Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dell xp sp3 aol "cannot find internet"


  • This topic is locked This topic is locked
16 replies to this topic

#1 DELLXPOOPS

DELLXPOOPS

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 06 September 2012 - 07:39 PM

posting ark.txt & attach.txt files

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 PM

Posted 09 September 2012 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download this tool to a CD or fash driver and copy the file to the Desktop of the compromised computer.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 PM

Posted 09 September 2012 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download this tool to a CD or fash driver and copy the file to the Desktop of the compromised computer.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===

Use the same method to download and run this tool.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

#4 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 13 September 2012 - 06:58 PM

Hi , thanks for helping.
here is the DDS paste....



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Dashel R at 7:45:23 on 2012-09-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.333 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\WINDOWS\system32\taskmgr.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
{ef99bd32-c1fb-11d2-892f-0090271d4f88}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1340131474\ee\AOLHostManager.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE\Classes
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE\Classes\CLSID
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ProgID
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE\Classes
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE\Classes\CLSID
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ProgID
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE\Classes
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE\Classes\CLSID
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: YouTube.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\windows\system32\5032\components\AcroFF032.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5033
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5032
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2004-10-5 15872]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-10 88736]
S0 44135994;44135994;c:\windows\system32\drivers\68351647.sys --> c:\windows\system32\drivers\68351647.sys [?]
S0 ptnnyj;ptnnyj;c:\windows\system32\drivers\ftljtywn.sys --> c:\windows\system32\drivers\ftljtywn.sys [?]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys --> c:\windows\system32\drivers\mfetdi2k.sys [?]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 mfefire;McAfee Firewall Core Service;"c:\program files\common files\mcafee\systemcore\\mfefire.exe" --> c:\program files\common files\mcafee\systemcore\\mfefire.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-8 141792]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-10 56064]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 mfeavfk06;McAfee Inc.;\Device\mfeavfk06.sys --> \Device\mfeavfk06.sys [?]
S3 mfebopk26;McAfee Inc.;\Device\mfebopk26.sys --> \Device\mfebopk26.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-10 314088]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-10 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-10 84488]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-6 133392]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-3-7 25704]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 135664]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackuppro\MemeoBackgroundService.exe [2011-5-4 25824]
.
=============== Created Last 30 ================
.
2012-08-27 00:02:18 -------- d-----w- c:\documents and settings\dashel r\application data\SUPERAntiSpyware.com
2012-08-27 00:01:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-27 00:01:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-26 23:28:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 23:22:14 -------- d-----w- C:\Install iTunes
2012-08-13 23:22:12 -------- d-----w- C:\Install ICQ
2012-08-13 23:22:10 -------- d-----w- C:\AOL Instant Messenger
2012-08-13 23:22:05 -------- d-----w- C:\MAV
2012-08-13 23:20:53 -------- d-----w- c:\program files\America Online 9.0
2012-08-13 22:37:08 -------- d-----w- c:\program files\America Online 9.0a
.
==================== Find3M ====================
.
2012-08-26 23:30:23 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-06-12 01:49:00 11690 -csha-w- c:\windows\system32\KGyGaAvL.sys
2005-11-22 13:23:25 34412848 -c--a-w- c:\program files\iTunesSetup.exe
2005-06-01 18:14:41 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16:07 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04:26 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47:20 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-12 01:26:59 2636408 -c--a-w- c:\program files\aawsepersonal.exe
2005-05-04 01:59:07 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08:33 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
.
============= FINISH: 7:47:14.20 ===============

I WILL ADD THE OTHERS LATER.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 PM

Posted 14 September 2012 - 07:52 AM

Open Firefox menu > Tools > Add ons
In the extensions and Plug tabs delete these culprit in bold.

FF - component: c:\windows\system32\5032\components\AcroFF032.dll
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5033

Delete these folders in bold.
c:\windows\system32\5032\
c:\windows\system32\5033\

Restart the computer normally.

====

If your Internet is not working please download and run the Farbar Service Scanner I previously requested.
===

Now or later I will need to see a log from this ComboFix tool.
You may be able to restart the computer in Safe Mode with an internet connection. If you can please download the tool and run it in Safe Mode.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#6 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 14 September 2012 - 06:57 PM

POSTING..Here they are:

Farbar Service Scanner Version: 06-08-2012
Ran by Dashel R (administrator) on 14-09-2012 at 07:00:20
Running from "E:\FARBAR"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec: "system32\drivers\tsk32.tmp".


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) mfetdi2k(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Dashel R at 7:03:24 on 2012-09-14
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
E:\dds\dds.com
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
{ef99bd32-c1fb-11d2-892f-0090271d4f88}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1340131474\ee\AOLHostManager.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE\Classes
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\SOFTWARE\Classes\CLSID
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ProgID
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE\Classes
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\SOFTWARE\Classes\CLSID
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ProgID
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE\Classes
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\SOFTWARE\Classes\CLSID
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: YouTube.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\windows\system32\5032\components\AcroFF032.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5033
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5032
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R? 44135994;44135994
R? CCCP106;CIF USB Camera (2110A)
R? cfwids;McAfee Inc. cfwids
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? MemeoBackgroundService;MemeoBackgroundService
R? mfeavfk06;McAfee Inc.
R? mfebopk26;McAfee Inc.
R? mfefire;McAfee Firewall Core Service
R? mfefirek;McAfee Inc. mfefirek
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? mfetdi2k;McAfee Inc. mfetdi2k
R? mfevtp;McAfee Validation Trust Protection Service
R? ptnnyj;ptnnyj
R? SbieDrv;SbieDrv
R? SeagateDashboardService;Seagate Dashboard Service
R? TrojanKillerDriver;GridinSoft Trojan Killer Driver
R? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
R? WsAudio_DeviceS(2);WsAudio_DeviceS(2)
R? WsAudio_DeviceS(3);WsAudio_DeviceS(3)
R? WsAudio_DeviceS(4);WsAudio_DeviceS(4)
R? WsAudio_DeviceS(5);WsAudio_DeviceS(5)
S? !SASCORE;SAS Core Service
S? {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM
S? mfendiskmp;mfendiskmp
S? MpFilter;Microsoft Malware Protection Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2012-08-27 00:02:18 -------- d-----w- c:\documents and settings\dashel r\application data\SUPERAntiSpyware.com
2012-08-27 00:01:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-27 00:01:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-26 23:28:24 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-08-26 23:30:23 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2005-11-22 13:23:25 34412848 -c--a-w- c:\program files\iTunesSetup.exe
2005-06-01 18:14:41 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16:07 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04:26 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47:20 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-12 01:26:59 2636408 -c--a-w- c:\program files\aawsepersonal.exe
2005-05-04 01:59:07 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08:33 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
.
============= FINISH: 7:05:24.32 ===============

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 PM

Posted 15 September 2012 - 07:12 AM

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec: "system32\drivers\tsk32.tmp".

The tsk32.tmp file is not normal. We have to look further into this.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

#8 DELLXPOOPS

DELLXPOOPS
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 17 September 2012 - 04:50 PM

POSTING..


Here they are:

Farbar Service Scanner Version: 06-08-2012
Ran by Dashel R (administrator) on 16-09-2012 at 20:13:02
Running from "E:\FARBAR"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec: "system32\drivers\tsk32.tmp".


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) mfetdi2k(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****


ComboFix 12-09-14.03 - Dashel R 09/16/2012 21:31:09.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.374 [GMT -5:00]
Running from: e:\combofix\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\C.O\WINDOWS
c:\documents and settings\Dashel R\WINDOWS
c:\windows\EventSystem.log
c:\windows\system32\kock
c:\windows\system32\kock\9SIFRU48.txt
c:\windows\system32\kock\carlos olguin@action.mathtag[1].txt
c:\windows\system32\kock\carlos olguin@quantserve[1].txt
c:\windows\system32\kock\carlos_olguin@a1.interclick[2].txt
c:\windows\system32\kock\carlos_olguin@abmr[1].txt
c:\windows\system32\kock\carlos_olguin@interclick[2].txt
c:\windows\system32\kock\carlos_olguin@turn[2].txt
c:\windows\system32\kock\dashel_r@a1.interclick[1].txt
c:\windows\system32\kock\dashel_r@abmr[1].txt
c:\windows\system32\kock\dashel_r@abmr[2].txt
c:\windows\system32\kock\dashel_r@abmr[3].txt
c:\windows\system32\kock\dashel_r@abmr[4].txt
c:\windows\system32\kock\dashel_r@admonkey.dapper[1].txt
c:\windows\system32\kock\dashel_r@bankofamerica[1].txt
c:\windows\system32\kock\dashel_r@bills.bankofamerica[1].txt
c:\windows\system32\kock\dashel_r@chat.bankofamerica[2].txt
c:\windows\system32\kock\dashel_r@chat.bankofamerica[3].txt
c:\windows\system32\kock\dashel_r@eyereturn[2].txt
c:\windows\system32\kock\dashel_r@imdb[1].txt
c:\windows\system32\kock\dashel_r@interclick[2].txt
c:\windows\system32\kock\dashel_r@onlineeast1.bankofamerica[1].txt
c:\windows\system32\kock\dashel_r@onlineeast2.bankofamerica[2].txt
c:\windows\system32\kock\dashel_r@onlineeast3.bankofamerica[1].txt
c:\windows\system32\kock\dashel_r@quantserve[1].txt
c:\windows\system32\kock\dashel_r@quantserve[2].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[1].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[10].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[2].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[3].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[4].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[5].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[6].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[7].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[8].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[9].txt
c:\windows\system32\kock\dashel_r@sharethis[2].txt
c:\windows\system32\kock\dashel_r@sitekey.bankofamerica[2].txt
c:\windows\system32\kock\dashel_r@www.imdb[2].txt
c:\windows\system32\kock\system@ads.undertone[2].txt
c:\windows\system32\kock\system@quantserve[1].txt
c:\windows\system32\kock\system@scorecardresearch[1].txt
c:\windows\system32\kock\system@undertone[1].txt
c:\windows\system32\nse1A2.tmp
c:\windows\system32\nseA9E.tmp
c:\windows\system32\nsj1A3.tmp
c:\windows\system32\nsn19D.tmp
c:\windows\system32\nss19C.tmp
c:\windows\system32\nsuA9C.tmp
c:\windows\system32\roboot.exe
c:\windows\system32\setb5.tmp
c:\windows\system32\UAs
c:\windows\system32\UAs\As_UAs001.dat
c:\windows\system32\UAs\iexplore.exe_UAs001.dat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\FUSION.DLL
c:\windows\system32\URTTemp\MSCOREE.DLL
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\MSCORSN.DLL
c:\windows\system32\URTTemp\MSCORWKS.DLL
c:\windows\system32\URTTemp\MSVCR71.DLL
c:\windows\system32\URTTemp\REGTLIB.EXE
c:\windows\system32\xmldm
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-08-27 00:02 . 2012-08-27 00:02 -------- d-----w- c:\documents and settings\Dashel R\Application Data\SUPERAntiSpyware.com
2012-08-27 00:01 . 2012-09-01 23:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-27 00:01 . 2012-08-27 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-26 23:28 . 2012-08-26 23:28 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 23:30 . 2004-08-04 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2005-11-22 13:23 . 2005-11-22 10:18 34412848 -c--a-w- c:\program files\iTunesSetup.exe
2005-06-01 18:14 . 2005-06-01 18:09 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16 . 2005-05-20 09:15 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04 . 2005-05-14 23:58 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47 . 2005-05-12 21:47 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-12 01:26 . 2005-05-12 01:26 2636408 -c--a-w- c:\program files\aawsepersonal.exe
2005-05-04 01:59 . 2005-05-04 01:36 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08 . 2004-12-30 20:08 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
2011-04-14 19:01 . 2011-05-31 01:06 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2004-11-19 50776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"HostManager"="c:\program files\Common Files\AOL\1340131474\ee\AOLHostManager.exe" [2005-07-29 159832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dashel R^Start Menu^Programs^Startup^Seagate NA05YTFH Product Registration.lnk]
path=c:\documents and settings\Dashel R\Start Menu\Programs\Startup\Seagate NA05YTFH Product Registration.lnk
backup=c:\windows\pss\Seagate NA05YTFH Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Absolute StartUp monitor]
2005-04-06 17:14 163840 ----a-w- c:\program files\F-Group\Absolute StartUp\ASMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2004-11-19 17:54 50776 ----a-w- c:\program files\America Online 9.0\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 14:40 34904 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
2004-06-18 15:30 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 18:09 167936 ---ha-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-07-29 16:53 159832 ----a-w- c:\program files\Common Files\AOL\1340131474\EE\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2011-05-04 23:40 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2011-05-04 21:16 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-02-06 12:24 451856 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2004-09-09 23:35 1597440 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SbieSvc"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Nes_Snes\\zsnesw.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 44135994;44135994;c:\windows\system32\drivers\68351647.sys [x]
R0 ptnnyj;ptnnyj;c:\windows\System32\drivers\ftljtywn.sys [x]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 mfeavfk06;McAfee Inc.;Device\mfeavfk06.sys [x]
R3 mfebopk26;McAfee Inc.;Device\mfebopk26.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: YouTube.com
FF - ProfilePath - c:\documents and settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-14729783.sys
SafeBoot-36095612.sys
SafeBoot-44135994.sys
SafeBoot-53194947.sys
MSConfigStartUp-AROReminder - c:\program files\ARO 2012\ARO.exe
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Memeo Instant Backup - c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-TaxACT 2009 - c:\2ndsto~1\TAXACT~1\Unta09.exe
AddRemove-TaxACT 2009 California - c:\2ndsto~1\TAXACT~1\UnStTax.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(400)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-09-16 22:01:55
ComboFix-quarantined-files.txt 2012-09-17 03:01
.
Pre-Run: 32,109,297,664 bytes free
Post-Run: 32,766,996,480 bytes free
.
- - End Of File - - 563C2A587CA3BF893D26C23E2BC273DF


.

#9 Guest_dell xp oops 2_*

Guest_dell xp oops 2_*

  • Guests
  • OFFLINE
  •  

Posted 17 September 2012 - 11:36 PM

UPDATE: I made this account to inform that my internet is now working again.

Here's the Farbar and ComboFix scans again, and I will have the TDSS and avast shortly.


Farbar Service Scanner Version: 06-08-2012
Ran by Dashel R (administrator) on 16-09-2012 at 20:13:02
Running from "E:\FARBAR"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec: "system32\drivers\tsk32.tmp".


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) mfetdi2k(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****


ComboFix 12-09-14.03 - Dashel R 09/16/2012 21:31:09.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.374 [GMT -5:00]
Running from: e:\combofix\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\C.O\WINDOWS
c:\documents and settings\Dashel R\WINDOWS
c:\windows\EventSystem.log
c:\windows\system32\kock
c:\windows\system32\kock\9SIFRU48.txt
c:\windows\system32\kock\carlos olguin@action.mathtag[1].txt
c:\windows\system32\kock\carlos olguin@quantserve[1].txt
c:\windows\system32\kock\carlos_olguin@a1.interclick[2].txt
c:\windows\system32\kock\carlos_olguin@abmr[1].txt
c:\windows\system32\kock\carlos_olguin@interclick[2].txt
c:\windows\system32\kock\carlos_olguin@turn[2].txt
c:\windows\system32\kock\dashel_r@a1.interclick[1].txt
c:\windows\system32\kock\dashel_r@abmr[1].txt
c:\windows\system32\kock\dashel_r@abmr[2].txt
c:\windows\system32\kock\dashel_r@abmr[3].txt
c:\windows\system32\kock\dashel_r@abmr[4].txt
c:\windows\system32\kock\dashel_r@admonkey.dapper[1].txt
c:\windows\system32\kock\dashel_r@bankofamerica[1].txt
c:\windows\system32\kock\dashel_r@bills.bankofamerica[1].txt
c:\windows\system32\kock\dashel_r@chat.bankofamerica[2].txt
c:\windows\system32\kock\dashel_r@chat.bankofamerica[3].txt
c:\windows\system32\kock\dashel_r@eyereturn[2].txt
c:\windows\system32\kock\dashel_r@imdb[1].txt
c:\windows\system32\kock\dashel_r@interclick[2].txt
c:\windows\system32\kock\dashel_r@onlineeast1.bankofamerica[1].txt
c:\windows\system32\kock\dashel_r@onlineeast2.bankofamerica[2].txt
c:\windows\system32\kock\dashel_r@onlineeast3.bankofamerica[1].txt
c:\windows\system32\kock\dashel_r@quantserve[1].txt
c:\windows\system32\kock\dashel_r@quantserve[2].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[1].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[10].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[2].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[3].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[4].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[5].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[6].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[7].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[8].txt
c:\windows\system32\kock\dashel_r@scorecardresearch[9].txt
c:\windows\system32\kock\dashel_r@sharethis[2].txt
c:\windows\system32\kock\dashel_r@sitekey.bankofamerica[2].txt
c:\windows\system32\kock\dashel_r@www.imdb[2].txt
c:\windows\system32\kock\system@ads.undertone[2].txt
c:\windows\system32\kock\system@quantserve[1].txt
c:\windows\system32\kock\system@scorecardresearch[1].txt
c:\windows\system32\kock\system@undertone[1].txt
c:\windows\system32\nse1A2.tmp
c:\windows\system32\nseA9E.tmp
c:\windows\system32\nsj1A3.tmp
c:\windows\system32\nsn19D.tmp
c:\windows\system32\nss19C.tmp
c:\windows\system32\nsuA9C.tmp
c:\windows\system32\roboot.exe
c:\windows\system32\setb5.tmp
c:\windows\system32\UAs
c:\windows\system32\UAs\As_UAs001.dat
c:\windows\system32\UAs\iexplore.exe_UAs001.dat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\FUSION.DLL
c:\windows\system32\URTTemp\MSCOREE.DLL
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\MSCORSN.DLL
c:\windows\system32\URTTemp\MSCORWKS.DLL
c:\windows\system32\URTTemp\MSVCR71.DLL
c:\windows\system32\URTTemp\REGTLIB.EXE
c:\windows\system32\xmldm
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-08-27 00:02 . 2012-08-27 00:02 -------- d-----w- c:\documents and settings\Dashel R\Application Data\SUPERAntiSpyware.com
2012-08-27 00:01 . 2012-09-01 23:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-27 00:01 . 2012-08-27 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-26 23:28 . 2012-08-26 23:28 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 23:30 . 2004-08-04 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2005-11-22 13:23 . 2005-11-22 10:18 34412848 -c--a-w- c:\program files\iTunesSetup.exe
2005-06-01 18:14 . 2005-06-01 18:09 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16 . 2005-05-20 09:15 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04 . 2005-05-14 23:58 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47 . 2005-05-12 21:47 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-12 01:26 . 2005-05-12 01:26 2636408 -c--a-w- c:\program files\aawsepersonal.exe
2005-05-04 01:59 . 2005-05-04 01:36 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08 . 2004-12-30 20:08 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
2011-04-14 19:01 . 2011-05-31 01:06 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2004-11-19 50776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"HostManager"="c:\program files\Common Files\AOL\1340131474\ee\AOLHostManager.exe" [2005-07-29 159832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dashel R^Start Menu^Programs^Startup^Seagate NA05YTFH Product Registration.lnk]
path=c:\documents and settings\Dashel R\Start Menu\Programs\Startup\Seagate NA05YTFH Product Registration.lnk
backup=c:\windows\pss\Seagate NA05YTFH Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Absolute StartUp monitor]
2005-04-06 17:14 163840 ----a-w- c:\program files\F-Group\Absolute StartUp\ASMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2004-11-19 17:54 50776 ----a-w- c:\program files\America Online 9.0\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 14:40 34904 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
2004-06-18 15:30 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 18:09 167936 ---ha-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-07-29 16:53 159832 ----a-w- c:\program files\Common Files\AOL\1340131474\EE\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2011-05-04 23:40 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2011-05-04 21:16 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-02-06 12:24 451856 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2004-09-09 23:35 1597440 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SbieSvc"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Nes_Snes\\zsnesw.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 44135994;44135994;c:\windows\system32\drivers\68351647.sys [x]
R0 ptnnyj;ptnnyj;c:\windows\System32\drivers\ftljtywn.sys [x]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
R3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 mfeavfk06;McAfee Inc.;Device\mfeavfk06.sys [x]
R3 mfebopk26;McAfee Inc.;Device\mfebopk26.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: YouTube.com
FF - ProfilePath - c:\documents and settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-14729783.sys
SafeBoot-36095612.sys
SafeBoot-44135994.sys
SafeBoot-53194947.sys
MSConfigStartUp-AROReminder - c:\program files\ARO 2012\ARO.exe
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Memeo Instant Backup - c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-TaxACT 2009 - c:\2ndsto~1\TAXACT~1\Unta09.exe
AddRemove-TaxACT 2009 California - c:\2ndsto~1\TAXACT~1\UnStTax.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(400)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-09-16 22:01:55
ComboFix-quarantined-files.txt 2012-09-17 03:01
.
Pre-Run: 32,109,297,664 bytes free
Post-Run: 32,766,996,480 bytes free
.
- - End Of File - - 563C2A587CA3BF893D26C23E2BC273DF


.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 18 September 2012 - 06:39 AM

Please post the logs requested in post no. 7.

#11 Guest_dell xp oops 2_*

Guest_dell xp oops 2_*

  • Guests
  • OFFLINE
  •  

Posted 18 September 2012 - 09:52 AM

Thank you for helping me get my internet to work. TDSS didn't find anything, but here's the log:

21:54:17.0531 3800 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:54:17.0640 3800 ============================================================
21:54:17.0640 3800 Current date / time: 2012/09/17 21:54:17.0640
21:54:17.0640 3800 SystemInfo:
21:54:17.0640 3800
21:54:17.0640 3800 OS Version: 5.1.2600 ServicePack: 3.0
21:54:17.0640 3800 Product type: Workstation
21:54:17.0640 3800 ComputerName: NO1
21:54:17.0640 3800 UserName: Dashel R
21:54:17.0640 3800 Windows directory: C:\WINDOWS
21:54:17.0640 3800 System windows directory: C:\WINDOWS
21:54:17.0640 3800 Processor architecture: Intel x86
21:54:17.0640 3800 Number of processors: 1
21:54:17.0640 3800 Page size: 0x1000
21:54:17.0640 3800 Boot type: Normal boot
21:54:17.0640 3800 ============================================================
21:54:19.0890 3800 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:54:19.0890 3800 Drive \Device\Harddisk1\DR6 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:54:19.0890 3800 ============================================================
21:54:19.0890 3800 \Device\Harddisk0\DR0:
21:54:19.0890 3800 MBR partitions:
21:54:19.0890 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8F206FE
21:54:19.0890 3800 \Device\Harddisk1\DR6:
21:54:19.0890 3800 MBR partitions:
21:54:19.0890 3800 \Device\Harddisk1\DR6\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x779000
21:54:19.0890 3800 ============================================================
21:54:20.0000 3800 C: <-> \Device\Harddisk0\DR0\Partition1
21:54:20.0000 3800 ============================================================
21:54:20.0000 3800 Initialize success
21:54:20.0000 3800 ============================================================
21:54:28.0953 3728 ============================================================
21:54:28.0953 3728 Scan started
21:54:28.0953 3728 Mode: Manual; TDLFS;
21:54:28.0953 3728 ============================================================
21:54:31.0453 3728 ================ Scan system memory ========================
21:54:31.0468 3728 System memory - ok
21:54:31.0468 3728 ================ Scan services =============================
21:54:31.0671 3728 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:54:31.0718 3728 !SASCORE - ok
21:54:32.0171 3728 44135994 - ok
21:54:32.0187 3728 Abiosdsk - ok
21:54:32.0250 3728 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:54:32.0265 3728 abp480n5 - ok
21:54:32.0546 3728 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:54:32.0593 3728 ACDaemon - ok
21:54:32.0718 3728 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:54:32.0781 3728 ACPI - ok
21:54:32.0859 3728 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:54:32.0859 3728 ACPIEC - ok
21:54:32.0953 3728 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:54:32.0968 3728 Adobe LM Service - ok
21:54:33.0062 3728 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:54:33.0109 3728 adpu160m - ok
21:54:33.0203 3728 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:54:33.0250 3728 aec - ok
21:54:33.0328 3728 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
21:54:33.0328 3728 Afc - ok
21:54:33.0437 3728 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:54:33.0484 3728 AFD - ok
21:54:33.0546 3728 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:54:33.0562 3728 agp440 - ok
21:54:33.0593 3728 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:54:33.0625 3728 agpCPQ - ok
21:54:33.0640 3728 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:54:33.0640 3728 Aha154x - ok
21:54:33.0687 3728 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:54:33.0703 3728 aic78u2 - ok
21:54:33.0750 3728 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:54:33.0765 3728 aic78xx - ok
21:54:33.0843 3728 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:54:33.0843 3728 Alerter - ok
21:54:33.0906 3728 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:54:33.0921 3728 ALG - ok
21:54:33.0937 3728 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:54:33.0953 3728 AliIde - ok
21:54:34.0015 3728 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:54:34.0031 3728 alim1541 - ok
21:54:34.0062 3728 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:54:34.0078 3728 amdagp - ok
21:54:34.0109 3728 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:54:34.0109 3728 amsint - ok
21:54:34.0296 3728 [ AA2770FD967DAB91A597619C4EADC0C9 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
21:54:34.0296 3728 AOL ACS - ok
21:54:34.0406 3728 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
21:54:34.0437 3728 AOL TopSpeedMonitor - ok
21:54:34.0578 3728 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
21:54:34.0640 3728 Apple Mobile Device - ok
21:54:34.0656 3728 AppMgmt - ok
21:54:34.0718 3728 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:54:34.0734 3728 asc - ok
21:54:34.0750 3728 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:54:34.0765 3728 asc3350p - ok
21:54:34.0812 3728 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:54:34.0828 3728 asc3550 - ok
21:54:34.0906 3728 [ B979979AB8027F7F53FB16EC4229B7DB ] ASPI32 C:\WINDOWS\system32\drivers\ASPI32.sys
21:54:34.0921 3728 ASPI32 - ok
21:54:35.0109 3728 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:54:35.0125 3728 aspnet_state - ok
21:54:35.0203 3728 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:54:35.0218 3728 AsyncMac - ok
21:54:35.0328 3728 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:54:35.0328 3728 atapi - ok
21:54:35.0343 3728 Atdisk - ok
21:54:35.0437 3728 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:54:35.0468 3728 Atmarpc - ok
21:54:35.0531 3728 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:54:35.0546 3728 AudioSrv - ok
21:54:35.0625 3728 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:54:35.0640 3728 audstub - ok
21:54:35.0718 3728 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:54:35.0718 3728 Beep - ok
21:54:35.0921 3728 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:54:36.0078 3728 BITS - ok
21:54:36.0218 3728 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:54:36.0312 3728 Bonjour Service - ok
21:54:36.0390 3728 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
21:54:36.0421 3728 Browser - ok
21:54:36.0484 3728 [ C915A416F265149471D74E0815C928B2 ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
21:54:36.0484 3728 bvrp_pci - ok
21:54:36.0656 3728 catchme - ok
21:54:36.0718 3728 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:54:36.0734 3728 cbidf - ok
21:54:36.0750 3728 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:54:36.0750 3728 cbidf2k - ok
21:54:36.0750 3728 CCCP106 - ok
21:54:36.0828 3728 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:54:36.0828 3728 CCDECODE - ok
21:54:36.0890 3728 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:54:36.0890 3728 cd20xrnt - ok
21:54:36.0921 3728 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:54:36.0921 3728 Cdaudio - ok
21:54:36.0968 3728 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:54:36.0984 3728 Cdfs - ok
21:54:37.0031 3728 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:54:37.0046 3728 Cdrom - ok
21:54:37.0125 3728 [ 7FD604CD7A7A0FF8975AF61BDF64C577 ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
21:54:37.0140 3728 cfwids - ok
21:54:37.0156 3728 Changer - ok
21:54:37.0218 3728 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:54:37.0218 3728 CiSvc - ok
21:54:37.0296 3728 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:54:37.0312 3728 ClipSrv - ok
21:54:37.0406 3728 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:54:37.0437 3728 clr_optimization_v2.0.50727_32 - ok
21:54:37.0515 3728 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:54:37.0531 3728 CmdIde - ok
21:54:37.0531 3728 COMSysApp - ok
21:54:37.0578 3728 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:54:37.0578 3728 Cpqarray - ok
21:54:37.0671 3728 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:54:37.0687 3728 CryptSvc - ok
21:54:37.0765 3728 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:54:37.0828 3728 dac2w2k - ok
21:54:37.0890 3728 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:54:37.0906 3728 dac960nt - ok
21:54:38.0109 3728 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:54:38.0250 3728 DcomLaunch - ok
21:54:38.0375 3728 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:54:38.0390 3728 Dhcp - ok
21:54:38.0500 3728 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:54:38.0500 3728 Disk - ok
21:54:38.0515 3728 dlbt_device - ok
21:54:38.0531 3728 dmadmin - ok
21:54:38.0875 3728 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:54:39.0187 3728 dmboot - ok
21:54:39.0265 3728 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:54:39.0328 3728 dmio - ok
21:54:39.0375 3728 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:54:39.0375 3728 dmload - ok
21:54:39.0437 3728 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:54:39.0453 3728 dmserver - ok
21:54:39.0515 3728 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:54:39.0531 3728 DMusic - ok
21:54:39.0609 3728 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:54:39.0625 3728 Dnscache - ok
21:54:39.0734 3728 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:54:39.0781 3728 Dot3svc - ok
21:54:39.0828 3728 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:54:39.0843 3728 dpti2o - ok
21:54:39.0906 3728 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:54:39.0906 3728 drmkaud - ok
21:54:39.0953 3728 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
21:54:39.0984 3728 drvmcdb - ok
21:54:40.0062 3728 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
21:54:40.0078 3728 drvnddm - ok
21:54:40.0234 3728 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
21:54:40.0281 3728 DSBrokerService - ok
21:54:40.0406 3728 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:54:40.0406 3728 DSproct - ok
21:54:40.0484 3728 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:54:40.0484 3728 dsunidrv - ok
21:54:40.0609 3728 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:54:40.0671 3728 E100B - ok
21:54:40.0734 3728 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:54:40.0750 3728 EapHost - ok
21:54:40.0812 3728 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:54:40.0828 3728 ERSvc - ok
21:54:40.0921 3728 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:54:40.0968 3728 Eventlog - ok
21:54:41.0109 3728 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:54:41.0203 3728 EventSystem - ok
21:54:41.0328 3728 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:54:41.0375 3728 Fastfat - ok
21:54:41.0484 3728 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:54:41.0531 3728 FastUserSwitchingCompatibility - ok
21:54:41.0687 3728 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:54:41.0781 3728 Fax - ok
21:54:41.0843 3728 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:54:41.0859 3728 Fdc - ok
21:54:41.0921 3728 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:54:41.0937 3728 Fips - ok
21:54:41.0968 3728 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:54:41.0968 3728 Flpydisk - ok
21:54:42.0078 3728 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:54:42.0125 3728 FltMgr - ok
21:54:42.0140 3728 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:54:42.0140 3728 Fs_Rec - ok
21:54:42.0203 3728 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:54:42.0250 3728 Ftdisk - ok
21:54:42.0312 3728 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:54:42.0328 3728 GEARAspiWDM - ok
21:54:42.0406 3728 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:54:42.0406 3728 Gpc - ok
21:54:42.0500 3728 gupdate - ok
21:54:42.0500 3728 gupdatem - ok
21:54:42.0609 3728 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:54:42.0656 3728 gusvc - ok
21:54:42.0796 3728 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:54:42.0796 3728 helpsvc - ok
21:54:42.0812 3728 HidServ - ok
21:54:42.0875 3728 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:54:42.0875 3728 HidUsb - ok
21:54:42.0953 3728 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:54:42.0984 3728 hkmsvc - ok
21:54:43.0031 3728 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:54:43.0031 3728 hpn - ok
21:54:43.0187 3728 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:54:43.0281 3728 HTTP - ok
21:54:43.0375 3728 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:54:43.0406 3728 HTTPFilter - ok
21:54:43.0453 3728 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:54:43.0453 3728 i2omgmt - ok
21:54:43.0531 3728 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:54:43.0531 3728 i2omp - ok
21:54:43.0609 3728 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:54:43.0625 3728 i8042prt - ok
21:54:44.0187 3728 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:54:44.0734 3728 ialm - ok
21:54:44.0906 3728 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:54:44.0921 3728 IDriverT - ok
21:54:45.0000 3728 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:54:45.0015 3728 Imapi - ok
21:54:45.0125 3728 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:54:45.0171 3728 ImapiService - ok
21:54:45.0218 3728 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:54:45.0218 3728 ini910u - ok
21:54:45.0781 3728 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:54:46.0218 3728 IntelC51 - ok
21:54:46.0531 3728 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:54:46.0796 3728 IntelC52 - ok
21:54:46.0828 3728 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:54:46.0859 3728 IntelC53 - ok
21:54:46.0906 3728 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:54:46.0921 3728 IntelIde - ok
21:54:46.0937 3728 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:54:46.0953 3728 intelppm - ok
21:54:47.0031 3728 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:54:47.0046 3728 Ip6Fw - ok
21:54:47.0109 3728 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:54:47.0125 3728 IpFilterDriver - ok
21:54:47.0187 3728 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:54:47.0203 3728 IpInIp - ok
21:54:47.0296 3728 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:54:47.0343 3728 IpNat - ok
21:54:47.0687 3728 [ 7A3611564FCE7C8BE50B03F58CB3EB7D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:54:47.0921 3728 iPod Service - ok
21:54:48.0000 3728 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:54:48.0031 3728 IPSec - ok
21:54:48.0078 3728 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:54:48.0093 3728 IRENUM - ok
21:54:48.0171 3728 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:54:48.0187 3728 isapnp - ok
21:54:48.0359 3728 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:54:48.0421 3728 JavaQuickStarterService - ok
21:54:48.0484 3728 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:54:48.0500 3728 Kbdclass - ok
21:54:48.0609 3728 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:54:48.0671 3728 kmixer - ok
21:54:48.0765 3728 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:54:48.0781 3728 KSecDD - ok
21:54:48.0875 3728 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:54:48.0921 3728 lanmanserver - ok
21:54:49.0015 3728 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:54:49.0062 3728 lanmanworkstation - ok
21:54:49.0062 3728 lbrtfdc - ok
21:54:49.0140 3728 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:54:49.0140 3728 LmHosts - ok
21:54:49.0312 3728 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
21:54:49.0390 3728 McComponentHostService - ok
21:54:49.0421 3728 McMPFSvc - ok
21:54:49.0437 3728 McNaiAnn - ok
21:54:49.0562 3728 [ F5ABA900F679A710F871B68D4B0F6B27 ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
21:54:49.0578 3728 MemeoBackgroundService - ok
21:54:49.0703 3728 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:54:49.0703 3728 Messenger - ok
21:54:49.0812 3728 [ 113445FC6A858EF453CDED5B0A0DF665 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
21:54:49.0843 3728 mfeapfk - ok
21:54:49.0859 3728 mfeavfk06 - ok
21:54:49.0875 3728 mfebopk26 - ok
21:54:49.0875 3728 mfefire - ok
21:54:50.0062 3728 [ C7DA1B8003C89ACEDAA13768F7A1C622 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
21:54:50.0156 3728 mfefirek - ok
21:54:50.0250 3728 [ B1728195877B18CE63CF0CD00B2871EB ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
21:54:50.0281 3728 mfendisk - ok
21:54:50.0328 3728 [ B1728195877B18CE63CF0CD00B2871EB ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
21:54:50.0343 3728 mfendiskmp - ok
21:54:50.0453 3728 [ CE1711F7C3F72F6762ABD241DCFD5EE1 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
21:54:50.0500 3728 mferkdet - ok
21:54:50.0515 3728 mfetdi2k - ok
21:54:50.0625 3728 [ 822BD7B6A2214EF6DB595579B583A4D3 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
21:54:50.0671 3728 mfevtp - ok
21:54:50.0718 3728 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:54:50.0734 3728 mnmdd - ok
21:54:50.0796 3728 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:54:50.0812 3728 mnmsrvc - ok
21:54:50.0875 3728 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:54:50.0890 3728 Modem - ok
21:54:50.0968 3728 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:54:50.0968 3728 MODEMCSA - ok
21:54:51.0000 3728 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:54:51.0015 3728 mohfilt - ok
21:54:51.0078 3728 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:54:51.0078 3728 Mouclass - ok
21:54:51.0125 3728 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:54:51.0125 3728 mouhid - ok
21:54:51.0187 3728 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:54:51.0203 3728 MountMgr - ok
21:54:51.0312 3728 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:54:51.0375 3728 MpFilter - ok
21:54:51.0515 3728 [ 1AAE79A4176A957BF2BB679812F04655 ] MR97310_USB_DUAL_CAMERA C:\WINDOWS\system32\DRIVERS\mr97310c.sys
21:54:51.0562 3728 MR97310_USB_DUAL_CAMERA - ok
21:54:51.0609 3728 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:54:51.0625 3728 mraid35x - ok
21:54:51.0703 3728 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:54:51.0781 3728 MRxDAV - ok
21:54:52.0000 3728 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:54:52.0156 3728 MRxSmb - ok
21:54:52.0218 3728 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:54:52.0234 3728 MSDTC - ok
21:54:52.0250 3728 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:54:52.0265 3728 Msfs - ok
21:54:52.0265 3728 MSIServer - ok
21:54:52.0328 3728 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:54:52.0343 3728 MSKSSRV - ok
21:54:52.0390 3728 MsMpSvc - ok
21:54:52.0468 3728 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:54:52.0468 3728 MSPCLOCK - ok
21:54:52.0531 3728 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:54:52.0531 3728 MSPQM - ok
21:54:52.0593 3728 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:54:52.0609 3728 mssmbios - ok
21:54:52.0656 3728 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:54:52.0671 3728 MSTEE - ok
21:54:52.0765 3728 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:54:52.0796 3728 Mup - ok
21:54:52.0875 3728 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:54:52.0906 3728 NABTSFEC - ok
21:54:53.0109 3728 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:54:53.0203 3728 napagent - ok
21:54:53.0296 3728 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:54:53.0359 3728 NDIS - ok
21:54:53.0406 3728 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:54:53.0421 3728 NdisIP - ok
21:54:53.0531 3728 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:54:53.0531 3728 NdisTapi - ok
21:54:53.0593 3728 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:54:53.0609 3728 Ndisuio - ok
21:54:53.0656 3728 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:54:53.0687 3728 NdisWan - ok
21:54:53.0765 3728 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:54:53.0781 3728 NDProxy - ok
21:54:53.0859 3728 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:54:53.0875 3728 NetBIOS - ok
21:54:53.0953 3728 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:54:54.0000 3728 NetBT - ok
21:54:54.0109 3728 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:54:54.0140 3728 NetDDE - ok
21:54:54.0187 3728 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:54:54.0187 3728 NetDDEdsdm - ok
21:54:54.0265 3728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:54:54.0265 3728 Netlogon - ok
21:54:54.0390 3728 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:54:54.0453 3728 Netman - ok
21:54:54.0609 3728 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
21:54:54.0671 3728 NetSvc - ok
21:54:54.0796 3728 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:54:54.0859 3728 Nla - ok
21:54:54.0921 3728 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:54:54.0937 3728 Npfs - ok
21:54:55.0171 3728 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:54:55.0359 3728 Ntfs - ok
21:54:55.0421 3728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:54:55.0421 3728 NtLmSsp - ok
21:54:55.0671 3728 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:54:55.0828 3728 NtmsSvc - ok
21:54:55.0875 3728 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:54:55.0890 3728 Null - ok
21:54:56.0687 3728 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:54:57.0375 3728 nv - ok
21:54:57.0468 3728 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:54:57.0484 3728 NwlnkFlt - ok
21:54:57.0531 3728 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:54:57.0546 3728 NwlnkFwd - ok
21:54:57.0609 3728 [ F5CF06754AE54D9D3353FC9C59BC4E04 ] papycpu2 C:\WINDOWS\System32\DRIVERS\papycpu2.sys
21:54:57.0609 3728 papycpu2 - ok
21:54:57.0640 3728 [ B09A71E8E1E127455F3A2FE83D38851F ] papyjoy C:\WINDOWS\System32\DRIVERS\papyjoy.sys
21:54:57.0640 3728 papyjoy - ok
21:54:57.0718 3728 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:54:57.0750 3728 Parport - ok
21:54:57.0812 3728 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:54:57.0828 3728 PartMgr - ok
21:54:57.0890 3728 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:54:57.0890 3728 ParVdm - ok
21:54:57.0984 3728 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:54:58.0015 3728 PCI - ok
21:54:58.0015 3728 PCIDump - ok
21:54:58.0062 3728 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:54:58.0062 3728 PCIIde - ok
21:54:58.0140 3728 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:54:58.0171 3728 Pcmcia - ok
21:54:58.0187 3728 PDCOMP - ok
21:54:58.0203 3728 PDFRAME - ok
21:54:58.0218 3728 PDRELI - ok
21:54:58.0218 3728 PDRFRAME - ok
21:54:58.0296 3728 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:54:58.0296 3728 perc2 - ok
21:54:58.0359 3728 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:54:58.0359 3728 perc2hib - ok
21:54:58.0453 3728 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:54:58.0453 3728 PlugPlay - ok
21:54:58.0531 3728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:54:58.0531 3728 PolicyAgent - ok
21:54:58.0609 3728 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:54:58.0625 3728 PptpMiniport - ok
21:54:58.0640 3728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:54:58.0640 3728 ProtectedStorage - ok
21:54:58.0734 3728 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:54:58.0765 3728 PSched - ok
21:54:58.0828 3728 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:54:58.0828 3728 Ptilink - ok
21:54:58.0843 3728 ptnnyj - ok
21:54:58.0921 3728 [ DB3B30C3A4CDCF07E164C14584D9D0F2 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:54:58.0937 3728 PxHelp20 - ok
21:54:58.0968 3728 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:54:58.0968 3728 ql1080 - ok
21:54:59.0046 3728 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:54:59.0062 3728 Ql10wnt - ok
21:54:59.0140 3728 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:54:59.0156 3728 ql12160 - ok
21:54:59.0203 3728 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:54:59.0218 3728 ql1240 - ok
21:54:59.0250 3728 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:54:59.0265 3728 ql1280 - ok
21:54:59.0296 3728 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:54:59.0296 3728 RasAcd - ok
21:54:59.0390 3728 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:54:59.0406 3728 RasAuto - ok
21:54:59.0500 3728 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:54:59.0531 3728 Rasl2tp - ok
21:54:59.0640 3728 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:54:59.0703 3728 RasMan - ok
21:54:59.0765 3728 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:54:59.0781 3728 RasPppoe - ok
21:54:59.0796 3728 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:54:59.0812 3728 Raspti - ok
21:54:59.0921 3728 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:54:59.0984 3728 Rdbss - ok
21:55:00.0000 3728 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:55:00.0000 3728 RDPCDD - ok
21:55:00.0109 3728 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:55:00.0187 3728 rdpdr - ok
21:55:00.0296 3728 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:55:00.0343 3728 RDPWD - ok
21:55:00.0468 3728 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:55:00.0531 3728 RDSessMgr - ok
21:55:00.0609 3728 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:55:00.0640 3728 redbook - ok
21:55:00.0703 3728 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:55:00.0718 3728 RemoteAccess - ok
21:55:00.0812 3728 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:55:00.0843 3728 RpcLocator - ok
21:55:01.0046 3728 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:55:01.0046 3728 RpcSs - ok
21:55:01.0171 3728 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:55:01.0218 3728 RSVP - ok
21:55:01.0234 3728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:55:01.0234 3728 SamSs - ok
21:55:01.0281 3728 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:55:01.0296 3728 SASDIFSV - ok
21:55:01.0375 3728 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:55:01.0390 3728 SASKUTIL - ok
21:55:01.0531 3728 [ BA96AB2A659E4FEBF764BA820FD47694 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
21:55:01.0578 3728 SbieDrv - ok
21:55:01.0640 3728 [ 381A725D0CD34C42D0EB059F47FCE713 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
21:55:01.0671 3728 SbieSvc - ok
21:55:01.0750 3728 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:55:01.0781 3728 SCardSvr - ok
21:55:01.0921 3728 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:55:01.0984 3728 Schedule - ok
21:55:02.0000 3728 SDDMI2 - ok
21:55:02.0109 3728 [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
21:55:02.0125 3728 SeagateDashboardService - ok
21:55:02.0187 3728 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:55:02.0187 3728 Secdrv - ok
21:55:02.0265 3728 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:55:02.0265 3728 seclogon - ok
21:55:02.0484 3728 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
21:55:02.0656 3728 senfilt - ok
21:55:02.0734 3728 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:55:02.0750 3728 SENS - ok
21:55:02.0812 3728 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:55:02.0812 3728 serenum - ok
21:55:02.0890 3728 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:55:02.0921 3728 Serial - ok
21:55:02.0968 3728 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:55:02.0968 3728 Sfloppy - ok
21:55:03.0187 3728 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:55:03.0296 3728 SharedAccess - ok
21:55:03.0375 3728 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:55:03.0375 3728 ShellHWDetection - ok
21:55:03.0390 3728 Simbad - ok
21:55:03.0468 3728 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:55:03.0484 3728 sisagp - ok
21:55:03.0546 3728 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:55:03.0562 3728 SLIP - ok
21:55:03.0718 3728 [ 479533BACC58B1EDF916855BCD139556 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:55:03.0796 3728 smwdm - ok
21:55:03.0843 3728 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:55:03.0859 3728 Sparrow - ok
21:55:03.0875 3728 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:55:03.0875 3728 splitter - ok
21:55:03.0953 3728 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:55:03.0984 3728 Spooler - ok
21:55:04.0062 3728 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:55:04.0093 3728 sr - ok
21:55:04.0203 3728 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:55:04.0265 3728 srservice - ok
21:55:04.0453 3728 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:55:04.0609 3728 Srv - ok
21:55:04.0671 3728 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:55:04.0671 3728 sscdbhk5 - ok
21:55:04.0765 3728 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:55:04.0781 3728 SSDPSRV - ok
21:55:04.0828 3728 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
21:55:04.0828 3728 ssrtln - ok
21:55:05.0015 3728 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:55:05.0140 3728 stisvc - ok
21:55:05.0203 3728 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:55:05.0203 3728 streamip - ok
21:55:05.0265 3728 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:55:05.0265 3728 swenum - ok
21:55:05.0343 3728 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:55:05.0359 3728 swmidi - ok
21:55:05.0375 3728 SwPrv - ok
21:55:05.0453 3728 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:55:05.0468 3728 symc810 - ok
21:55:05.0562 3728 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:55:05.0593 3728 symc8xx - ok
21:55:05.0609 3728 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:55:05.0625 3728 sym_hi - ok
21:55:05.0640 3728 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:55:05.0656 3728 sym_u3 - ok
21:55:05.0750 3728 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:55:05.0781 3728 sysaudio - ok
21:55:05.0859 3728 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:55:05.0890 3728 SysmonLog - ok
21:55:06.0046 3728 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:55:06.0125 3728 TapiSrv - ok
21:55:06.0312 3728 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:55:06.0453 3728 Tcpip - ok
21:55:06.0515 3728 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:55:06.0531 3728 TDPIPE - ok
21:55:06.0593 3728 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:55:06.0609 3728 TDTCP - ok
21:55:06.0687 3728 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:55:06.0703 3728 TermDD - ok
21:55:06.0890 3728 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:55:06.0984 3728 TermService - ok
21:55:07.0125 3728 [ 75B30B9EA32FE7D8BBC332D3B944AD46 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
21:55:07.0125 3728 tfsnboio - ok
21:55:07.0156 3728 [ B811A431B14694D88EB5BEFAA55B4501 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
21:55:07.0171 3728 tfsncofs - ok
21:55:07.0203 3728 [ F5E2CF2144F1FE51DADD6E9063D311EB ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
21:55:07.0203 3728 tfsndrct - ok
21:55:07.0265 3728 [ E32B32045B6B914FD4CAAE8BE6CA7E8A ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
21:55:07.0265 3728 tfsndres - ok
21:55:07.0312 3728 [ 43034B10A94D1C6F13A1A0E848F51226 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
21:55:07.0343 3728 tfsnifs - ok
21:55:07.0406 3728 [ F5EE0FAAFDE37326EA35ACBFA5DEFD3D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
21:55:07.0421 3728 tfsnopio - ok
21:55:07.0437 3728 [ 597348EB65B3E19709E9A45CA2B30B61 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
21:55:07.0437 3728 tfsnpool - ok
21:55:07.0500 3728 [ 767AFFD52432A0F7E7D39F6FF64401F4 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
21:55:07.0546 3728 tfsnudf - ok
21:55:07.0640 3728 [ 2806B2FD00263CCD90CC0638C6139EB0 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
21:55:07.0671 3728 tfsnudfa - ok
21:55:07.0750 3728 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:55:07.0750 3728 Themes - ok
21:55:07.0812 3728 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:55:07.0828 3728 TosIde - ok
21:55:07.0906 3728 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:55:07.0953 3728 TrkWks - ok
21:55:08.0015 3728 [ 113384367C3999E084FE156B18C7625E ] TrojanKillerDriver C:\WINDOWS\system32\DRIVERS\gtkdrv.sys
21:55:08.0015 3728 TrojanKillerDriver - ok
21:55:08.0093 3728 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:55:08.0125 3728 Udfs - ok
21:55:08.0203 3728 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:55:08.0218 3728 ultra - ok
21:55:08.0281 3728 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:55:08.0296 3728 UMWdf - ok
21:55:08.0484 3728 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:55:08.0671 3728 Update - ok
21:55:08.0781 3728 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:55:08.0843 3728 upnphost - ok
21:55:08.0890 3728 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:55:08.0890 3728 UPS - ok
21:55:08.0968 3728 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:55:08.0984 3728 USBAAPL - ok
21:55:09.0062 3728 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:55:09.0062 3728 usbccgp - ok
21:55:09.0140 3728 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:55:09.0156 3728 usbehci - ok
21:55:09.0234 3728 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:55:09.0250 3728 usbhub - ok
21:55:09.0312 3728 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:55:09.0328 3728 usbprint - ok
21:55:09.0343 3728 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:55:09.0359 3728 usbscan - ok
21:55:09.0421 3728 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:55:09.0421 3728 USBSTOR - ok
21:55:09.0453 3728 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:55:09.0453 3728 usbuhci - ok
21:55:09.0531 3728 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:55:09.0531 3728 VgaSave - ok
21:55:09.0609 3728 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:55:09.0625 3728 viaagp - ok
21:55:09.0687 3728 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:55:09.0687 3728 ViaIde - ok
21:55:09.0781 3728 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:55:09.0796 3728 VolSnap - ok
21:55:09.0953 3728 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:55:10.0062 3728 VSS - ok
21:55:10.0140 3728 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
21:55:10.0203 3728 w32time - ok
21:55:10.0281 3728 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:55:10.0281 3728 Wanarp - ok
21:55:10.0359 3728 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:55:10.0375 3728 wanatw - ok
21:55:10.0375 3728 WDICA - ok
21:55:10.0437 3728 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:55:10.0468 3728 wdmaud - ok
21:55:10.0593 3728 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:55:10.0609 3728 WebClient - ok
21:55:10.0781 3728 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:55:10.0828 3728 winmgmt - ok
21:55:10.0953 3728 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:55:10.0968 3728 WmdmPmSN - ok
21:55:11.0062 3728 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:55:11.0093 3728 WmiApSrv - ok
21:55:11.0140 3728 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:55:11.0156 3728 WS2IFSL - ok
21:55:11.0218 3728 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
21:55:11.0234 3728 WsAudio_DeviceS(1) - ok
21:55:11.0265 3728 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
21:55:11.0281 3728 WsAudio_DeviceS(2) - ok
21:55:11.0312 3728 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
21:55:11.0312 3728 WsAudio_DeviceS(3) - ok
21:55:11.0343 3728 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
21:55:11.0359 3728 WsAudio_DeviceS(4) - ok
21:55:11.0390 3728 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
21:55:11.0406 3728 WsAudio_DeviceS(5) - ok
21:55:11.0484 3728 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:55:11.0531 3728 wscsvc - ok
21:55:11.0578 3728 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:55:11.0578 3728 WSTCODEC - ok
21:55:11.0656 3728 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:55:11.0687 3728 wuauserv - ok
21:55:11.0968 3728 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:55:12.0140 3728 WZCSVC - ok
21:55:12.0250 3728 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:55:12.0296 3728 xmlprov - ok
21:55:12.0375 3728 [ F2478FFE3492B486ADBC0F21E3E0B51F ] {09BB444F-B2E2-4009-BAF2-7B727681223E} C:\Program Files\VMLaunch\BuddyVM.sys
21:55:12.0390 3728 {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
21:55:12.0468 3728 ================ Scan global ===============================
21:55:12.0515 3728 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:55:12.0781 3728 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
21:55:13.0046 3728 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
21:55:13.0093 3728 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:55:13.0093 3728 [Global] - ok
21:55:13.0109 3728 ================ Scan MBR ==================================
21:55:13.0156 3728 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
21:55:14.0093 3728 \Device\Harddisk0\DR0 - ok
21:55:14.0109 3728 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR6
21:55:14.0218 3728 \Device\Harddisk1\DR6 - ok
21:55:14.0218 3728 ================ Scan VBR ==================================
21:55:14.0250 3728 [ 7D85E7CFB900DDEBEC96DC82A60975B8 ] \Device\Harddisk0\DR0\Partition1
21:55:14.0250 3728 \Device\Harddisk0\DR0\Partition1 - ok
21:55:14.0250 3728 [ FA569370BC29AF1A6E38D79F040D293C ] \Device\Harddisk1\DR6\Partition1
21:55:14.0265 3728 \Device\Harddisk1\DR6\Partition1 - ok
21:55:14.0265 3728 ============================================================
21:55:14.0265 3728 Scan finished
21:55:14.0265 3728 ============================================================
21:55:14.0281 2220 Detected object count: 0
21:55:14.0281 2220 Actual detected object count: 0
21:57:46.0468 4016 Deinitialize success

and avast:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 07:30:42
-----------------------------
07:30:42.656 OS Version: Windows 5.1.2600 Service Pack 3
07:30:42.656 Number of processors: 1 586 0x401
07:30:42.656 ComputerName: NO1 UserName:
07:30:54.718 Initialize success
07:32:10.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:32:10.671 Disk 0 Vendor: WDC_WD800BB-75FJA1 14.03G14 Size: 76293MB BusType: 3
07:32:10.687 Disk 0 MBR read successfully
07:32:10.687 Disk 0 MBR scan
07:32:10.687 Disk 0 unknown MBR code
07:32:10.703 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
07:32:10.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73280 MB offset 64260
07:32:10.765 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 2972 MB offset 150143490
07:32:10.781 Disk 0 scanning sectors +156232125
07:32:11.140 Disk 0 scanning C:\WINDOWS\system32\drivers
07:33:16.078 Service scanning
07:34:15.296 Modules scanning
07:35:44.046 Disk 0 trace - called modules:
07:35:44.078 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
07:35:44.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x833da148]
07:35:44.078 3 CLASSPNP.SYS[f86f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8337eb00]
07:35:44.078 Scan finished successfully
07:35:59.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dashel R\My Documents\Downloads\MBR.dat"
07:35:59.437 The log file has been saved successfully to "C:\Documents and Settings\Dashel R\My Documents\Downloads\aswMBR.txt"

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 PM

Posted 18 September 2012 - 12:59 PM

Your logs are clean.

Having started a new topic under a new name leaves the other thread open.
I cannot see what tools were suggested and and run.

Can you give me the URL of the other topic.

#13 Guest_dell xp oops 2_*

Guest_dell xp oops 2_*

  • Guests
  • OFFLINE
  •  

Posted 18 September 2012 - 05:12 PM

Sure, here you are: dell xp sp3 aol cannot find internet

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 19 September 2012 - 10:01 AM

Please let me know of any issues with this computer.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 PM

Posted 25 September 2012 - 09:32 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users