEX.txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IOADYJZ8.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LIBDXA2I.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1J1VG33G.txt [ Cookie:system@rotator.adjuggler.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EARRUJRS.txt [ Cookie:system@s1.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\S26PCZ0D.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\10GHYCRQ.txt [ Cookie:system@eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JGQ8QT9N.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UXZWQZLR.txt [ Cookie:system@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5OWF5N22.txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EOILF0HN.txt [ Cookie:system@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZEXBUZSS.txt [ Cookie:system@search.eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8YCZ58Y1.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ERWHI9MX.txt [ Cookie:system@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZE2FS1T3.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\712WC8A7.txt [ Cookie:system@aim4media.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZPE0QUZH.txt [ Cookie:system@www.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8GZNJ2R0.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9F49IN15.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZSJKNZLD.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AXWSSOYQ.txt [ Cookie:system@ox-d.fondnessmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1BOMKD3V.txt [ Cookie:system@crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4J2YBJ3Q.txt [ Cookie:system@ox-d.adservermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3M7VCMSJ.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KDJPM78N.txt [ Cookie:system@t.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BDA8MGD6.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K2OIMBPW.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1J2P5OVE.txt [ Cookie:system@server.cpmstar.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\29B62O8L.txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0ECSXFP2.txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RPXNN80L.txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JSPMIVLY.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NTBPLPCN.txt [ Cookie:system@www.crackle.com/shows/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\A71240AQ.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SM9S012Q.txt [ Cookie:system@perfind.net/ ]









Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: YOUR-55E5F9E3D2 [administrator]

4/7/2012 12:39:44 PM
mbam-log-2012-04-07 (12-39-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230952
Time elapsed: 12 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Fruit, 07 April 2012 - 11:56 AM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 07 April 2012 - 04:42 PM

Please run these to see if there are oher rootkits.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


This one is a bit longer

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 AM

Posted 07 April 2012 - 05:10 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 17:49:56
-----------------------------
17:49:56.843 OS Version: Windows 5.1.2600 Service Pack 3
17:49:56.843 Number of processors: 2 586 0x403
17:49:56.843 ComputerName: YOUR-55E5F9E3D2 UserName:
17:49:59.234 Initialize success
17:57:47.859 AVAST engine defs: 12040701
17:58:24.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
17:58:24.437 Disk 0 Vendor: WDC_WD2500JD-22HBC0 08.02D08 Size: 238475MB BusType: 3
17:58:24.453 Disk 0 MBR read successfully
17:58:24.453 Disk 0 MBR scan
17:58:24.500 Disk 0 unknown MBR code
17:58:24.515 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 8202 MB offset 63
17:58:24.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230262 MB offset 16798320
17:58:24.531 Disk 0 scanning sectors +488376000
17:58:24.625 Disk 0 scanning C:\WINDOWS\system32\drivers
17:58:35.765 Service scanning
17:58:50.515 Modules scanning
17:58:55.703 Disk 0 trace - called modules:
17:58:55.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
17:58:55.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d4bab8]
17:58:55.734 3 CLASSPNP.SYS[f7548fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86d53b00]
17:58:56.265 AVAST engine scan C:\WINDOWS
17:59:23.375 AVAST engine scan C:\WINDOWS\system32
18:02:43.546 AVAST engine scan C:\WINDOWS\system32\drivers
18:03:03.156 AVAST engine scan C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
18:07:21.796 AVAST engine scan C:\Documents and Settings\All Users
18:08:37.328 Scan finished successfully
18:09:20.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\MBR.dat"
18:09:20.890 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\aswMBR.txt"

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 07 April 2012 - 06:22 PM

GMER still running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users