Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DELLXP SP3 AOL


  • This topic is locked This topic is locked
16 replies to this topic

#1 DELLXPOOPS

DELLXPOOPS

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 23 July 2012 - 07:37 PM

Hello. My DELL XP (SP3) PC was previously attacked by viruses and such,
and I seem to have removed them, but the PC was left a little off.
From the diagnostics I've run everything seems all right with it,
but there's obviousLY SOMEthing happening with it:I use dial-up with AOL (9),
and I had previously uninstalled AOL to reinstall it again.
Even though I had just done this and I haven't changed the settings,
it tells me that "AOL can't connect to my computer."
and the setup can't go further than there.
Any help appreciated.

Edited by Orange Blossom, 23 July 2012 - 08:42 PM.
Moved to AII from XP. ~ OB


BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 23 July 2012 - 08:37 PM

You may still be infected. Sit tight as you will be moved by request for a malware helper or expert will help you.

Tekken
 


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:23 PM

Posted 17 August 2012 - 01:08 PM

Hello, appears you got lost here.

For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.


netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 23 August 2012 - 07:38 PM

Thanks but, None of those seemed to work, so, should we try for more malware now.?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:23 PM

Posted 23 August 2012 - 08:00 PM

Yes, onto a CD or flash drive..load from another PC, and run these....

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


>>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>>>

Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 27 August 2012 - 06:37 PM

HERE IS THE RESULT OF THE SCAN

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 06:22:21 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\system32\dla\tfswctrl.exe (PID: 1620) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\ipsec.sys [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys : 74,752 : 08/04/2004 00:00 AM : 64537aa5c003a6afeee1df819062d0d1 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ipsec.sys : 75,264 : 04/13/2008 02:19 PM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
+-> C:\WINDOWS\SYSTEM32\DLLCACHE\ipsec.sys : 74,752 : 08/04/2004 02:00 AM : 64537aa5c003a6afeee1df819062d0d1 [Pos Repl]

Program finished at: 08/26/2012 06:23:44 PM
Execution time: 0 hours(s), 1 minute(s), and 22 seconds(s)


18:26:16.0593 2796 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:26:18.0625 2796 ============================================================
18:26:18.0625 2796 Current date / time: 2012/08/26 18:26:18.0625
18:26:18.0625 2796 SystemInfo:
18:26:18.0625 2796
18:26:18.0625 2796 OS Version: 5.1.2600 ServicePack: 3.0
18:26:18.0625 2796 Product type: Workstation
18:26:18.0625 2796 ComputerName: NO1
18:26:18.0625 2796 UserName: Dashel R
18:26:18.0625 2796 Windows directory: C:\WINDOWS
18:26:18.0625 2796 System windows directory: C:\WINDOWS
18:26:18.0625 2796 Processor architecture: Intel x86
18:26:18.0625 2796 Number of processors: 1
18:26:18.0625 2796 Page size: 0x1000
18:26:18.0625 2796 Boot type: Normal boot
18:26:18.0625 2796 ============================================================
18:26:20.0671 2796 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:26:20.0703 2796 Drive \Device\Harddisk1\DR4 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:26:20.0703 2796 ============================================================
18:26:20.0703 2796 \Device\Harddisk0\DR0:
18:26:20.0703 2796 MBR partitions:
18:26:20.0703 2796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8F206FE
18:26:20.0703 2796 \Device\Harddisk1\DR4:
18:26:20.0703 2796 MBR partitions:
18:26:20.0703 2796 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x779000
18:26:20.0703 2796 ============================================================
18:26:20.0781 2796 C: <-> \Device\Harddisk0\DR0\Partition1
18:26:20.0828 2796 ============================================================
18:26:20.0828 2796 Initialize success
18:26:20.0828 2796 ============================================================
18:26:53.0234 2848 ============================================================
18:26:53.0234 2848 Scan started
18:26:53.0234 2848 Mode: Manual; TDLFS;
18:26:53.0234 2848 ============================================================
18:26:54.0125 2848 ================ Scan system memory ========================
18:26:54.0140 2848 System memory - ok
18:26:54.0140 2848 ================ Scan services =============================
18:26:54.0250 2848 92ade5f1 ( Rootkit.Win32.PMax.gen ) - infected
18:26:54.0250 2848 92ade5f1 - detected Rootkit.Win32.PMax.gen (0)
18:26:54.0375 2848 Abiosdsk - ok
18:26:54.0421 2848 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:26:54.0421 2848 abp480n5 - ok
18:26:54.0687 2848 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:26:54.0687 2848 ACDaemon - ok
18:26:54.0703 2848 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:26:54.0718 2848 ACPI - ok
18:26:54.0781 2848 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:26:54.0781 2848 ACPIEC - ok
18:26:54.0859 2848 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:26:54.0859 2848 Adobe LM Service - ok
18:26:54.0921 2848 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:26:54.0921 2848 adpu160m - ok
18:26:54.0984 2848 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:26:54.0984 2848 aec - ok
18:26:55.0046 2848 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
18:26:55.0046 2848 Afc - ok
18:26:55.0109 2848 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:26:55.0109 2848 AFD - ok
18:26:55.0171 2848 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:26:55.0187 2848 agp440 - ok
18:26:55.0187 2848 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:26:55.0203 2848 agpCPQ - ok
18:26:55.0218 2848 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:26:55.0218 2848 Aha154x - ok
18:26:55.0234 2848 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:26:55.0250 2848 aic78u2 - ok
18:26:55.0296 2848 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:26:55.0296 2848 aic78xx - ok
18:26:55.0359 2848 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:26:55.0359 2848 Alerter - ok
18:26:55.0406 2848 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:26:55.0406 2848 ALG - ok
18:26:55.0421 2848 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
18:26:55.0421 2848 AliIde - ok
18:26:55.0437 2848 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:26:55.0437 2848 alim1541 - ok
18:26:55.0468 2848 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:26:55.0468 2848 amdagp - ok
18:26:55.0484 2848 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
18:26:55.0484 2848 amsint - ok
18:26:55.0656 2848 [ AA2770FD967DAB91A597619C4EADC0C9 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
18:26:55.0656 2848 AOL ACS - ok
18:26:55.0734 2848 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
18:26:55.0734 2848 AOL TopSpeedMonitor - ok
18:26:55.0812 2848 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
18:26:55.0812 2848 Apple Mobile Device - ok
18:26:55.0828 2848 AppMgmt - ok
18:26:55.0906 2848 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
18:26:55.0906 2848 asc - ok
18:26:55.0937 2848 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:26:55.0937 2848 asc3350p - ok
18:26:56.0000 2848 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:26:56.0000 2848 asc3550 - ok
18:26:56.0093 2848 [ B979979AB8027F7F53FB16EC4229B7DB ] ASPI32 C:\WINDOWS\system32\drivers\ASPI32.sys
18:26:56.0093 2848 ASPI32 - ok
18:26:56.0265 2848 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:26:56.0265 2848 aspnet_state - ok
18:26:56.0359 2848 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:26:56.0359 2848 AsyncMac - ok
18:26:56.0406 2848 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:26:56.0406 2848 atapi - ok
18:26:56.0421 2848 Atdisk - ok
18:26:56.0500 2848 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:26:56.0500 2848 Atmarpc - ok
18:26:56.0562 2848 [ C4C3A2638508737DADF222A52B895971 ] ATWPKT2 C:\Program Files\Common Files\AOL\ACS\ATWPKT2.SYS
18:26:56.0562 2848 ATWPKT2 - ok
18:26:56.0625 2848 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:26:56.0625 2848 AudioSrv - ok
18:26:56.0687 2848 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:26:56.0687 2848 audstub - ok
18:26:56.0765 2848 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:26:56.0765 2848 Beep - ok
18:26:56.0828 2848 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:26:56.0843 2848 BITS - ok
18:26:56.0906 2848 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:26:56.0921 2848 Bonjour Service - ok
18:26:56.0984 2848 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:26:56.0984 2848 Browser - ok
18:26:57.0046 2848 [ C915A416F265149471D74E0815C928B2 ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
18:26:57.0046 2848 bvrp_pci - ok
18:26:57.0234 2848 catchme - ok
18:26:57.0296 2848 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:26:57.0296 2848 cbidf - ok
18:26:57.0328 2848 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:26:57.0328 2848 cbidf2k - ok
18:26:57.0343 2848 CCCP106 - ok
18:26:57.0406 2848 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:26:57.0406 2848 CCDECODE - ok
18:26:57.0453 2848 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:26:57.0453 2848 cd20xrnt - ok
18:26:57.0515 2848 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:26:57.0515 2848 Cdaudio - ok
18:26:57.0546 2848 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:26:57.0546 2848 Cdfs - ok
18:26:57.0609 2848 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:26:57.0609 2848 Cdrom - ok
18:26:57.0671 2848 [ 7FD604CD7A7A0FF8975AF61BDF64C577 ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
18:26:57.0671 2848 cfwids - ok
18:26:57.0687 2848 Changer - ok
18:26:57.0750 2848 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:26:57.0750 2848 CiSvc - ok
18:26:57.0796 2848 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:26:57.0796 2848 ClipSrv - ok
18:26:57.0875 2848 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:26:57.0875 2848 clr_optimization_v2.0.50727_32 - ok
18:26:57.0921 2848 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:26:57.0921 2848 CmdIde - ok
18:26:57.0937 2848 COMSysApp - ok
18:26:58.0015 2848 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:26:58.0015 2848 Cpqarray - ok
18:26:58.0078 2848 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:26:58.0078 2848 CryptSvc - ok
18:26:58.0156 2848 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:26:58.0156 2848 dac2w2k - ok
18:26:58.0218 2848 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:26:58.0218 2848 dac960nt - ok
18:26:58.0281 2848 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:26:58.0296 2848 DcomLaunch - ok
18:26:58.0359 2848 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:26:58.0359 2848 Dhcp - ok
18:26:58.0406 2848 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:26:58.0406 2848 Disk - ok
18:26:58.0421 2848 dlbt_device - ok
18:26:58.0437 2848 dmadmin - ok
18:26:58.0531 2848 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:26:58.0546 2848 dmboot - ok
18:26:58.0625 2848 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:26:58.0625 2848 dmio - ok
18:26:58.0671 2848 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:26:58.0671 2848 dmload - ok
18:26:58.0734 2848 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:26:58.0734 2848 dmserver - ok
18:26:58.0781 2848 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:26:58.0781 2848 DMusic - ok
18:26:58.0843 2848 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:26:58.0843 2848 Dnscache - ok
18:26:58.0906 2848 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:26:58.0906 2848 Dot3svc - ok
18:26:58.0968 2848 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:26:58.0968 2848 dpti2o - ok
18:26:59.0031 2848 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:26:59.0031 2848 drmkaud - ok
18:26:59.0046 2848 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
18:26:59.0046 2848 drvmcdb - ok
18:26:59.0093 2848 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
18:26:59.0093 2848 drvnddm - ok
18:26:59.0203 2848 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
18:26:59.0203 2848 DSBrokerService - ok
18:26:59.0312 2848 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:26:59.0312 2848 DSproct - ok
18:26:59.0375 2848 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
18:26:59.0375 2848 dsunidrv - ok
18:26:59.0437 2848 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:26:59.0453 2848 E100B - ok
18:26:59.0500 2848 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:26:59.0500 2848 EapHost - ok
18:26:59.0578 2848 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:26:59.0578 2848 ERSvc - ok
18:26:59.0625 2848 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:26:59.0625 2848 Eventlog - ok
18:26:59.0687 2848 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:26:59.0687 2848 EventSystem - ok
18:26:59.0750 2848 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:26:59.0750 2848 Fastfat - ok
18:26:59.0812 2848 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:26:59.0828 2848 FastUserSwitchingCompatibility - ok
18:26:59.0890 2848 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
18:26:59.0890 2848 Fax - ok
18:26:59.0937 2848 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:26:59.0937 2848 Fdc - ok
18:26:59.0984 2848 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:26:59.0984 2848 Fips - ok
18:27:00.0000 2848 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:27:00.0000 2848 Flpydisk - ok
18:27:00.0062 2848 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:27:00.0062 2848 FltMgr - ok
18:27:00.0078 2848 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:27:00.0078 2848 Fs_Rec - ok
18:27:00.0109 2848 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:27:00.0109 2848 Ftdisk - ok
18:27:00.0156 2848 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:27:00.0156 2848 GEARAspiWDM - ok
18:27:00.0203 2848 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:27:00.0203 2848 Gpc - ok
18:27:00.0312 2848 gupdate - ok
18:27:00.0328 2848 gupdatem - ok
18:27:00.0375 2848 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:27:00.0390 2848 gusvc - ok
18:27:00.0484 2848 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:27:00.0484 2848 helpsvc - ok
18:27:00.0500 2848 HidServ - ok
18:27:00.0578 2848 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:27:00.0578 2848 HidUsb - ok
18:27:00.0656 2848 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:27:00.0671 2848 hkmsvc - ok
18:27:00.0734 2848 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
18:27:00.0734 2848 hpn - ok
18:27:00.0796 2848 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:27:00.0796 2848 HTTP - ok
18:27:00.0859 2848 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:27:00.0875 2848 HTTPFilter - ok
18:27:00.0921 2848 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
18:27:00.0921 2848 i2omgmt - ok
18:27:00.0968 2848 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:27:00.0984 2848 i2omp - ok
18:27:01.0000 2848 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:27:01.0000 2848 i8042prt - ok
18:27:01.0109 2848 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:27:01.0156 2848 ialm - ok
18:27:01.0312 2848 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:27:01.0328 2848 IDriverT - ok
18:27:01.0390 2848 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:27:01.0390 2848 Imapi - ok
18:27:01.0453 2848 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:27:01.0453 2848 ImapiService - ok
18:27:01.0484 2848 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:27:01.0484 2848 ini910u - ok
18:27:01.0609 2848 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
18:27:01.0687 2848 IntelC51 - ok
18:27:01.0750 2848 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
18:27:01.0781 2848 IntelC52 - ok
18:27:01.0812 2848 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
18:27:01.0812 2848 IntelC53 - ok
18:27:01.0875 2848 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:27:01.0875 2848 IntelIde - ok
18:27:01.0890 2848 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:27:01.0890 2848 intelppm - ok
18:27:01.0968 2848 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:27:01.0968 2848 Ip6Fw - ok
18:27:02.0031 2848 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:27:02.0031 2848 IpFilterDriver - ok
18:27:02.0078 2848 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:27:02.0078 2848 IpInIp - ok
18:27:02.0125 2848 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:27:02.0125 2848 IpNat - ok
18:27:02.0250 2848 [ 7A3611564FCE7C8BE50B03F58CB3EB7D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:27:02.0296 2848 iPod Service - ok
18:27:02.0343 2848 [ 8B0FA63F06785C35DE4590C4951E8F3E ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:27:02.0343 2848 IPSec ( Virus.Win32.ZAccess.j ) - infected
18:27:02.0343 2848 IPSec - detected Virus.Win32.ZAccess.j (0)
18:27:02.0406 2848 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:27:02.0406 2848 IRENUM - ok
18:27:02.0484 2848 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:27:02.0484 2848 isapnp - ok
18:27:02.0640 2848 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:27:02.0640 2848 JavaQuickStarterService - ok
18:27:02.0703 2848 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:27:02.0703 2848 Kbdclass - ok
18:27:02.0765 2848 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:27:02.0765 2848 kmixer - ok
18:27:02.0828 2848 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:27:02.0828 2848 KSecDD - ok
18:27:02.0890 2848 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:27:02.0890 2848 lanmanserver - ok
18:27:02.0968 2848 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:27:02.0968 2848 lanmanworkstation - ok
18:27:02.0984 2848 lbrtfdc - ok
18:27:03.0046 2848 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:27:03.0046 2848 LmHosts - ok
18:27:03.0171 2848 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
18:27:03.0171 2848 McComponentHostService - ok
18:27:03.0187 2848 McMPFSvc - ok
18:27:03.0203 2848 McNaiAnn - ok
18:27:03.0312 2848 [ F5ABA900F679A710F871B68D4B0F6B27 ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
18:27:03.0312 2848 MemeoBackgroundService - ok
18:27:03.0375 2848 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:27:03.0375 2848 Messenger - ok
18:27:03.0437 2848 [ 113445FC6A858EF453CDED5B0A0DF665 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
18:27:03.0437 2848 mfeapfk - ok
18:27:03.0468 2848 mfeavfk06 - ok
18:27:03.0468 2848 mfebopk26 - ok
18:27:03.0484 2848 mfefire - ok
18:27:03.0562 2848 [ C7DA1B8003C89ACEDAA13768F7A1C622 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
18:27:03.0578 2848 mfefirek - ok
18:27:03.0640 2848 [ B1728195877B18CE63CF0CD00B2871EB ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:27:03.0640 2848 mfendisk - ok
18:27:03.0656 2848 [ B1728195877B18CE63CF0CD00B2871EB ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:27:03.0656 2848 mfendiskmp - ok
18:27:03.0718 2848 [ CE1711F7C3F72F6762ABD241DCFD5EE1 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
18:27:03.0718 2848 mferkdet - ok
18:27:03.0734 2848 mfetdi2k - ok
18:27:03.0765 2848 [ 822BD7B6A2214EF6DB595579B583A4D3 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
18:27:03.0765 2848 mfevtp - ok
18:27:03.0843 2848 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:27:03.0843 2848 mnmdd - ok
18:27:03.0906 2848 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:27:03.0906 2848 mnmsrvc - ok
18:27:03.0968 2848 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:27:03.0968 2848 Modem - ok
18:27:04.0046 2848 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:27:04.0046 2848 MODEMCSA - ok
18:27:04.0062 2848 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
18:27:04.0062 2848 mohfilt - ok
18:27:04.0109 2848 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:27:04.0109 2848 Mouclass - ok
18:27:04.0156 2848 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:27:04.0156 2848 mouhid - ok
18:27:04.0187 2848 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:27:04.0187 2848 MountMgr - ok
18:27:04.0265 2848 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:27:04.0281 2848 MpFilter - ok
18:27:04.0343 2848 [ 1AAE79A4176A957BF2BB679812F04655 ] MR97310_USB_DUAL_CAMERA C:\WINDOWS\system32\DRIVERS\mr97310c.sys
18:27:04.0343 2848 MR97310_USB_DUAL_CAMERA - ok
18:27:04.0406 2848 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:27:04.0406 2848 mraid35x - ok
18:27:04.0437 2848 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:27:04.0437 2848 MRxDAV - ok
18:27:04.0515 2848 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:27:04.0515 2848 MRxSmb - ok
18:27:04.0578 2848 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:27:04.0578 2848 MSDTC - ok
18:27:04.0593 2848 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:27:04.0593 2848 Msfs - ok
18:27:04.0609 2848 MSIServer - ok
18:27:04.0671 2848 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:27:04.0671 2848 MSKSSRV - ok
18:27:04.0781 2848 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:27:04.0781 2848 MsMpSvc - ok
18:27:04.0812 2848 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:27:04.0812 2848 MSPCLOCK - ok
18:27:04.0875 2848 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:27:04.0875 2848 MSPQM - ok
18:27:04.0937 2848 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:27:04.0937 2848 mssmbios - ok
18:27:04.0984 2848 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:27:04.0984 2848 MSTEE - ok
18:27:05.0046 2848 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:27:05.0046 2848 Mup - ok
18:27:05.0109 2848 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:27:05.0109 2848 NABTSFEC - ok
18:27:05.0171 2848 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:27:05.0187 2848 napagent - ok
18:27:05.0250 2848 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:27:05.0250 2848 NDIS - ok
18:27:05.0343 2848 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:27:05.0343 2848 NdisIP - ok
18:27:05.0406 2848 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:27:05.0406 2848 NdisTapi - ok
18:27:05.0421 2848 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:27:05.0421 2848 Ndisuio - ok
18:27:05.0437 2848 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:27:05.0437 2848 NdisWan - ok
18:27:05.0500 2848 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:27:05.0500 2848 NDProxy - ok
18:27:05.0562 2848 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:27:05.0562 2848 NetBIOS - ok
18:27:05.0593 2848 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:27:05.0593 2848 NetBT - ok
18:27:05.0656 2848 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:27:05.0656 2848 NetDDE - ok
18:27:05.0671 2848 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:27:05.0671 2848 NetDDEdsdm - ok
18:27:05.0718 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:27:05.0718 2848 Netlogon - ok
18:27:05.0796 2848 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:27:05.0796 2848 Netman - ok
18:27:05.0968 2848 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
18:27:05.0968 2848 NetSvc - ok
18:27:06.0031 2848 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:27:06.0046 2848 Nla - ok
18:27:06.0093 2848 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:27:06.0093 2848 Npfs - ok
18:27:06.0187 2848 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:27:06.0203 2848 Ntfs - ok
18:27:06.0218 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:27:06.0218 2848 NtLmSsp - ok
18:27:06.0296 2848 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:27:06.0312 2848 NtmsSvc - ok
18:27:06.0359 2848 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:27:06.0359 2848 Null - ok
18:27:06.0453 2848 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:27:06.0500 2848 nv - ok
18:27:06.0578 2848 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:27:06.0578 2848 NwlnkFlt - ok
18:27:06.0593 2848 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:27:06.0593 2848 NwlnkFwd - ok
18:27:06.0656 2848 [ F5CF06754AE54D9D3353FC9C59BC4E04 ] papycpu2 C:\WINDOWS\System32\DRIVERS\papycpu2.sys
18:27:06.0656 2848 papycpu2 - ok
18:27:06.0718 2848 [ B09A71E8E1E127455F3A2FE83D38851F ] papyjoy C:\WINDOWS\System32\DRIVERS\papyjoy.sys
18:27:06.0718 2848 papyjoy - ok
18:27:06.0781 2848 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:27:06.0796 2848 Parport - ok
18:27:06.0859 2848 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:27:06.0859 2848 PartMgr - ok
18:27:06.0921 2848 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:27:06.0921 2848 ParVdm - ok
18:27:06.0953 2848 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:27:06.0953 2848 PCI - ok
18:27:06.0968 2848 PCIDump - ok
18:27:07.0031 2848 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:27:07.0031 2848 PCIIde - ok
18:27:07.0093 2848 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:27:07.0093 2848 Pcmcia - ok
18:27:07.0109 2848 PDCOMP - ok
18:27:07.0125 2848 PDFRAME - ok
18:27:07.0140 2848 PDRELI - ok
18:27:07.0156 2848 PDRFRAME - ok
18:27:07.0203 2848 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
18:27:07.0203 2848 perc2 - ok
18:27:07.0265 2848 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:27:07.0265 2848 perc2hib - ok
18:27:07.0343 2848 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:27:07.0343 2848 PlugPlay - ok
18:27:07.0359 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:27:07.0375 2848 PolicyAgent - ok
18:27:07.0421 2848 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:27:07.0437 2848 PptpMiniport - ok
18:27:07.0437 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:27:07.0453 2848 ProtectedStorage - ok
18:27:07.0500 2848 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:27:07.0500 2848 PSched - ok
18:27:07.0562 2848 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:27:07.0562 2848 Ptilink - ok
18:27:07.0578 2848 ptnnyj - ok
18:27:07.0640 2848 [ DB3B30C3A4CDCF07E164C14584D9D0F2 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:27:07.0640 2848 PxHelp20 - ok
18:27:07.0671 2848 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:27:07.0671 2848 ql1080 - ok
18:27:07.0734 2848 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:27:07.0734 2848 Ql10wnt - ok
18:27:07.0796 2848 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:27:07.0796 2848 ql12160 - ok
18:27:07.0859 2848 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:27:07.0859 2848 ql1240 - ok
18:27:07.0890 2848 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:27:07.0890 2848 ql1280 - ok
18:27:07.0906 2848 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:27:07.0906 2848 RasAcd - ok
18:27:07.0984 2848 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:27:07.0984 2848 RasAuto - ok
18:27:08.0046 2848 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:27:08.0046 2848 Rasl2tp - ok
18:27:08.0109 2848 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:27:08.0109 2848 RasMan - ok
18:27:08.0171 2848 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:27:08.0171 2848 RasPppoe - ok
18:27:08.0187 2848 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:27:08.0187 2848 Raspti - ok
18:27:08.0265 2848 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:27:08.0265 2848 Rdbss - ok
18:27:08.0328 2848 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:27:08.0328 2848 RDPCDD - ok
18:27:08.0390 2848 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:27:08.0390 2848 rdpdr - ok
18:27:08.0468 2848 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:27:08.0468 2848 RDPWD - ok
18:27:08.0546 2848 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:27:08.0562 2848 RDSessMgr - ok
18:27:08.0625 2848 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:27:08.0625 2848 redbook - ok
18:27:08.0687 2848 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:27:08.0687 2848 RemoteAccess - ok
18:27:08.0734 2848 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:27:08.0734 2848 RpcLocator - ok
18:27:08.0781 2848 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:27:08.0781 2848 RpcSs - ok
18:27:08.0859 2848 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:27:08.0859 2848 RSVP - ok
18:27:08.0890 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:27:08.0890 2848 SamSs - ok
18:27:08.0968 2848 [ BA96AB2A659E4FEBF764BA820FD47694 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
18:27:08.0968 2848 SbieDrv - ok
18:27:08.0984 2848 [ 381A725D0CD34C42D0EB059F47FCE713 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
18:27:09.0000 2848 SbieSvc - ok
18:27:09.0062 2848 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:27:09.0062 2848 SCardSvr - ok
18:27:09.0125 2848 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:27:09.0140 2848 Schedule - ok
18:27:09.0156 2848 SDDMI2 - ok
18:27:09.0250 2848 [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
18:27:09.0250 2848 SeagateDashboardService - ok
18:27:09.0312 2848 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:27:09.0312 2848 Secdrv - ok
18:27:09.0375 2848 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:27:09.0390 2848 seclogon - ok
18:27:09.0468 2848 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
18:27:09.0500 2848 senfilt - ok
18:27:09.0562 2848 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:27:09.0562 2848 SENS - ok
18:27:09.0625 2848 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:27:09.0625 2848 serenum - ok
18:27:09.0687 2848 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:27:09.0687 2848 Serial - ok
18:27:09.0703 2848 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:27:09.0703 2848 Sfloppy - ok
18:27:09.0781 2848 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:27:09.0781 2848 SharedAccess - ok
18:27:09.0843 2848 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:27:09.0843 2848 ShellHWDetection - ok
18:27:09.0859 2848 Simbad - ok
18:27:09.0921 2848 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:27:09.0921 2848 sisagp - ok
18:27:09.0968 2848 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:27:09.0968 2848 SLIP - ok
18:27:10.0031 2848 [ 479533BACC58B1EDF916855BCD139556 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
18:27:10.0062 2848 smwdm - ok
18:27:10.0125 2848 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:27:10.0125 2848 Sparrow - ok
18:27:10.0140 2848 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:27:10.0140 2848 splitter - ok
18:27:10.0203 2848 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:27:10.0203 2848 Spooler - ok
18:27:10.0218 2848 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:27:10.0218 2848 sr - ok
18:27:10.0296 2848 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:27:10.0296 2848 srservice - ok
18:27:10.0375 2848 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:27:10.0375 2848 Srv - ok
18:27:10.0437 2848 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:27:10.0437 2848 sscdbhk5 - ok
18:27:10.0468 2848 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:27:10.0468 2848 SSDPSRV - ok
18:27:10.0515 2848 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
18:27:10.0515 2848 ssrtln - ok
18:27:10.0640 2848 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:27:10.0656 2848 stisvc - ok
18:27:10.0718 2848 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:27:10.0734 2848 streamip - ok
18:27:10.0828 2848 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:27:10.0828 2848 swenum - ok
18:27:10.0906 2848 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:27:10.0906 2848 swmidi - ok
18:27:10.0921 2848 SwPrv - ok
18:27:11.0000 2848 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
18:27:11.0000 2848 symc810 - ok
18:27:11.0046 2848 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:27:11.0078 2848 symc8xx - ok
18:27:11.0125 2848 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:27:11.0125 2848 sym_hi - ok
18:27:11.0171 2848 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:27:11.0203 2848 sym_u3 - ok
18:27:11.0281 2848 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:27:11.0281 2848 sysaudio - ok
18:27:11.0375 2848 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:27:11.0406 2848 SysmonLog - ok
18:27:11.0468 2848 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:27:11.0484 2848 TapiSrv - ok
18:27:11.0671 2848 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:27:11.0671 2848 Tcpip - ok
18:27:11.0750 2848 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:27:11.0750 2848 TDPIPE - ok
18:27:11.0796 2848 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:27:11.0796 2848 TDTCP - ok
18:27:11.0875 2848 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:27:11.0875 2848 TermDD - ok
18:27:12.0109 2848 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:27:12.0109 2848 TermService - ok
18:27:12.0296 2848 [ 75B30B9EA32FE7D8BBC332D3B944AD46 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
18:27:12.0328 2848 tfsnboio - ok
18:27:12.0375 2848 [ B811A431B14694D88EB5BEFAA55B4501 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
18:27:12.0375 2848 tfsncofs - ok
18:27:12.0437 2848 [ F5E2CF2144F1FE51DADD6E9063D311EB ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
18:27:12.0453 2848 tfsndrct - ok
18:27:12.0531 2848 [ E32B32045B6B914FD4CAAE8BE6CA7E8A ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
18:27:12.0593 2848 tfsndres - ok
18:27:12.0640 2848 [ 43034B10A94D1C6F13A1A0E848F51226 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
18:27:12.0671 2848 tfsnifs - ok
18:27:12.0718 2848 [ F5EE0FAAFDE37326EA35ACBFA5DEFD3D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
18:27:12.0750 2848 tfsnopio - ok
18:27:12.0828 2848 [ 597348EB65B3E19709E9A45CA2B30B61 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
18:27:12.0859 2848 tfsnpool - ok
18:27:12.0953 2848 [ 767AFFD52432A0F7E7D39F6FF64401F4 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
18:27:12.0984 2848 tfsnudf - ok
18:27:13.0015 2848 [ 2806B2FD00263CCD90CC0638C6139EB0 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
18:27:13.0125 2848 tfsnudfa - ok
18:27:13.0218 2848 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:27:13.0234 2848 Themes - ok
18:27:13.0312 2848 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
18:27:13.0359 2848 TosIde - ok
18:27:13.0437 2848 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:27:13.0468 2848 TrkWks - ok
18:27:13.0515 2848 [ 113384367C3999E084FE156B18C7625E ] TrojanKillerDriver C:\WINDOWS\system32\DRIVERS\gtkdrv.sys
18:27:13.0531 2848 TrojanKillerDriver - ok
18:27:13.0593 2848 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:27:13.0593 2848 Udfs - ok
18:27:13.0656 2848 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
18:27:13.0656 2848 ultra - ok
18:27:13.0718 2848 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:27:13.0718 2848 UMWdf - ok
18:27:13.0796 2848 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:27:13.0796 2848 Update - ok
18:27:13.0859 2848 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:27:13.0859 2848 upnphost - ok
18:27:13.0921 2848 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:27:13.0921 2848 UPS - ok
18:27:13.0984 2848 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
18:27:13.0984 2848 USBAAPL - ok
18:27:14.0093 2848 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:27:14.0093 2848 usbccgp - ok
18:27:14.0156 2848 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:27:14.0156 2848 usbehci - ok
18:27:14.0218 2848 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:27:14.0218 2848 usbhub - ok
18:27:14.0281 2848 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:27:14.0281 2848 usbprint - ok
18:27:14.0312 2848 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:27:14.0312 2848 usbscan - ok
18:27:14.0359 2848 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:27:14.0359 2848 USBSTOR - ok
18:27:14.0390 2848 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:27:14.0390 2848 usbuhci - ok
18:27:14.0453 2848 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:27:14.0453 2848 VgaSave - ok
18:27:14.0484 2848 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:27:14.0484 2848 viaagp - ok
18:27:14.0500 2848 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
18:27:14.0500 2848 ViaIde - ok
18:27:14.0562 2848 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:27:14.0562 2848 VolSnap - ok
18:27:14.0640 2848 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:27:14.0656 2848 VSS - ok
18:27:14.0671 2848 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
18:27:14.0671 2848 w32time - ok
18:27:14.0750 2848 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:27:14.0765 2848 Wanarp - ok
18:27:14.0828 2848 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:27:14.0828 2848 wanatw - ok
18:27:14.0843 2848 WDICA - ok
18:27:14.0890 2848 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:27:14.0890 2848 wdmaud - ok
18:27:14.0953 2848 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:27:14.0953 2848 WebClient - ok
18:27:15.0078 2848 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:27:15.0078 2848 winmgmt - ok
18:27:15.0156 2848 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:27:15.0156 2848 WmdmPmSN - ok
18:27:15.0218 2848 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:27:15.0218 2848 WmiApSrv - ok
18:27:15.0312 2848 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
18:27:15.0312 2848 WsAudio_DeviceS(1) - ok
18:27:15.0375 2848 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
18:27:15.0375 2848 WsAudio_DeviceS(2) - ok
18:27:15.0406 2848 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
18:27:15.0406 2848 WsAudio_DeviceS(3) - ok
18:27:15.0421 2848 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
18:27:15.0421 2848 WsAudio_DeviceS(4) - ok
18:27:15.0453 2848 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
18:27:15.0453 2848 WsAudio_DeviceS(5) - ok
18:27:15.0515 2848 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:27:15.0515 2848 wscsvc - ok
18:27:15.0562 2848 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:27:15.0562 2848 WSTCODEC - ok
18:27:15.0625 2848 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:27:15.0625 2848 wuauserv - ok
18:27:15.0703 2848 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:27:15.0734 2848 WZCSVC - ok
18:27:15.0812 2848 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:27:15.0812 2848 xmlprov - ok
18:27:15.0906 2848 [ F2478FFE3492B486ADBC0F21E3E0B51F ] {09BB444F-B2E2-4009-BAF2-7B727681223E} C:\Program Files\VMLaunch\BuddyVM.sys
18:27:15.0906 2848 {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
18:27:15.0937 2848 ================ Scan global ===============================
18:27:15.0968 2848 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:27:16.0031 2848 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
18:27:16.0062 2848 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
18:27:16.0093 2848 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:27:16.0093 2848 [Global] - ok
18:27:16.0093 2848 ================ Scan MBR ==================================
18:27:16.0140 2848 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
18:27:16.0484 2848 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:27:16.0484 2848 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:27:16.0500 2848 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR4
18:27:16.0625 2848 \Device\Harddisk1\DR4 - ok
18:27:16.0625 2848 ================ Scan VBR ==================================
18:27:16.0656 2848 [ 7D85E7CFB900DDEBEC96DC82A60975B8 ] \Device\Harddisk0\DR0\Partition1
18:27:16.0656 2848 \Device\Harddisk0\DR0\Partition1 - ok
18:27:16.0671 2848 [ 4AD33184D89913F432210E230715DD47 ] \Device\Harddisk1\DR4\Partition1
18:27:16.0671 2848 \Device\Harddisk1\DR4\Partition1 - ok
18:27:16.0671 2848 ============================================================
18:27:16.0671 2848 Scan finished
18:27:16.0671 2848 ============================================================
18:27:16.0687 2820 Detected object count: 3
18:27:16.0687 2820 Actual detected object count: 3
18:28:24.0781 2820 HKLM\SYSTEM\ControlSet002\services\92ade5f1 - will be deleted on reboot
18:28:24.0781 2820 HKLM\SYSTEM\ControlSet003\services\92ade5f1 - will be deleted on reboot
18:28:24.0781 2820 HKLM\SYSTEM\ControlSet004\services\92ade5f1 - will be deleted on reboot
18:28:24.0796 2820 C:\WINDOWS\4058361234:1834097166.exe - will be deleted on reboot
18:28:24.0796 2820 92ade5f1 ( Rootkit.Win32.PMax.gen ) - User select action: Delete
18:28:24.0875 2820 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
18:28:26.0796 2820 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
18:28:27.0265 2820 Backup copy found, using it..
18:28:27.0312 2820 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
18:28:27.0359 2820 IPSec ( Virus.Win32.ZAccess.j ) - User select action: Cure
18:28:27.0375 2820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:28:27.0375 2820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:29:19.0875 2772 Deinitialize success

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:23 PM

Posted 27 August 2012 - 07:56 PM

After SAS

Please rerun TDSS and change the option on these 2 to Cure or Delete.
18:28:27.0375 2820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:28:27.0375 2820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Do you have internet now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 30 August 2012 - 11:47 AM

1-Still no internet, AOL still gives error msg.

2-Does it matter that the objects remain in tdds quarantine?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:23 PM

Posted 30 August 2012 - 01:12 PM

Anything in quarantine is safely separated from the rest of your computer, it cannot run from there, so it can do no harm. So the general advice is to put the infected files in quarantine for a while as you go about your normal computer activities. If everything continues to run properly after a reasonable period of time (say, about a week or two), then delete the files in quarantine permanently.


We are going to have to move to see why there is no internet.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 30 August 2012 - 04:21 PM

ok i will try these and post.

How can I find out if we have 64-bit?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:23 PM

Posted 30 August 2012 - 05:22 PM

Whemnyou get to step 3 you will see it.

http://www.bleepingcomputer.com/forums/topic372543.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 September 2012 - 07:09 PM

dds paste...
Okay, here's DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Dashel R at 7:45:23 on 2012-09-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.333 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\WINDOWS\system32\taskmgr.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
{ef99bd32-c1fb-11d2-892f-0090271d4f88}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1340131474\ee\AOLHostManager.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE\Classes
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE\Classes\CLSID
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ProgID
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE\Classes
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE\Classes\CLSID
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ProgID
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE\Classes
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE\Classes\CLSID
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: YouTube.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\windows\system32\5032\components\AcroFF032.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5033
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5032
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2004-10-5 15872]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-10 88736]
S0 44135994;44135994;c:\windows\system32\drivers\68351647.sys --> c:\windows\system32\drivers\68351647.sys [?]
S0 ptnnyj;ptnnyj;c:\windows\system32\drivers\ftljtywn.sys --> c:\windows\system32\drivers\ftljtywn.sys [?]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys --> c:\windows\system32\drivers\mfetdi2k.sys [?]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 mfefire;McAfee Firewall Core Service;"c:\program files\common files\mcafee\systemcore\\mfefire.exe" --> c:\program files\common files\mcafee\systemcore\\mfefire.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-8 141792]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-10 56064]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 mfeavfk06;McAfee Inc.;\Device\mfeavfk06.sys --> \Device\mfeavfk06.sys [?]
S3 mfebopk26;McAfee Inc.;\Device\mfebopk26.sys --> \Device\mfebopk26.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-10 314088]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-10 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-10 84488]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-6 133392]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-3-7 25704]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 135664]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackuppro\MemeoBackgroundService.exe [2011-5-4 25824]
.
=============== Created Last 30 ================
.
2012-08-27 00:02:18 -------- d-----w- c:\documents and settings\dashel r\application data\SUPERAntiSpyware.com
2012-08-27 00:01:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-27 00:01:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-26 23:28:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 23:22:14 -------- d-----w- C:\Install iTunes
2012-08-13 23:22:12 -------- d-----w- C:\Install ICQ
2012-08-13 23:22:10 -------- d-----w- C:\AOL Instant Messenger
2012-08-13 23:22:05 -------- d-----w- C:\MAV
2012-08-13 23:20:53 -------- d-----w- c:\program files\America Online 9.0
2012-08-13 22:37:08 -------- d-----w- c:\program files\America Online 9.0a
.
==================== Find3M ====================
.
2012-08-26 23:30:23 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-06-12 01:49:00 11690 -csha-w- c:\windows\system32\KGyGaAvL.sys
2005-11-22 13:23:25 34412848 -c--a-w- c:\program files\iTunesSetup.exe
2005-06-01 18:14:41 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16:07 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04:26 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47:20 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-12 01:26:59 2636408 -c--a-w- c:\program files\aawsepersonal.exe
2005-05-04 01:59:07 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08:33 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
.
============= FINISH: 7:47:14.20 ===============

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:23 PM

Posted 06 September 2012 - 07:31 PM

Thank you,now I need you to follow the rest of the Prep Guide instructions

.
Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 September 2012 - 07:32 PM

I do not see an option to "attach files" ark.txt and attach.txt per the instructions.
Awaiting further instructions.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:23 PM

Posted 06 September 2012 - 07:43 PM

There is an option to attach on the lower left below the text entry field

See step 9 of the guide
http://www.bleepingcomputer.com/forums/topic34773.html

If it still an issue then try to jus copy/paste
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users