Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Eats Up >1GB Memory


  • Please log in to reply
5 replies to this topic

#1 YoungBarrels

YoungBarrels

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 02 July 2012 - 07:24 AM

A single IE page open will start by using about 100K, but grows indefinitely with time. I have seen a single instance use up to 1.5 GB. I'm not sure if I have a virus or if I just need to adjust my IE settings or something. My processor is weak, but I really dont think it should be this slow.

Sometimes when I close all of my IE pages down the windows will close but they will still be using up memory in my task manager. I have to "end process" from there.

Also, I don't know if it is related but I have recently been getting pop-ups on almost every page telling me that there is a coupon for whatever page I'm on.

I have tried to scan for viruses/spyware/malware, but nothing showed up. I scanned with the following:
AVG Free
Spybot Search & Destroy
Malwarebytes Antimalware

Any help on this topic would be much appreciated.

XP Sp3
AMD Athlon 64 X2 Dual Core 3800+
3GB RAM

Edited by hamluis, 02 July 2012 - 06:53 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 PM

Posted 02 July 2012 - 07:04 PM

Hello YoungBarrels and welcome.

Let's look at some other things.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


NEXT>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


Another type of Rootkit look.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 03 July 2012 - 07:01 PM

Hello! Thank you for helping me out with this issue. I have been getting very frustrated with it. I'll try to follow you directions the best I can.




MiniToolBox by Farbar Version: 25-06-2012
Ran by HP_Administrator (administrator) on 03-07-2012 at 06:15:47
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com

There are 15261 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Jake

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.in.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.in.comcast.net.

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-18-F3-6E-A4-06

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Tuesday, July 03, 2012 6:00:35 AM

Lease Expires . . . . . . . . . . : Tuesday, July 10, 2012 6:00:35 AM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.225.131, 74.125.225.133, 74.125.225.128, 74.125.225.137
74.125.225.129, 74.125.225.132, 74.125.225.136, 74.125.225.130, 74.125.225.134
74.125.225.135, 74.125.225.142



Pinging google.com [74.125.225.142] with 32 bytes of data:



Reply from 74.125.225.142: bytes=32 time=10ms TTL=55

Reply from 74.125.225.142: bytes=32 time=10ms TTL=55



Ping statistics for 74.125.225.142:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 10ms, Average = 10ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=46ms TTL=51

Reply from 98.139.183.24: bytes=32 time=139ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 139ms, Average = 92ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 6e a4 06 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/23/2012 06:08:15 AM) (Source: Application Error) (User: )
Description: Faulting application installflashplayer.exe, version 11.3.300.257, faulting module unknown, version 0.0.0.0, fault address 0x10012200.
Processing media-specific event for [installflashplayer.exe!ws!]

Error: (06/14/2012 03:35:43 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/18/2012 08:18:29 AM) (Source: MsiInstaller) (User: JAKE)JAKE
Description: Product: HP Product Detection -- Error 1905.Module C:\Program Files\HP\Common\HPDeviceDetection.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error: (05/08/2012 07:35:28 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/05/2012 04:33:01 AM) (Source: Application Error) (User: )
Description: Faulting application hoi3game.exe, version 0.0.0.0, faulting module hoi3game.exe, version 0.0.0.0, fault address 0x003cacc5.
Processing media-specific event for [hoi3game.exe!ws!]

Error: (05/05/2012 04:13:49 AM) (Source: Application Error) (User: )
Description: Faulting application hoi3game.exe, version 0.0.0.0, faulting module hoi3game.exe, version 0.0.0.0, fault address 0x003cacd2.
Processing media-specific event for [hoi3game.exe!ws!]

Error: (05/05/2012 04:12:20 AM) (Source: Application Error) (User: )
Description: Faulting application hoi3game.exe, version 0.0.0.0, faulting module hoi3game.exe, version 0.0.0.0, fault address 0x005ae694.
Processing media-specific event for [hoi3game.exe!ws!]

Error: (04/20/2012 07:16:14 AM) (Source: Application Error) (User: )
Description: Faulting application installflashplayer.exe, version 11.2.202.233, faulting module unknown, version 0.0.0.0, fault address 0x10010efc.
Processing media-specific event for [installflashplayer.exe!ws!]

Error: (04/13/2012 10:37:33 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (04/13/2012 10:35:31 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (07/03/2012 06:01:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2

Error: (07/03/2012 06:01:28 AM) (Source: Service Control Manager) (User: )
Description: The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (07/02/2012 10:34:56 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.

Error: (07/02/2012 03:55:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2

Error: (07/02/2012 03:55:42 PM) (Source: Service Control Manager) (User: )
Description: The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (07/02/2012 06:01:24 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2

Error: (07/02/2012 06:01:12 AM) (Source: Service Control Manager) (User: )
Description: The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (07/01/2012 09:23:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2

Error: (07/01/2012 09:23:47 AM) (Source: Service Control Manager) (User: )
Description: The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (07/01/2012 09:22:55 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.101 for the Network Card with network address 0018F36EA406 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (06/23/2012 06:08:15 AM) (Source: Application Error)(User: )
Description: installflashplayer.exe11.3.300.257unknown0.0.0.010012200

Error: (06/14/2012 03:35:43 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/18/2012 08:18:29 AM) (Source: MsiInstaller)(User: JAKE)JAKE
Description: Product: HP Product Detection -- Error 1905.Module C:\Program Files\HP\Common\HPDeviceDetection.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.(NULL)(NULL)(NULL)

Error: (05/08/2012 07:35:28 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (05/05/2012 04:33:01 AM) (Source: Application Error)(User: )
Description: hoi3game.exe0.0.0.0hoi3game.exe0.0.0.0003cacc5

Error: (05/05/2012 04:13:49 AM) (Source: Application Error)(User: )
Description: hoi3game.exe0.0.0.0hoi3game.exe0.0.0.0003cacd2

Error: (05/05/2012 04:12:20 AM) (Source: Application Error)(User: )
Description: hoi3game.exe0.0.0.0hoi3game.exe0.0.0.0005ae694

Error: (04/20/2012 07:16:14 AM) (Source: Application Error)(User: )
Description: installflashplayer.exe11.2.202.233unknown0.0.0.010010efc

Error: (04/13/2012 10:37:33 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (04/13/2012 10:35:31 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


=========================== Installed Programs ============================

µTorrent (Version: 1.8.3)
7-Zip 4.57
Adobe AIR (Version: 3.1.0.4880)
Adobe Audition CS5.5 (Version: 4.0)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.3)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11 (Version: 11)
AGEIA PhysX v6.10.25 (Version: 6.10.25)
Akamai NetSession Interface
ArcSoft PhotoImpression 6 (Version: 6)
ArcSoft Software Suite
AVG 2012 (Version: 12.0.2178)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2178)
AVG PC Tuneup 2011
CCleaner (Version: 3.12)
CheckIt Diagnostics (Version: 7.1)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
D1300_Help (Version: 70.0.185.000)
Data Fax SoftModem with SmartCP
Destinations (Version: 70.0.170.000)
Doomsday
Enhanced Multimedia Keyboard Solution
eSupportQFolder (Version: 1.00.0000)
Europa Universalis III
ffdshow [rev 2867] [2009-04-07] (Version: 1.0)
Google Update Helper (Version: 1.3.21.111)
Hearts of Iron III
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Boot Optimizer (Version: 3.0.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 11.14.0001)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.003.001.001)
HP Web Helper
hph_readme (Version: 70.0.185.000)
hph_software_req (Version: 70.0.185.000)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
Intel A/V Codecs V2.0
Internet Explorer (Enable DEP)
IsoBuster 2.0 (Version: 2.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
LightScribe 1.4.105.1 (Version: 1.4.105.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Monopoly by Parker Brothers (Version: 1.0.406.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
muvee autoProducer 5.0 (Version: 5.00.050)
muvee autoProducer unPlugged 2.0 (Version: 2.0.0)
Nero 7 Ultra Edition (Version: 7.02.4712)
Nimo Codecs Pack v4.33 (Remove Only)
NVIDIA Drivers
PowerISO
Project64 1.6 (Version: 1.6)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
QuickTime
Realtek High Definition Audio Driver
Rise of Nations (Version: 1.0)
ScummVM 1.4.1
Sid Meier's Civilization 4 (Version: 1.00.0000)
Sid Meier's Civilization 4 (Version: 1.74)
SolutionCenter (Version: 70.0.170.000)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
SpywareGuard v2.2 (Version: 2.2)
Status (Version: 70.0.170.000)
The Game Of Life
The Weather Channel App
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Updates from HP (remove only)
VivTV
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Westwood Shared Internet Components
Winamp (remove only)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Xbox 360 Controller for Windows
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 3.3

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3006.48 MB
Available physical RAM: 2287.34 MB
Total Pagefile: 4286.11 MB
Available Pagefile: 3572.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.3 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:224.04 GB) (Free:121.32 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.82 GB) (Free:0.59 GB) FAT32

========================= Users: ========================================

User accounts for \\JAKE

Administrator ASPNET Guest
HelpAssistant HP_Administrator SUPPORT_388945a0
SUPPORT_fddfa904


**** End of log ****



06:26:15.0062 1584 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
06:26:15.0312 1584 ============================================================
06:26:15.0312 1584 Current date / time: 2012/07/03 06:26:15.0312
06:26:15.0312 1584 SystemInfo:
06:26:15.0312 1584
06:26:15.0312 1584 OS Version: 5.1.2600 ServicePack: 3.0
06:26:15.0312 1584 Product type: Workstation
06:26:15.0312 1584 ComputerName: JAKE
06:26:15.0312 1584 UserName: HP_Administrator
06:26:15.0312 1584 Windows directory: C:\WINDOWS
06:26:15.0312 1584 System windows directory: C:\WINDOWS
06:26:15.0312 1584 Processor architecture: Intel x86
06:26:15.0312 1584 Number of processors: 2
06:26:15.0312 1584 Page size: 0x1000
06:26:15.0312 1584 Boot type: Normal boot
06:26:15.0312 1584 ============================================================
06:26:16.0875 1584 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:26:16.0937 1584 ============================================================
06:26:16.0937 1584 \Device\Harddisk0\DR0:
06:26:16.0937 1584 MBR partitions:
06:26:16.0937 1584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C01247F
06:26:16.0937 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C01637F, BlocksNum 0x11AE202
06:26:16.0937 1584 ============================================================
06:26:17.0015 1584 C: <-> \Device\Harddisk0\DR0\Partition0
06:26:17.0031 1584 D: <-> \Device\Harddisk0\DR0\Partition1
06:26:17.0031 1584 ============================================================
06:26:17.0031 1584 Initialize success
06:26:17.0031 1584 ============================================================
06:26:31.0562 3256 ============================================================
06:26:31.0562 3256 Scan started
06:26:31.0562 3256 Mode: Manual; TDLFS;
06:26:31.0562 3256 ============================================================
06:26:31.0812 3256 aajqm8.sys - ok
06:26:31.0828 3256 Abiosdsk - ok
06:26:31.0828 3256 abp480n5 - ok
06:26:31.0859 3256 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:26:31.0859 3256 ACPI - ok
06:26:31.0906 3256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:26:31.0906 3256 ACPIEC - ok
06:26:31.0906 3256 adpu160m - ok
06:26:31.0937 3256 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:26:31.0953 3256 aec - ok
06:26:31.0968 3256 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
06:26:31.0984 3256 Afc - ok
06:26:32.0031 3256 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:26:32.0031 3256 AFD - ok
06:26:32.0031 3256 Aha154x - ok
06:26:32.0046 3256 aic78u2 - ok
06:26:32.0046 3256 aic78xx - ok
06:26:32.0296 3256 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
06:26:32.0296 3256 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
06:26:32.0312 3256 Akamai ( HiddenFile.Multi.Generic ) - warning
06:26:32.0312 3256 Akamai - detected HiddenFile.Multi.Generic (1)
06:26:32.0421 3256 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
06:26:32.0437 3256 Alerter - ok
06:26:32.0468 3256 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
06:26:32.0468 3256 ALG - ok
06:26:32.0468 3256 AliIde - ok
06:26:32.0500 3256 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:26:32.0500 3256 AmdK8 - ok
06:26:32.0515 3256 amsint - ok
06:26:32.0578 3256 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
06:26:32.0578 3256 AppMgmt - ok
06:26:32.0609 3256 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
06:26:32.0609 3256 aracpi - ok
06:26:32.0609 3256 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
06:26:32.0609 3256 arhidfltr - ok
06:26:32.0625 3256 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
06:26:32.0625 3256 arkbcfltr - ok
06:26:32.0640 3256 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
06:26:32.0640 3256 armoucfltr - ok
06:26:32.0656 3256 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:26:32.0671 3256 Arp1394 - ok
06:26:32.0703 3256 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
06:26:32.0703 3256 ARPolicy - ok
06:26:32.0734 3256 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
06:26:33.0187 3256 ARSVC - ok
06:26:33.0187 3256 asc - ok
06:26:33.0203 3256 asc3350p - ok
06:26:33.0203 3256 asc3550 - ok
06:26:33.0234 3256 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
06:26:33.0250 3256 ASPI32 - ok
06:26:33.0328 3256 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
06:26:33.0359 3256 aspnet_state - ok
06:26:33.0375 3256 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:26:33.0375 3256 AsyncMac - ok
06:26:33.0406 3256 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:26:33.0406 3256 atapi - ok
06:26:33.0421 3256 Atdisk - ok
06:26:33.0453 3256 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
06:26:33.0468 3256 atksgt - ok
06:26:33.0515 3256 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:26:33.0515 3256 Atmarpc - ok
06:26:33.0562 3256 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
06:26:33.0562 3256 AudioSrv - ok
06:26:33.0593 3256 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:26:33.0593 3256 audstub - ok
06:26:33.0875 3256 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
06:26:34.0000 3256 AVGIDSAgent - ok
06:26:34.0125 3256 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
06:26:34.0125 3256 AVGIDSDriver - ok
06:26:34.0156 3256 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
06:26:34.0156 3256 AVGIDSFilter - ok
06:26:34.0187 3256 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
06:26:34.0187 3256 AVGIDSHX - ok
06:26:34.0218 3256 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
06:26:34.0218 3256 AVGIDSShim - ok
06:26:34.0250 3256 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
06:26:34.0265 3256 Avgldx86 - ok
06:26:34.0281 3256 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
06:26:34.0281 3256 Avgmfx86 - ok
06:26:34.0296 3256 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
06:26:34.0296 3256 Avgrkx86 - ok
06:26:34.0328 3256 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
06:26:34.0328 3256 Avgtdix - ok
06:26:34.0421 3256 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
06:26:34.0421 3256 avgwd - ok
06:26:34.0468 3256 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
06:26:34.0484 3256 BCMNTIO - ok
06:26:34.0515 3256 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:26:34.0515 3256 Beep - ok
06:26:34.0562 3256 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
06:26:34.0796 3256 BITS - ok
06:26:34.0828 3256 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
06:26:34.0828 3256 Browser - ok
06:26:34.0859 3256 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:26:34.0859 3256 cbidf2k - ok
06:26:34.0875 3256 cd20xrnt - ok
06:26:34.0906 3256 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:26:34.0906 3256 Cdaudio - ok
06:26:34.0937 3256 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:26:34.0937 3256 Cdfs - ok
06:26:34.0953 3256 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:26:34.0953 3256 Cdrom - ok
06:26:34.0953 3256 Changer - ok
06:26:34.0984 3256 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
06:26:34.0984 3256 CiSvc - ok
06:26:35.0015 3256 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
06:26:35.0015 3256 ClipSrv - ok
06:26:35.0093 3256 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:26:35.0125 3256 clr_optimization_v2.0.50727_32 - ok
06:26:35.0171 3256 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:26:35.0218 3256 clr_optimization_v4.0.30319_32 - ok
06:26:35.0218 3256 CmdIde - ok
06:26:35.0218 3256 COMSysApp - ok
06:26:35.0234 3256 Cpqarray - ok
06:26:35.0265 3256 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
06:26:35.0265 3256 CryptSvc - ok
06:26:35.0296 3256 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
06:26:35.0296 3256 ctxusbm - ok
06:26:35.0296 3256 dac2w2k - ok
06:26:35.0312 3256 dac960nt - ok
06:26:35.0343 3256 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
06:26:35.0359 3256 DcomLaunch - ok
06:26:35.0390 3256 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
06:26:35.0390 3256 Dhcp - ok
06:26:35.0421 3256 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:26:35.0421 3256 Disk - ok
06:26:35.0437 3256 dmadmin - ok
06:26:35.0484 3256 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:26:35.0500 3256 dmboot - ok
06:26:35.0500 3256 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:26:35.0515 3256 dmio - ok
06:26:35.0531 3256 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:26:35.0531 3256 dmload - ok
06:26:35.0562 3256 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
06:26:35.0562 3256 dmserver - ok
06:26:35.0578 3256 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:26:35.0593 3256 DMusic - ok
06:26:35.0609 3256 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
06:26:35.0609 3256 Dnscache - ok
06:26:35.0656 3256 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
06:26:35.0656 3256 Dot3svc - ok
06:26:35.0656 3256 dpti2o - ok
06:26:35.0671 3256 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:26:35.0671 3256 drmkaud - ok
06:26:35.0687 3256 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
06:26:35.0687 3256 EapHost - ok
06:26:35.0750 3256 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
06:26:35.0765 3256 ehRecvr - ok
06:26:35.0781 3256 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
06:26:35.0781 3256 ehSched - ok
06:26:35.0843 3256 EraserUtilDrvI7 - ok
06:26:35.0890 3256 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
06:26:35.0906 3256 ERSvc - ok
06:26:35.0937 3256 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:26:35.0937 3256 Eventlog - ok
06:26:35.0968 3256 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
06:26:35.0984 3256 EventSystem - ok
06:26:36.0015 3256 F-Secure Standalone Minifilter - ok
06:26:36.0046 3256 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:26:36.0046 3256 Fastfat - ok
06:26:36.0093 3256 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:26:36.0109 3256 FastUserSwitchingCompatibility - ok
06:26:36.0140 3256 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
06:26:36.0156 3256 Fax - ok
06:26:36.0171 3256 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:26:36.0171 3256 Fdc - ok
06:26:36.0187 3256 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:26:36.0187 3256 Fips - ok
06:26:36.0203 3256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:26:36.0203 3256 Flpydisk - ok
06:26:36.0234 3256 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:26:36.0250 3256 FltMgr - ok
06:26:36.0343 3256 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:26:36.0343 3256 FontCache3.0.0.0 - ok
06:26:36.0375 3256 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:26:36.0375 3256 Fs_Rec - ok
06:26:36.0390 3256 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:26:36.0390 3256 Ftdisk - ok
06:26:36.0406 3256 ftsata2 - ok
06:26:36.0421 3256 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:26:36.0421 3256 Gpc - ok
06:26:36.0500 3256 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
06:26:36.0500 3256 gupdate - ok
06:26:36.0500 3256 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
06:26:36.0500 3256 gupdatem - ok
06:26:36.0562 3256 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:26:36.0562 3256 HDAudBus - ok
06:26:36.0609 3256 helpsvc - ok
06:26:36.0656 3256 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
06:26:36.0656 3256 HidServ - ok
06:26:36.0687 3256 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:26:36.0687 3256 HidUsb - ok
06:26:36.0718 3256 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
06:26:36.0734 3256 hkmsvc - ok
06:26:36.0734 3256 hpn - ok
06:26:36.0781 3256 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
06:26:36.0796 3256 HSXHWBS2 - ok
06:26:36.0843 3256 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
06:26:36.0859 3256 HSX_DP - ok
06:26:36.0890 3256 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:26:36.0890 3256 HTTP - ok
06:26:36.0937 3256 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
06:26:36.0953 3256 HTTPFilter - ok
06:26:36.0953 3256 i2omgmt - ok
06:26:36.0968 3256 i2omp - ok
06:26:36.0984 3256 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:26:36.0984 3256 i8042prt - ok
06:26:37.0109 3256 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
06:26:37.0109 3256 IDriverT - ok
06:26:37.0250 3256 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:26:37.0265 3256 idsvc - ok
06:26:37.0312 3256 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys
06:26:37.0312 3256 imagedrv - ok
06:26:37.0312 3256 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
06:26:37.0328 3256 imagesrv - ok
06:26:37.0328 3256 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:26:37.0328 3256 Imapi - ok
06:26:37.0375 3256 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
06:26:37.0375 3256 ImapiService - ok
06:26:37.0390 3256 ini910u - ok
06:26:37.0609 3256 IntcAzAudAddService (b76d32231f56bb3df236bf25f49106ae) C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:26:37.0640 3256 IntcAzAudAddService - ok
06:26:37.0765 3256 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:26:37.0765 3256 IntelIde - ok
06:26:37.0796 3256 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:26:37.0796 3256 intelppm - ok
06:26:37.0812 3256 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:26:37.0812 3256 Ip6Fw - ok
06:26:37.0828 3256 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:26:37.0828 3256 IpFilterDriver - ok
06:26:37.0843 3256 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:26:37.0843 3256 IpInIp - ok
06:26:37.0859 3256 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:26:37.0859 3256 IpNat - ok
06:26:37.0890 3256 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:26:37.0906 3256 IPSec - ok
06:26:37.0906 3256 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:26:37.0906 3256 IRENUM - ok
06:26:37.0921 3256 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:26:37.0921 3256 isapnp - ok
06:26:37.0953 3256 ithsgt (b7a5fadf67136fda7e8f25303565b674) C:\WINDOWS\system32\DRIVERS\ithsgt.sys
06:26:37.0968 3256 ithsgt - ok
06:26:38.0078 3256 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
06:26:38.0078 3256 JavaQuickStarterService - ok
06:26:38.0093 3256 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:26:38.0093 3256 Kbdclass - ok
06:26:38.0125 3256 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:26:38.0125 3256 kbdhid - ok
06:26:38.0156 3256 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:26:38.0156 3256 kmixer - ok
06:26:38.0187 3256 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:26:38.0187 3256 KSecDD - ok
06:26:38.0218 3256 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
06:26:38.0234 3256 lanmanserver - ok
06:26:38.0265 3256 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
06:26:38.0265 3256 lanmanworkstation - ok
06:26:38.0265 3256 lbrtfdc - ok
06:26:38.0343 3256 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
06:26:38.0343 3256 LightScribeService - ok
06:26:38.0375 3256 lilsgt (16767ea492b5d140e1de3679a65eae74) C:\WINDOWS\system32\DRIVERS\lilsgt.sys
06:26:38.0375 3256 lilsgt - ok
06:26:38.0406 3256 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
06:26:38.0421 3256 lirsgt - ok
06:26:38.0453 3256 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
06:26:38.0453 3256 LmHosts - ok
06:26:38.0484 3256 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
06:26:38.0484 3256 MAPMEM - ok
06:26:38.0500 3256 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
06:26:38.0500 3256 MBAMProtector - ok
06:26:38.0578 3256 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:26:38.0578 3256 MBAMService - ok
06:26:38.0656 3256 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
06:26:38.0656 3256 McrdSvc - ok
06:26:38.0750 3256 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
06:26:38.0750 3256 MDM - ok
06:26:38.0859 3256 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:26:38.0859 3256 mdmxsdk - ok
06:26:38.0890 3256 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
06:26:38.0906 3256 Messenger - ok
06:26:38.0953 3256 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
06:26:38.0984 3256 MHN - ok
06:26:39.0000 3256 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
06:26:39.0000 3256 MHNDRV - ok
06:26:39.0015 3256 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:26:39.0031 3256 mnmdd - ok
06:26:39.0062 3256 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
06:26:39.0062 3256 mnmsrvc - ok
06:26:39.0093 3256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:26:39.0093 3256 Modem - ok
06:26:39.0125 3256 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:26:39.0125 3256 Mouclass - ok
06:26:39.0156 3256 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:26:39.0171 3256 mouhid - ok
06:26:39.0171 3256 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:26:39.0171 3256 MountMgr - ok
06:26:39.0171 3256 mraid35x - ok
06:26:39.0203 3256 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:26:39.0218 3256 MRxDAV - ok
06:26:39.0265 3256 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:26:39.0281 3256 MRxSmb - ok
06:26:39.0312 3256 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:26:39.0312 3256 Msfs - ok
06:26:39.0312 3256 MSIServer - ok
06:26:39.0343 3256 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:26:39.0343 3256 MSKSSRV - ok
06:26:39.0359 3256 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:26:39.0359 3256 MSPCLOCK - ok
06:26:39.0359 3256 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:26:39.0359 3256 MSPQM - ok
06:26:39.0406 3256 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:26:39.0406 3256 mssmbios - ok
06:26:39.0406 3256 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:26:39.0406 3256 Mup - ok
06:26:39.0453 3256 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
06:26:39.0468 3256 napagent - ok
06:26:39.0593 3256 NBService (89844c3d3a7aae8999e229c88e452633) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
06:26:39.0640 3256 NBService - ok
06:26:39.0703 3256 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:26:39.0703 3256 NDIS - ok
06:26:39.0734 3256 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:26:39.0734 3256 NdisTapi - ok
06:26:39.0750 3256 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:26:39.0750 3256 Ndisuio - ok
06:26:39.0765 3256 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:26:39.0765 3256 NdisWan - ok
06:26:39.0796 3256 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:26:39.0796 3256 NDProxy - ok
06:26:39.0796 3256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:26:39.0796 3256 NetBIOS - ok
06:26:39.0812 3256 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:26:39.0812 3256 NetBT - ok
06:26:39.0875 3256 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:26:39.0875 3256 NetDDE - ok
06:26:39.0875 3256 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:26:39.0890 3256 NetDDEdsdm - ok
06:26:39.0921 3256 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:26:39.0921 3256 Netlogon - ok
06:26:39.0937 3256 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
06:26:39.0937 3256 Netman - ok
06:26:40.0046 3256 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:26:40.0046 3256 NetTcpPortSharing - ok
06:26:40.0093 3256 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:26:40.0093 3256 NIC1394 - ok
06:26:40.0125 3256 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
06:26:40.0140 3256 Nla - ok
06:26:40.0250 3256 NMIndexingService (8dd0cdb0c700992d10169d8769ef5f43) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
06:26:40.0296 3256 NMIndexingService - ok
06:26:40.0328 3256 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:26:40.0328 3256 Npfs - ok
06:26:40.0375 3256 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:26:40.0406 3256 Ntfs - ok
06:26:40.0421 3256 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:26:40.0421 3256 NtLmSsp - ok
06:26:40.0468 3256 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
06:26:40.0468 3256 NtmsSvc - ok
06:26:40.0515 3256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:26:40.0515 3256 Null - ok
06:26:40.0828 3256 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:26:41.0000 3256 nv - ok
06:26:41.0109 3256 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
06:26:41.0109 3256 NVENETFD - ok
06:26:41.0140 3256 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
06:26:41.0156 3256 nvnetbus - ok
06:26:41.0187 3256 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe
06:26:41.0187 3256 NVSvc - ok
06:26:41.0218 3256 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:26:41.0218 3256 NwlnkFlt - ok
06:26:41.0234 3256 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:26:41.0234 3256 NwlnkFwd - ok
06:26:41.0265 3256 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:26:41.0265 3256 ohci1394 - ok
06:26:41.0375 3256 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:26:41.0375 3256 ose - ok
06:26:41.0406 3256 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:26:41.0406 3256 Parport - ok
06:26:41.0421 3256 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:26:41.0437 3256 PartMgr - ok
06:26:41.0468 3256 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:26:41.0468 3256 ParVdm - ok
06:26:41.0484 3256 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:26:41.0484 3256 PCI - ok
06:26:41.0484 3256 PCIDump - ok
06:26:41.0500 3256 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:26:41.0500 3256 PCIIde - ok
06:26:41.0531 3256 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:26:41.0546 3256 Pcmcia - ok
06:26:41.0593 3256 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
06:26:41.0609 3256 Pcouffin - ok
06:26:41.0609 3256 PDCOMP - ok
06:26:41.0609 3256 PDFRAME - ok
06:26:41.0625 3256 PDRELI - ok
06:26:41.0625 3256 PDRFRAME - ok
06:26:41.0640 3256 perc2 - ok
06:26:41.0640 3256 perc2hib - ok
06:26:41.0671 3256 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:26:41.0671 3256 PlugPlay - ok
06:26:41.0718 3256 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:26:41.0718 3256 PolicyAgent - ok
06:26:41.0750 3256 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:26:41.0750 3256 PptpMiniport - ok
06:26:41.0765 3256 prcmondrv (0c0d173c2a6f790baee8d4cc48a1ef59) C:\WINDOWS\system32\drivers\prcmondrv1041.sys
06:26:41.0781 3256 prcmondrv - ok
06:26:41.0796 3256 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
06:26:41.0796 3256 Processor - ok
06:26:41.0796 3256 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:26:41.0796 3256 ProtectedStorage - ok
06:26:41.0812 3256 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
06:26:41.0812 3256 Ps2 - ok
06:26:41.0828 3256 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:26:41.0828 3256 PSched - ok
06:26:41.0859 3256 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:26:41.0859 3256 Ptilink - ok
06:26:41.0859 3256 PxHelp20 - ok
06:26:41.0875 3256 ql1080 - ok
06:26:41.0875 3256 Ql10wnt - ok
06:26:41.0875 3256 ql12160 - ok
06:26:41.0890 3256 ql1240 - ok
06:26:41.0890 3256 ql1280 - ok
06:26:41.0906 3256 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:26:41.0906 3256 RasAcd - ok
06:26:41.0937 3256 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
06:26:41.0937 3256 RasAuto - ok
06:26:41.0968 3256 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:26:41.0968 3256 Rasl2tp - ok
06:26:42.0000 3256 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
06:26:42.0015 3256 RasMan - ok
06:26:42.0015 3256 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:26:42.0015 3256 RasPppoe - ok
06:26:42.0015 3256 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:26:42.0031 3256 Raspti - ok
06:26:42.0046 3256 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:26:42.0046 3256 Rdbss - ok
06:26:42.0062 3256 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:26:42.0062 3256 RDPCDD - ok
06:26:42.0078 3256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:26:42.0078 3256 rdpdr - ok
06:26:42.0109 3256 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
06:26:42.0125 3256 RDPWD - ok
06:26:42.0156 3256 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
06:26:42.0171 3256 RDSessMgr - ok
06:26:42.0203 3256 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:26:42.0203 3256 redbook - ok
06:26:42.0234 3256 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
06:26:42.0234 3256 RemoteAccess - ok
06:26:42.0281 3256 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
06:26:42.0281 3256 RemoteRegistry - ok
06:26:42.0328 3256 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
06:26:42.0328 3256 RpcLocator - ok
06:26:42.0375 3256 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
06:26:42.0375 3256 RpcSs - ok
06:26:42.0421 3256 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
06:26:42.0421 3256 RSVP - ok
06:26:42.0484 3256 RT2500USB (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
06:26:42.0500 3256 RT2500USB - ok
06:26:42.0546 3256 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
06:26:42.0546 3256 rtl8139 - ok
06:26:42.0593 3256 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:26:42.0593 3256 SamSs - ok
06:26:42.0625 3256 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
06:26:42.0625 3256 SCardSvr - ok
06:26:42.0671 3256 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
06:26:42.0671 3256 SCDEmu - ok
06:26:42.0703 3256 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
06:26:42.0718 3256 Schedule - ok
06:26:42.0750 3256 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:26:42.0750 3256 Secdrv - ok
06:26:42.0781 3256 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
06:26:42.0781 3256 seclogon - ok
06:26:42.0812 3256 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
06:26:42.0812 3256 SENS - ok
06:26:42.0843 3256 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
06:26:42.0843 3256 Serial - ok
06:26:42.0906 3256 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:26:42.0906 3256 Sfloppy - ok
06:26:42.0953 3256 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
06:26:42.0953 3256 SharedAccess - ok
06:26:43.0000 3256 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:26:43.0000 3256 ShellHWDetection - ok
06:26:43.0000 3256 Simbad - ok
06:26:43.0046 3256 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
06:26:43.0046 3256 SNMP - ok
06:26:43.0062 3256 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
06:26:43.0078 3256 SNMPTRAP - ok
06:26:43.0078 3256 Sparrow - ok
06:26:43.0109 3256 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:26:43.0109 3256 splitter - ok
06:26:43.0125 3256 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:26:43.0140 3256 Spooler - ok
06:26:43.0187 3256 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
06:26:43.0187 3256 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
06:26:43.0187 3256 sptd ( LockedFile.Multi.Generic ) - warning
06:26:43.0187 3256 sptd - detected LockedFile.Multi.Generic (1)
06:26:43.0203 3256 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:26:43.0203 3256 sr - ok
06:26:43.0234 3256 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
06:26:43.0234 3256 srservice - ok
06:26:43.0265 3256 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:26:43.0265 3256 Srv - ok
06:26:43.0296 3256 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
06:26:43.0296 3256 SSDPSRV - ok
06:26:43.0343 3256 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
06:26:43.0343 3256 stisvc - ok
06:26:43.0375 3256 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:26:43.0375 3256 swenum - ok
06:26:43.0390 3256 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:26:43.0390 3256 swmidi - ok
06:26:43.0390 3256 SwPrv - ok
06:26:43.0406 3256 symc810 - ok
06:26:43.0421 3256 symc8xx - ok
06:26:43.0421 3256 sym_hi - ok
06:26:43.0421 3256 sym_u3 - ok
06:26:43.0437 3256 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:26:43.0437 3256 sysaudio - ok
06:26:43.0468 3256 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
06:26:43.0468 3256 SysmonLog - ok
06:26:43.0500 3256 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
06:26:43.0500 3256 TapiSrv - ok
06:26:43.0562 3256 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:26:43.0562 3256 Tcpip - ok
06:26:43.0593 3256 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:26:43.0593 3256 TDPIPE - ok
06:26:43.0625 3256 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:26:43.0625 3256 TDTCP - ok
06:26:43.0640 3256 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:26:43.0640 3256 TermDD - ok
06:26:43.0671 3256 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
06:26:43.0687 3256 TermService - ok
06:26:43.0718 3256 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:26:43.0718 3256 Themes - ok
06:26:43.0750 3256 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
06:26:43.0765 3256 TlntSvr - ok
06:26:43.0765 3256 TosIde - ok
06:26:43.0796 3256 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
06:26:43.0796 3256 TrkWks - ok
06:26:43.0828 3256 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:26:43.0828 3256 Udfs - ok
06:26:43.0828 3256 ultra - ok
06:26:43.0890 3256 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:26:43.0890 3256 Update - ok
06:26:43.0921 3256 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
06:26:43.0937 3256 upnphost - ok
06:26:43.0937 3256 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
06:26:43.0953 3256 UPS - ok
06:26:44.0000 3256 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:26:44.0000 3256 usbaudio - ok
06:26:44.0015 3256 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:26:44.0031 3256 usbccgp - ok
06:26:44.0046 3256 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:26:44.0046 3256 usbehci - ok
06:26:44.0062 3256 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:26:44.0062 3256 usbhub - ok
06:26:44.0062 3256 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:26:44.0078 3256 usbohci - ok
06:26:44.0109 3256 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:26:44.0109 3256 usbprint - ok
06:26:44.0156 3256 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:26:44.0156 3256 usbscan - ok
06:26:44.0187 3256 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:26:44.0203 3256 usbstor - ok
06:26:44.0218 3256 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:26:44.0218 3256 usbuhci - ok
06:26:44.0250 3256 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:26:44.0250 3256 VgaSave - ok
06:26:44.0281 3256 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:26:44.0281 3256 ViaIde - ok
06:26:44.0296 3256 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:26:44.0296 3256 VolSnap - ok
06:26:44.0343 3256 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
06:26:44.0359 3256 VSS - ok
06:26:44.0390 3256 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
06:26:44.0390 3256 W32Time - ok
06:26:44.0406 3256 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:26:44.0421 3256 Wanarp - ok
06:26:44.0437 3256 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:26:44.0453 3256 wanatw - ok
06:26:44.0500 3256 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
06:26:44.0515 3256 Wdf01000 - ok
06:26:44.0515 3256 WDICA - ok
06:26:44.0546 3256 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:26:44.0562 3256 wdmaud - ok
06:26:44.0609 3256 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
06:26:44.0609 3256 WebClient - ok
06:26:44.0671 3256 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
06:26:44.0671 3256 winachsx - ok
06:26:44.0734 3256 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:26:44.0734 3256 winmgmt - ok
06:26:44.0796 3256 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:26:44.0812 3256 WmdmPmSN - ok
06:26:44.0859 3256 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
06:26:44.0875 3256 Wmi - ok
06:26:44.0890 3256 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:26:44.0890 3256 WmiApSrv - ok
06:26:45.0031 3256 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
06:26:45.0046 3256 WMPNetworkSvc - ok
06:26:45.0125 3256 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:26:45.0125 3256 WpdUsb - ok
06:26:45.0234 3256 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:26:45.0250 3256 WPFFontCache_v0400 - ok
06:26:45.0296 3256 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
06:26:45.0296 3256 wscsvc - ok
06:26:45.0312 3256 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
06:26:45.0343 3256 wuauserv - ok
06:26:45.0375 3256 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:26:45.0375 3256 WudfPf - ok
06:26:45.0406 3256 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
06:26:45.0406 3256 WUDFRd - ok
06:26:45.0437 3256 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
06:26:45.0437 3256 WudfSvc - ok
06:26:45.0484 3256 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
06:26:45.0484 3256 WZCSVC - ok
06:26:45.0500 3256 xcpip - ok
06:26:45.0562 3256 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
06:26:45.0578 3256 xmlprov - ok
06:26:45.0593 3256 xpsec - ok
06:26:45.0625 3256 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
06:26:45.0625 3256 xusb21 - ok
06:26:45.0734 3256 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
06:26:45.0750 3256 YahooAUService - ok
06:26:45.0796 3256 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
06:26:45.0828 3256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
06:26:45.0828 3256 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
06:26:45.0859 3256 Boot (0x1200) (a3c1c6890b580412bd8a4870d8ab8ed3) \Device\Harddisk0\DR0\Partition0
06:26:45.0859 3256 \Device\Harddisk0\DR0\Partition0 - ok
06:26:45.0875 3256 Boot (0x1200) (57a4fd1905c0e423c4781ed2f648e337) \Device\Harddisk0\DR0\Partition1
06:26:45.0875 3256 \Device\Harddisk0\DR0\Partition1 - ok
06:26:45.0875 3256 ============================================================
06:26:45.0875 3256 Scan finished
06:26:45.0875 3256 ============================================================
06:26:45.0890 3940 Detected object count: 3
06:26:45.0890 3940 Actual detected object count: 3
06:27:58.0890 3940 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
06:27:58.0890 3940 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
06:27:58.0890 3940 sptd ( LockedFile.Multi.Generic ) - skipped by user
06:27:58.0890 3940 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
06:27:58.0953 3940 \Device\Harddisk0\DR0\# - copied to quarantine
06:27:58.0953 3940 \Device\Harddisk0\DR0 - copied to quarantine
06:27:58.0968 3940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
06:27:58.0984 3940 \Device\Harddisk0\DR0 - ok
06:27:58.0984 3940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
06:29:18.0515 3868 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 06:33:47
-----------------------------
06:33:47.453 OS Version: Windows 5.1.2600 Service Pack 3
06:33:47.453 Number of processors: 2 586 0x4B02
06:33:47.453 ComputerName: JAKE UserName:
06:33:48.750 Initialize success
06:36:28.296 AVAST engine defs: 12070300
06:37:03.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
06:37:03.375 Disk 0 Vendor: HDT722525DLA380 V44OA99A Size: 238475MB BusType: 3
06:37:03.390 Disk 0 MBR read successfully
06:37:03.390 Disk 0 MBR scan
06:37:03.421 Disk 0 unknown MBR code
06:37:03.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229412 MB offset 63
06:37:03.453 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9052 MB offset 469853055
06:37:03.453 Disk 0 scanning sectors +488392065
06:37:03.453 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
06:37:03.515 Disk 0 scanning C:\WINDOWS\system32\drivers
06:37:17.109 Service scanning
06:37:33.437 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
06:37:38.515 Modules scanning
06:37:45.234 Disk 0 trace - called modules:
06:37:45.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spiw.sys >>UNKNOWN [0x8afc9938]<<
06:37:45.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af22ab8]
06:37:45.250 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000089[0x8af609e8]
06:37:45.250 5 ACPI.sys[b9e46620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8aedc940]
06:37:46.296 AVAST engine scan C:\WINDOWS
06:37:58.750 AVAST engine scan C:\WINDOWS\system32
06:42:52.859 AVAST engine scan C:\WINDOWS\system32\drivers
06:43:24.671 AVAST engine scan C:\Documents and Settings\HP_Administrator
06:49:59.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
06:49:59.062 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 06:33:47
-----------------------------
06:33:47.453 OS Version: Windows 5.1.2600 Service Pack 3
06:33:47.453 Number of processors: 2 586 0x4B02
06:33:47.453 ComputerName: JAKE UserName:
06:33:48.750 Initialize success
06:36:28.296 AVAST engine defs: 12070300
06:37:03.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
06:37:03.375 Disk 0 Vendor: HDT722525DLA380 V44OA99A Size: 238475MB BusType: 3
06:37:03.390 Disk 0 MBR read successfully
06:37:03.390 Disk 0 MBR scan
06:37:03.421 Disk 0 unknown MBR code
06:37:03.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229412 MB offset 63
06:37:03.453 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9052 MB offset 469853055
06:37:03.453 Disk 0 scanning sectors +488392065
06:37:03.453 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
06:37:03.515 Disk 0 scanning C:\WINDOWS\system32\drivers
06:37:17.109 Service scanning
06:37:33.437 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
06:37:38.515 Modules scanning
06:37:45.234 Disk 0 trace - called modules:
06:37:45.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spiw.sys >>UNKNOWN [0x8afc9938]<<
06:37:45.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af22ab8]
06:37:45.250 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000089[0x8af609e8]
06:37:45.250 5 ACPI.sys[b9e46620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8aedc940]
06:37:46.296 AVAST engine scan C:\WINDOWS
06:37:58.750 AVAST engine scan C:\WINDOWS\system32
06:42:52.859 AVAST engine scan C:\WINDOWS\system32\drivers
06:43:24.671 AVAST engine scan C:\Documents and Settings\HP_Administrator
06:49:59.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
06:49:59.062 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"
06:51:16.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
06:51:16.187 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 06:59:01
-----------------------------
06:59:01.171 OS Version: Windows 5.1.2600 Service Pack 3
06:59:01.171 Number of processors: 2 586 0x4B02
06:59:01.171 ComputerName: JAKE UserName:
06:59:02.296 Initialize success
06:59:10.921 AVAST engine defs: 12070300
06:59:19.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
06:59:19.765 Disk 0 Vendor: HDT722525DLA380 V44OA99A Size: 238475MB BusType: 3
06:59:19.796 Disk 0 MBR read successfully
06:59:19.796 Disk 0 MBR scan
06:59:19.796 Disk 0 unknown MBR code
06:59:19.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229412 MB offset 63
06:59:19.828 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9052 MB offset 469853055
06:59:19.859 Disk 0 scanning sectors +488392065
06:59:19.890 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
06:59:19.968 Disk 0 scanning C:\WINDOWS\system32\drivers
06:59:41.640 Service scanning
06:59:57.843 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
07:00:03.015 Modules scanning
07:00:22.562 Disk 0 trace - called modules:
07:00:22.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spiw.sys >>UNKNOWN [0x8afc9938]<<
07:00:22.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af22ab8]
07:00:22.593 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000089[0x8af609e8]
07:00:22.593 5 ACPI.sys[b9e46620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8aedc940]
07:00:23.562 AVAST engine scan C:\
12:06:10.343 Scan finished successfully
18:47:38.879 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
18:47:38.910 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 PM

Posted 03 July 2012 - 08:01 PM

Hello again and you are welcome!

You did reboot after these scans,it is needed to complete remoaval.

It is extremly like;y you are infecting yourself thru µTorrent downloads.
This is a common occurance when using these nd continued use will bring more.

Rootkit.Boot.Sinowal.b
A rootkit is a program or a program kit that hides the presence of malware in the system.

A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).
http://support.kaspersky.com/viruses/solutions?print=true&qid=208283366

Looks like there is still some cleanup to do.

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 YoungBarrels

YoungBarrels
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 03 July 2012 - 11:48 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 20:28:45
-----------------------------
20:28:45.254 OS Version: Windows 5.1.2600 Service Pack 3
20:28:45.254 Number of processors: 2 586 0x4B02
20:28:45.254 ComputerName: JAKE UserName:
20:28:47.160 Initialize success
20:29:04.347 AVAST engine defs: 12070300
20:30:41.707 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
20:30:41.707 Disk 0 Vendor: HDT722525DLA380 V44OA99A Size: 238475MB BusType: 3
20:30:41.847 Disk 0 MBR read successfully
20:30:41.847 Disk 0 MBR scan
20:30:41.863 Disk 0 unknown MBR code
20:30:41.879 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229412 MB offset 63
20:30:41.941 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9052 MB offset 469853055
20:30:42.160 Disk 0 scanning sectors +488392065
20:30:42.285 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
20:30:42.535 Disk 0 scanning C:\WINDOWS\system32\drivers
20:31:46.457 Service scanning
20:32:28.972 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:32:37.800 Modules scanning
20:33:28.863 Disk 0 trace - called modules:
20:33:28.879 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spiw.sys >>UNKNOWN [0x8afc9938]<<
20:33:28.879 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af22ab8]
20:33:28.879 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000089[0x8af609e8]
20:33:28.879 5 ACPI.sys[b9e46620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8aedc940]
20:33:29.863 AVAST engine scan C:\WINDOWS
20:35:04.800 AVAST engine scan C:\WINDOWS\system32
20:48:18.441 AVAST engine scan C:\WINDOWS\system32\drivers
20:50:10.660 AVAST engine scan C:\Documents and Settings\HP_Administrator
21:36:06.097 Verifying
21:36:16.129 Disk 0 Windows 501 MBR fixed successfully
22:16:52.879 AVAST engine scan C:\Documents and Settings\All Users
22:22:58.144 Scan finished successfully
22:25:32.613 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
22:25:32.660 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"






C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\43\6a69c96b-7f5e53f0 Java/Agent.EI trojan deleted - quarantined
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\5e3ed4c9-4daf7593 a variant of Java/Exploit.CVE-2012-0507.B trojan deleted - quarantined
C:\Documents and Settings\HP_Administrator\Desktop\Emulators and Roms\DOS\zipped Games\WinRAR v3.2\WinRAR Patcher.rar a variant of Win32/Tool.TPE.A application deleted - quarantined
C:\Documents and Settings\HP_Administrator\Desktop\Extras\BioniX Wallpaper 5.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Documents and Settings\HP_Administrator\Desktop\Extras\Fix & Repair\SDFix.exe Win32/PrcView application deleted - quarantined
C:\Documents and Settings\HP_Administrator\Desktop\Extras\Fix & Repair\SmitfraudFix.zip multiple threats deleted - quarantined
C:\Program Files\Nero.exe Win32/Toolbar.AskSBar application deleted - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 PM

Posted 04 July 2012 - 02:39 PM

Hello, appears it won't come out easily .. We need to repost abiut this.,, Disk 0 malicious Win32:MBRoot code @ sector 488392068 !

Include this link back to here.
http://www.bleepingcomputer.com/forums/topic459042.html/page__pid__2751571#entry2751571


We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users