Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run certain things - XP / Dell Inspiron E1705


  • Please log in to reply
17 replies to this topic

#1 Djimbe

Djimbe

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 05 November 2012 - 01:27 PM

Im running a Dell Inspiron E1705, And I was trying to set up an ad hoc in my home, and I started to notice all kinds of little subtle bulltwaddle. Came to a head when I realised that i couldnt even run MBAMM an I tried to install Chrome and it just gives me the "Gong of doom" sound whenever I try to actually RUN chrome. There have been other more subtle difficulties , but honestly I wasnt keeping score until then. How do I find out IF I have a Malware Issue or not? And as Im pretty sure that I do, which it may be and what is to be done about it?

Edit:
Just noticed that I cant open more than one IE window at a timme, Either.

Edited by Djimbe, 05 November 2012 - 01:38 PM.


BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 06 November 2012 - 02:11 PM

Please perform these steps from safemode with networking.

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

#3 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 November 2012 - 07:43 AM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.07.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: OWNER-91E0115B3 [administrator]

11/7/2012 12:13:49 PM
mbam-log-2012-11-07 (13-32-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354628
Time elapsed: 1 hour(s), 18 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\n.) Good: (wbemess.dll) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\nomatterwhatnick\Local Settings\temp\teamviewer.dll (Trojan.Phex.THAGen2) -> No action taken.
C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\n (Trojan.Dropper.PE4) -> No action taken.
C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\U\800000cb.@ (Rootkit.0Access) -> No action taken.

(end)

#4 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 November 2012 - 07:47 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/07/2012 at 02:23 PM

Application Version : 5.6.1014

Core Rules Database Version : 9546
Trace Rules Database Version: 7358

Scan type : Quick Scan
Total Scan Time : 00:43:45

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 266
Memory threats detected : 0
Registry items scanned : 31839
Registry threats detected : 0
File items scanned : 23995
File threats detected : 123

Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\KATIE\Cookies\29A8F4LF.txt [ Cookie:katie@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KSXWM86L.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZD7F04IY.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RB14IG9U.txt [ Cookie:system@ad.mlnadvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YQGPKMLM.txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9RITGWLO.txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W57PK1EI.txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\87DT8DAO.txt [ Cookie:system@banners.gossipcenter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FBU6V1S3.txt [ Cookie:system@admedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5P9YR3S1.txt [ Cookie:system@adserver1.cpmburner.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YO317BG7.txt [ Cookie:system@iluv.clickbooth.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XW5XFCLX.txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9UX813XY.txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QCBLZIO8.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\H2IEISSE.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5OGWBFV5.txt [ Cookie:system@ees.rotator.hadj1.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y6O6S5IB.txt [ Cookie:system@findplex.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V3J5MH0I.txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\J5RQAXF5.txt [ Cookie:system@delivery.bluefinmediaads.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L8NEEP5Y.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ODM1LUZ3.txt [ Cookie:system@ads1.ministerial5.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1UM6GYE0.txt [ Cookie:system@goclicker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\66UWZYVL.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CPAO53M2.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LBLLUAHL.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IP96N2FI.txt [ Cookie:system@accounts.youtube.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\52E43E9B.txt [ Cookie:system@filter.cynosmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CFD098RL.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UJSGPTZS.txt [ Cookie:system@gamersmedia.com/servlet/ajrotator/track/pt1270282 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8IA46P95.txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VQ3TTRUZ.txt [ Cookie:system@bridge.sf.admarketplace.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DUTBFGYX.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IF2RD56N.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RZW5WIHD.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Z8WU5W1U.txt [ Cookie:system@adstat.4u.pl/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SA2K0YH0.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EJP2JL6U.txt [ Cookie:system@h2porn.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\O2QW6KQF.txt [ Cookie:system@click1.globotechservices.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\F02G8O9D.txt [ Cookie:system@adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\29XX4177.txt [ Cookie:system@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JIQG1N2R.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K8IVVPIB.txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TFQHSR6M.txt [ Cookie:system@adserver1.mediacpm.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\912DFZWR.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RHX7FKEQ.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\05SV3MA1.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9J9JVNRF.txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3FO8CPCO.txt [ Cookie:system@delivery.trafficbroker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CTA71UXW.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PO44KTHH.txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X15LPN6Y.txt [ Cookie:system@s3.mediaadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FZLG24OS.txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NZCQY9IF.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N52LSUQA.txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HP3AEEY8.txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U3E7KK87.txt [ Cookie:system@mshakers.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C4IFUWT7.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WXS37WP0.txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JLE151A9.txt [ Cookie:system@a.revenuemax.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OT3O9S1A.txt [ Cookie:system@tracking.cindyclips.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\S896XXZL.txt [ Cookie:system@ads4adult.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C4Z01XET.txt [ Cookie:system@www.supermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QE7LGKE7.txt [ Cookie:system@search.upperadvertiser.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1W7YXESV.txt [ Cookie:system@rotator.adjuggler.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\62DZ6WGQ.txt [ Cookie:system@moviefind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7Z2PGOC0.txt [ Cookie:system@oa-track.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TDWHF0EK.txt [ Cookie:system@ads.crakmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\I1UEA0YY.txt [ Cookie:system@simple2advertise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SA1EFR0B.txt [ Cookie:system@trafficholder.com/cgi-bin/traffic/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0BL24JCT.txt [ Cookie:system@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1IE2ZZ4G.txt [ Cookie:system@liveperson.net/hc/90028956 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\52GHM1G5.txt [ Cookie:system@adserv.ololoshads.org/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RGHEZ379.txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IWP3JRAF.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZRU4MZ4K.txt [ Cookie:system@adserver.zenoviaexchange.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZLDIFVVR.txt [ Cookie:system@xiti.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6W8E22ZF.txt [ Cookie:system@insight.torbit.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\II360QS1.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OKB8I7YL.txt [ Cookie:system@e-2dj6wfkywlcjido.stats.esomniture.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7IC8LX7F.txt [ Cookie:system@zero-seek.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PVBIW0YB.txt [ Cookie:system@openx.overadmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CJESDUX9.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WILZP7E5.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\86BN5QPW.txt [ Cookie:system@liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X9UNNHQV.txt [ Cookie:system@banners.adcontrol.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZVNHRSFK.txt [ Cookie:system@unrulymedia.com/blank.gif ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UDAED395.txt [ Cookie:system@stat.4u.pl/cgi-bin/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1PF50Q1P.txt [ Cookie:system@sexxx2.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MVA84QLL.txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UBGXQXWT.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XWMEQ4DE.txt [ Cookie:system@www.ads4adult.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DSP6XGE3.txt [ Cookie:system@clickbooth.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X7LN2B0J.txt [ Cookie:system@adprudence.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RG7P2VRQ.txt [ Cookie:system@server.iad.liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TTI30SAB.txt [ Cookie:system@twentyfirstsearch.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CGVPCQVA.txt [ Cookie:system@ox-d.hotpointmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\IW4GLGNH.txt [ Cookie:nomatterwhatnick@sexad.net/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\3YA8R0O2.txt [ Cookie:nomatterwhatnick@enoratraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\6E8QWLHF.txt [ Cookie:nomatterwhatnick@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\7L38TP7Z.txt [ Cookie:nomatterwhatnick@syndication.traffichaus.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\VPXAXTLX.txt [ Cookie:nomatterwhatnick@martiniadnetwork.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\V3VQGB1T.txt [ Cookie:nomatterwhatnick@www.mofosex.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\FXNTBEHG.txt [ Cookie:nomatterwhatnick@7.rotator.wigetmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\AZ5IRQJI.txt [ Cookie:nomatterwhatnick@h2porn.com/videos/everyone-has-a-turn-in-this-horny-bachelorette-party/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\BQJR0VK1.txt [ Cookie:nomatterwhatnick@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\8HEXKQXT.txt [ Cookie:nomatterwhatnick@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\X7A5OJKZ.txt [ Cookie:nomatterwhatnick@adx.kat.ph/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\X8YE02DZ.txt [ Cookie:nomatterwhatnick@adxpansion.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\0E4E8Q3Y.txt [ Cookie:nomatterwhatnick@c.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\9J91TVP1.txt [ Cookie:nomatterwhatnick@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\T4G8CN31.txt [ Cookie:nomatterwhatnick@www.pornoxo.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\NC3Z0P6H.txt [ Cookie:nomatterwhatnick@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\2F7HCXO3.txt [ Cookie:nomatterwhatnick@ads.adsbookie.com/ads/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\8YTNRZQJ.txt [ Cookie:nomatterwhatnick@exoclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\APW8LSDZ.txt [ Cookie:nomatterwhatnick@ox-d.adnetxchange.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\H1JMN6K0.txt [ Cookie:nomatterwhatnick@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\VUXRTJNZ.txt [ Cookie:nomatterwhatnick@ero-advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\LZZJEGTC.txt [ Cookie:nomatterwhatnick@h2porn.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\XUA54C29.txt [ Cookie:nomatterwhatnick@www.helltraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\XMENVKDO.txt [ Cookie:nomatterwhatnick@sandiegosexualmedicine.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\PC71SIHJ.txt [ Cookie:nomatterwhatnick@intermundomedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\Cookies\XG8AUHXM.txt [ Cookie:nomatterwhatnick@imrworldwide.com/cgi-bin ]

Trojan.Agent/Gen-Kazy
C:\DOCUMENTS AND SETTINGS\NOMATTERWHATNICK\LOCAL SETTINGS\TEMP\2F.TMP

#5 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 November 2012 - 07:49 AM

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M5M5MWOF\imp[3] HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V4Q4I8EV\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\nomatterwhatnick\Application Data\Sun\Java\Deployment\cache\6.0\10\6fd0398a-1383f0a1 a variant of Win32/Kryptik.AHYZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\nomatterwhatnick\Local Settings\Application Data\{aff775f1-2c54-877d-238b-f4f923048ba5}\n a variant of Win32/Kryptik.AHZA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\ff9f66\85.mof.vir Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\nomatterwhatnick\Application Data\647EE1A796995D161CCDC00163855816\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\1A7.tmp.vir a variant of Win32/Kryptik.TXV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar.vir Win32/Adware.OneStep application deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\trz16.tmp.vir a variant of Win32/Sirefef.CR trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\U\00000001.@ Win32/Conedex.Q trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\U\80000000.@ Win32/Sirefef.FA trojan cleaned by deleting - quarantined

#6 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 November 2012 - 07:53 AM

MiniToolBox by Farbar Version: 07-11-2012
Ran by Administrator (administrator) on 07-11-2012 at 18:36:48
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=static addr=192.168.133.1 mask=255.255.255.0
set dns name="Wireless Network Connection 4" source=static addr=192.168.133.1 register=PRIMARY
set wins name="Wireless Network Connection 4" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : owner-91e0115b3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-18-8B-A2-47-53



Ethernet adapter Wireless Network Connection 4:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1500 Draft 802.11n WLAN Mini-Card

Physical Address. . . . . . . . . : 00-19-7D-07-BA-01

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b a2 47 53 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 19 7d 07 ba 01 ...... Dell Wireless 1500 Draft 802.11n WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/05/2012 03:06:15 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/05/2012 03:06:15 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/05/2012 04:15:25 AM) (Source: Application Hang) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/05/2012 04:15:12 AM) (Source: Application Hang) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/05/2012 03:08:07 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (11/05/2012 03:07:51 AM) (Source: MsiInstaller) (User: OWNER-91E0115B3)
Description: Product: Evernote v. 4.5.10 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2884. The arguments are: ExitDialog, ,

Error: (11/05/2012 03:07:51 AM) (Source: MsiInstaller) (User: OWNER-91E0115B3)
Description: Product: Evernote v. 4.5.10 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2884. The arguments are: ErrorDlg, ,

Error: (11/05/2012 02:44:52 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application connectifyd.exe, version 1.0.0.0, stamp 5089860b, faulting module connectifynat.dll, version 0.0.0.0, stamp 508985c0, debug? 0, fault address 0x00018a2d.

Error: (11/04/2012 10:35:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 171889469

Error: (11/04/2012 10:35:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 171889469


System errors:
=============
Error: (11/07/2012 06:34:13 PM) (Source: DCOM) (User: OWNER-91E0115B3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/07/2012 06:34:12 PM) (Source: DCOM) (User: OWNER-91E0115B3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/07/2012 03:48:34 PM) (Source: DCOM) (User: OWNER-91E0115B3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/07/2012 03:40:41 PM) (Source: DCOM) (User: OWNER-91E0115B3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/07/2012 03:40:23 PM) (Source: DCOM) (User: OWNER-91E0115B3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/07/2012 03:40:22 PM) (Source: DCOM) (User: OWNER-91E0115B3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/07/2012 03:40:17 PM) (Source: DCOM) (User: OWNER-91E0115B3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/07/2012 03:11:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/07/2012 03:11:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (11/07/2012 03:11:14 PM) (Source: DCOM) (User: OWNER-91E0115B3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (11/05/2012 03:06:15 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/05/2012 03:06:15 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/05/2012 04:15:25 AM) (Source: Application Hang)(User: )
Description: mmc.exe5.2.3790.4136hungapp0.0.0.000000000

Error: (11/05/2012 04:15:12 AM) (Source: Application Hang)(User: )
Description: mmc.exe5.2.3790.4136hungapp0.0.0.000000000

Error: (11/05/2012 03:08:07 AM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (11/05/2012 03:07:51 AM) (Source: MsiInstaller)(User: OWNER-91E0115B3)
Description: Product: Evernote v. 4.5.10 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2884. The arguments are: ExitDialog, , (NULL)(NULL)(NULL)

Error: (11/05/2012 03:07:51 AM) (Source: MsiInstaller)(User: OWNER-91E0115B3)
Description: Product: Evernote v. 4.5.10 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2884. The arguments are: ErrorDlg, , (NULL)(NULL)(NULL)

Error: (11/05/2012 02:44:52 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: connectifyd.exe1.0.0.05089860bconnectifynat.dll0.0.0.0508985c0000018a2d

Error: (11/04/2012 10:35:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 171889469

Error: (11/04/2012 10:35:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 171889469


=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
7-Zip 9.22beta
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader XI (Version: 11.0.00)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations (Version: 2.8.255.292)
Bonjour (Version: 2.0.4.0)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
CCleaner (Version: 3.10)
Cheetah DVD Burner
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
Conexant HDA D110 MDC V.92 Modem
Connectify Hotspot (Version: 3.7.0.25374)
dcmsvc 1.0
Dell Wireless WLAN Card (Version: 4.170.25.12)
DriverAgent by eSupport.com
Epson Event Manager (Version: 2.30.00)
Epson FAX Utility (Version: 1.00.000)
Epson PC-FAX Driver
EPSON Printer Software
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
ESET Online Scanner v3
Evernote v. 4.5.10 (Version: 4.5.10.7472)
FrostWire 4.21.5 (Version: 4.21.5.0)
Google Chrome (Version: 23.0.1271.64)
Google Update Helper (Version: 1.3.21.123)
Haali Media Splitter
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
ImgBurn (Version: 2.5.6.0)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.5.0000)
Java™ 6 Update 17 (Version: 6.0.170)
K-Lite Codec Pack 7.6.7 (Full) (Version: 7.6.7)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Matroska Pack
mCore (Version: 11.02.0000)
mDriver (Version: 11.02.0000)
mDrWiFi (Version: 11.02.0000)
mHlpDell (Version: 11.02.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mIWA (Version: 11.02.0000)
mLogView (Version: 11.02.0000)
mMHouse (Version: 11.02.0000)
MobileMe Control Panel (Version: 3.1.5.0)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
mPfMgr (Version: 11.02.0000)
mPfWiz (Version: 11.02.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 11.02.0000)
MSN
mSSO (Version: 11.02.0000)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 11.02.0000)
mZConfig (Version: 11.02.0000)
NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111
Otto
Presto! PageManager 8.15.01 SE (Version: 8.15.01)
QuickTime (Version: 7.69.80.9)
Real Alternative 2.0.2 (Version: 2.0.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0179)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.33.19.4)
SigmaTel Audio (Version: 5.10.5210.0)
Sound Blaster ADVANCED MB Drivers
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
TuneUp Companion 1.9.0 (Version: 1.9.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
Vz In Home Agent (Version: 7.07.02)
WebFldrs XP (Version: 9.50.7523)
WinDjView 1.0.3 (Version: 1.0.3)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (Version: 11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Software Update

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 2038.37 MB
Available physical RAM: 1492.88 MB
Total Pagefile: 3934.87 MB
Available Pagefile: 3673.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.91 MB

========================= Partitions: =====================================

1 Drive c: (Brugger) (Fixed) (Total:149.04 GB) (Free:5.38 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-91E0115B3

Administrator ASPNET Guest
HelpAssistant Katie nomatterwhatnick
SUPPORT_388945a0


**** End of log ****

#7 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 November 2012 - 07:54 AM

Norman Malware Cleaner v2.06.01
Copyright İ 1990 - 2012, Norman ASA.

Windows running in safe mode.
Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1794, Date: 2012/11/07 08:23:42, Variants: 15286090
nvcmacro.def: Version: 0.00.00, Date: 1969/12/31 19:00:00, Variants: 0

Operating System: Windows XP Service Pack 3

Switches: /iagree /cleanrootkit /nosb
Running without NSAK

Scan started: 2012/11/07 19:03:47

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 647
Number of objects scanned: 647
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 55s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\Documents and Settings\Administrator\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\Administrator\NTUSER.DAT.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\Administrator\Local Settings\temp\Perflib_Perfdata_5f8.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\64AQSY7P\iframe3[2].htm: File infected with xml:legacyascii/Iframe.PZ
Delete file: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\64AQSY7P\iframe3[2].htm
Cleaning successful
C:\Documents and Settings\nomatterwhatnick\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe: File infected with winpe/Suspicious_Gen2.SPLFO
Delete file: C:\Documents and Settings\nomatterwhatnick\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe
Cleaning successful
C:\Documents and Settings\nomatterwhatnick\My Documents\cnet_CheetahDVDBurner_exe.exe: File infected with winpe/InstallCore.T
Delete file: C:\Documents and Settings\nomatterwhatnick\My Documents\cnet_CheetahDVDBurner_exe.exe
Cleaning successful
C:\Documents and Settings\nomatterwhatnick\My Documents\cnet_full_video_converter_free_exe.exe: File infected with winpe/InstallCore.T
C:\Documents and Settings\nomatterwhatnick\My Documents\ComboFix.exe: File infected with winpe/Suspicious_Gen2.SPOAY
Delete file: C:\Documents and Settings\nomatterwhatnick\My Documents\cnet_full_video_converter_free_exe.exe
Cleaning successful
Delete file: C:\Documents and Settings\nomatterwhatnick\My Documents\ComboFix.exe
Cleaning successful
C:\Documents and Settings\nomatterwhatnick\My Documents\Downloads\EvID4226Patch223d-en.zip: Archive infected
C:\Documents and Settings\nomatterwhatnick\My Documents\Downloads\EvID4226Patch223d-en.zip/EvID4226Patch.exe: File infected with winpe/EvidPatch.CX
Delete archive object: C:\Documents and Settings\nomatterwhatnick\My Documents\Downloads\EvID4226Patch223d-en.zip\EvID4226Patch.exe
Cleaning successful
C:\Program Files\NewSoft\Presto! PageManager 8 for EP\Convert.exe: File infected with win32/Clicker.BBI
Delete file: C:\Program Files\NewSoft\Presto! PageManager 8 for EP\Convert.exe
Cleaning successful
C:\System Volume Information\_restore{FC191FE7-0C0C-41F5-BC39-8A73B853E015}\RP251\A0193231.exe: File infected with winpe/Suspicious_Gen2.SPLFO
C:\System Volume Information\_restore{FC191FE7-0C0C-41F5-BC39-8A73B853E015}\RP251\A0193232.exe: File infected with win32/Clicker.BBI
Delete file: C:\System Volume Information\_restore{FC191FE7-0C0C-41F5-BC39-8A73B853E015}\RP251\A0193232.exe
Cleaning successful
Delete file: C:\System Volume Information\_restore{FC191FE7-0C0C-41F5-BC39-8A73B853E015}\RP251\A0193231.exe
Cleaning successful
C:\WINDOWS\system32\config\default: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\default.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\SAM: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\SAM.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\SECURITY: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\SECURITY.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\software: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\software.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\system: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\system.LOG: Error opening file for read: 0x00000020

Number of files found: 216313
Number of archives unpacked: 2948
Number of objects found: 472016
Number of objects scanned: 471993
Number of objects not scanned: 23
Number of malicious objects found: 9
Number of malicious objects cleaned: 9
Number of malicious files found: 9
Number of malicious files cleaned: 9
Scanning time: 2h 43m 30s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 216313
Total number of archives unpacked: 2948
Total number of objects found: 472663
Total number of objects scanned: 472640
Total number of objects not scanned: 23
Total number of malicious objects found: 9
Total number of malicious objects cleaned: 9
Total number of malicious files found: 9
Total number of malicious files cleaned: 9
Total number of objects quarantined: 8
Total scanning time: 2h 44m 25s

#8 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 November 2012 - 08:03 AM

# AdwCleaner v2.007 - Logfile created 11/08/2012 at 07:57:36
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - OWNER-91E0115B3
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\Desktop\repair kit\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Found : C:\Documents and Settings\nomatterwhatnick\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\nomatterwhatnick\Local Settings\Application Data\OpenCandy
Folder Found : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\nomatterwhatnick\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2284 octets] - [08/11/2012 07:57:36]

########## EOF - C:\AdwCleaner[R1].txt - [2344 octets] ##########

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 08 November 2012 - 07:35 PM

Please Re-run Malwarebytes and remove the found threats this time.
Please Also re-run adware cleaner and hit the delete button this time.

Post both logs in your next reply please.

#10 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 November 2012 - 07:02 AM

# AdwCleaner v2.007 - Logfile created 11/09/2012 at 06:51:42
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : nomatterwhatnick - OWNER-91E0115B3
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\repair kit\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\nomatterwhatnick\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\nomatterwhatnick\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\nomatterwhatnick\Application Data\Mozilla\Firefox\Profiles\i3falnmk.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c68u01qi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\nomatterwhatnick\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2413 octets] - [08/11/2012 07:57:36]
AdwCleaner[R2].txt - [4321 octets] - [09/11/2012 06:51:16]
AdwCleaner[S1].txt - [4006 octets] - [09/11/2012 06:51:42]

########## EOF - C:\AdwCleaner[S1].txt - [4066 octets] ##########

#11 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 November 2012 - 01:50 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.07.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
nomatterwhatnick :: OWNER-91E0115B3 [administrator]

11/9/2012 7:03:42 AM
mbam-log-2012-11-09 (07-03-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284443
Time elapsed: 34 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\nomatterwhatnick\Local Settings\Application Data\{aff775f1-2c54-877d-238b-f4f923048ba5}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 10 November 2012 - 11:12 AM

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/

Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe

#13 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 13 November 2012 - 11:18 AM

Sorry if it seems like Im not taking this seriously or something, but the recovery from Sandy keeps intermittently knocking out either my Power, my internet, or both. Im really going as fast as I am able and still tend to work, etc.

#14 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 13 November 2012 - 11:20 AM

10:37:58.0718 0404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:37:59.0265 0404 ============================================================
10:37:59.0265 0404 Current date / time: 2012/11/13 10:37:59.0265
10:37:59.0265 0404 SystemInfo:
10:37:59.0265 0404
10:37:59.0265 0404 OS Version: 5.1.2600 ServicePack: 3.0
10:37:59.0265 0404 Product type: Workstation
10:37:59.0265 0404 ComputerName: OWNER-91E0115B3
10:37:59.0265 0404 UserName: Administrator
10:37:59.0265 0404 Windows directory: C:\WINDOWS
10:37:59.0265 0404 System windows directory: C:\WINDOWS
10:37:59.0265 0404 Processor architecture: Intel x86
10:37:59.0265 0404 Number of processors: 2
10:37:59.0265 0404 Page size: 0x1000
10:37:59.0265 0404 Boot type: Safe boot with network
10:37:59.0265 0404 ============================================================
10:38:01.0515 0404 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:38:01.0515 0404 ============================================================
10:38:01.0515 0404 \Device\Harddisk0\DR0:
10:38:01.0515 0404 MBR partitions:
10:38:01.0515 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
10:38:01.0515 0404 ============================================================
10:38:01.0562 0404 C: <-> \Device\Harddisk0\DR0\Partition1
10:38:01.0562 0404 ============================================================
10:38:01.0562 0404 Initialize success
10:38:01.0562 0404 ============================================================
10:38:37.0125 0804 ============================================================
10:38:37.0125 0804 Scan started
10:38:37.0125 0804 Mode: Manual; TDLFS;
10:38:37.0125 0804 ============================================================
10:38:38.0312 0804 ================ Scan system memory ========================
10:38:38.0312 0804 System memory - ok
10:38:38.0343 0804 ================ Scan services =============================
10:38:38.0531 0804 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:38:38.0531 0804 !SASCORE - ok
10:38:38.0859 0804 Abiosdsk - ok
10:38:38.0906 0804 abp480n5 - ok
10:38:39.0125 0804 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:38:39.0125 0804 ACDaemon - ok
10:38:39.0250 0804 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:38:39.0250 0804 ACPI - ok
10:38:39.0343 0804 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:38:39.0343 0804 ACPIEC - ok
10:38:39.0546 0804 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:38:39.0562 0804 AdobeFlashPlayerUpdateSvc - ok
10:38:39.0593 0804 adpu160m - ok
10:38:39.0703 0804 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:38:39.0703 0804 aec - ok
10:38:39.0812 0804 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:38:39.0828 0804 AFD - ok
10:38:39.0859 0804 Aha154x - ok
10:38:39.0921 0804 aic78u2 - ok
10:38:39.0984 0804 aic78xx - ok
10:38:40.0109 0804 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:38:40.0125 0804 Alerter - ok
10:38:40.0203 0804 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:38:40.0203 0804 ALG - ok
10:38:40.0250 0804 AliIde - ok
10:38:40.0312 0804 amsint - ok
10:38:40.0468 0804 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:38:40.0468 0804 Apple Mobile Device - ok
10:38:40.0562 0804 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:38:40.0578 0804 AppMgmt - ok
10:38:40.0625 0804 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:38:40.0625 0804 Arp1394 - ok
10:38:40.0671 0804 asc - ok
10:38:40.0750 0804 asc3350p - ok
10:38:40.0812 0804 asc3550 - ok
10:38:41.0203 0804 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:38:41.0281 0804 aspnet_state - ok
10:38:41.0328 0804 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:38:41.0328 0804 AsyncMac - ok
10:38:41.0421 0804 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:38:41.0421 0804 atapi - ok
10:38:41.0484 0804 Atdisk - ok
10:38:41.0578 0804 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:38:41.0593 0804 Atmarpc - ok
10:38:41.0703 0804 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:38:41.0718 0804 AudioSrv - ok
10:38:41.0828 0804 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:38:41.0828 0804 audstub - ok
10:38:42.0000 0804 [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:38:42.0062 0804 BCM43XX - ok
10:38:42.0125 0804 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:38:42.0125 0804 bcm4sbxp - ok
10:38:42.0265 0804 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:38:42.0265 0804 Beep - ok
10:38:42.0390 0804 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:38:42.0406 0804 Bonjour Service - ok
10:38:42.0484 0804 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
10:38:42.0500 0804 Bridge - ok
10:38:42.0546 0804 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
10:38:42.0546 0804 BridgeMP - ok
10:38:42.0640 0804 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
10:38:42.0656 0804 Browser - ok
10:38:43.0875 0804 catchme - ok
10:38:44.0125 0804 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:38:44.0125 0804 cbidf2k - ok
10:38:44.0156 0804 cd20xrnt - ok
10:38:44.0265 0804 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:38:44.0281 0804 Cdaudio - ok
10:38:44.0375 0804 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:38:44.0390 0804 Cdfs - ok
10:38:44.0437 0804 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:38:44.0437 0804 Cdrom - ok
10:38:44.0562 0804 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:38:44.0562 0804 CiSvc - ok
10:38:44.0640 0804 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:38:44.0640 0804 ClipSrv - ok
10:38:44.0875 0804 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:38:44.0968 0804 clr_optimization_v2.0.50727_32 - ok
10:38:45.0046 0804 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:38:45.0062 0804 CmBatt - ok
10:38:45.0109 0804 CmdIde - ok
10:38:45.0203 0804 [ 10996BCB155D97D72EE17EBE34484755 ] cnnctfy2 C:\WINDOWS\system32\DRIVERS\cnnctfy2.sys
10:38:45.0218 0804 cnnctfy2 - ok
10:38:45.0250 0804 [ 10996BCB155D97D72EE17EBE34484755 ] cnnctfy2MP C:\WINDOWS\system32\DRIVERS\cnnctfy2.sys
10:38:45.0250 0804 cnnctfy2MP - ok
10:38:45.0328 0804 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:38:45.0328 0804 Compbatt - ok
10:38:45.0390 0804 COMSysApp - ok
10:38:45.0500 0804 [ 0337C4CFDFABE96EFC1BB3CB173B995C ] Connectify C:\Program Files\Connectify\ConnectifyService.exe
10:38:45.0515 0804 Connectify - ok
10:38:45.0609 0804 Cpqarray - ok
10:38:45.0718 0804 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:38:45.0734 0804 CryptSvc - ok
10:38:45.0828 0804 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
10:38:45.0843 0804 ctsfm2k - ok
10:38:45.0890 0804 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
10:38:45.0906 0804 CTUSFSYN - ok
10:38:45.0937 0804 dac2w2k - ok
10:38:46.0000 0804 dac960nt - ok
10:38:46.0140 0804 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:38:46.0390 0804 DcomLaunch - ok
10:38:46.0500 0804 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:38:46.0500 0804 Dhcp - ok
10:38:46.0546 0804 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:38:46.0546 0804 Disk - ok
10:38:46.0609 0804 dmadmin - ok
10:38:46.0750 0804 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:38:46.0765 0804 dmboot - ok
10:38:46.0843 0804 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:38:46.0859 0804 dmio - ok
10:38:46.0937 0804 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:38:46.0937 0804 dmload - ok
10:38:47.0015 0804 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:38:47.0031 0804 dmserver - ok
10:38:47.0078 0804 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:38:47.0078 0804 DMusic - ok
10:38:47.0171 0804 [ D2EE54CDBCED01D48F2B18642BE79A98 ] DNINDIS5 C:\WINDOWS\system32\DNINDIS5.SYS
10:38:47.0171 0804 DNINDIS5 - ok
10:38:47.0218 0804 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:38:47.0218 0804 Dnscache - ok
10:38:47.0328 0804 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:38:47.0343 0804 Dot3svc - ok
10:38:47.0406 0804 dpti2o - ok
10:38:47.0562 0804 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:38:47.0562 0804 drmkaud - ok
10:38:47.0640 0804 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:38:47.0640 0804 EapHost - ok
10:38:47.0843 0804 [ 27434C42A13C11F92CA45840B720D671 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
10:38:47.0859 0804 ehRecvr - ok
10:38:47.0921 0804 [ 16910F8B482919BB6035ED053B691692 ] ehSched C:\WINDOWS\eHome\ehSched.exe
10:38:47.0921 0804 ehSched - ok
10:38:48.0031 0804 [ F9472131367D39435D750F5FA3D23582 ] Eplpdx02 C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
10:38:48.0046 0804 Eplpdx02 - ok
10:38:48.0281 0804 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
10:38:48.0328 0804 EPSON_EB_RPCV4_01 - ok
10:38:48.0406 0804 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
10:38:48.0406 0804 EPSON_PM_RPCV4_01 - ok
10:38:48.0515 0804 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:38:48.0515 0804 ERSvc - ok
10:38:48.0625 0804 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:38:48.0625 0804 Eventlog - ok
10:38:48.0781 0804 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:38:48.0796 0804 EventSystem - ok
10:38:48.0984 0804 [ F10E7AA8BDF4488E3DFA989B8E7F7C9F ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
10:38:49.0031 0804 EvtEng - ok
10:38:49.0125 0804 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:38:49.0125 0804 Fastfat - ok
10:38:49.0234 0804 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:38:49.0250 0804 FastUserSwitchingCompatibility - ok
10:38:49.0296 0804 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:38:49.0296 0804 Fdc - ok
10:38:49.0406 0804 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:38:49.0406 0804 Fips - ok
10:38:49.0453 0804 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:38:49.0453 0804 Flpydisk - ok
10:38:49.0593 0804 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:38:49.0593 0804 FltMgr - ok
10:38:49.0765 0804 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:38:49.0781 0804 FontCache3.0.0.0 - ok
10:38:49.0890 0804 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:38:49.0890 0804 Fs_Rec - ok
10:38:49.0937 0804 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:38:49.0953 0804 Ftdisk - ok
10:38:50.0031 0804 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:38:50.0031 0804 Gpc - ok
10:38:50.0156 0804 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:38:50.0156 0804 gupdate - ok
10:38:50.0187 0804 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:38:50.0203 0804 gupdatem - ok
10:38:50.0265 0804 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:38:50.0281 0804 HDAudBus - ok
10:38:50.0437 0804 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:38:50.0453 0804 helpsvc - ok
10:38:50.0515 0804 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:38:50.0515 0804 HidServ - ok
10:38:50.0625 0804 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:38:50.0625 0804 HidUsb - ok
10:38:50.0734 0804 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:38:50.0734 0804 hkmsvc - ok
10:38:50.0765 0804 hpn - ok
10:38:50.0921 0804 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
10:38:50.0968 0804 HSF_DPV - ok
10:38:51.0031 0804 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
10:38:51.0031 0804 HSXHWAZL - ok
10:38:51.0156 0804 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:38:51.0171 0804 HTTP - ok
10:38:51.0218 0804 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:38:51.0328 0804 HTTPFilter - ok
10:38:51.0375 0804 i2omp - ok
10:38:51.0468 0804 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:38:51.0468 0804 i8042prt - ok
10:38:51.0859 0804 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:38:52.0156 0804 ialm - ok
10:38:52.0406 0804 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:38:52.0437 0804 idsvc - ok
10:38:52.0484 0804 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:38:52.0484 0804 Imapi - ok
10:38:52.0609 0804 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:38:52.0609 0804 ImapiService - ok
10:38:52.0687 0804 ini910u - ok
10:38:52.0781 0804 IntelIde - ok
10:38:52.0937 0804 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:38:52.0937 0804 intelppm - ok
10:38:53.0015 0804 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:38:53.0015 0804 Ip6Fw - ok
10:38:53.0062 0804 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:38:53.0062 0804 IpFilterDriver - ok
10:38:53.0125 0804 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:38:53.0125 0804 IpInIp - ok
10:38:53.0218 0804 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:38:53.0218 0804 IpNat - ok
10:38:53.0265 0804 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:38:53.0265 0804 IPSec - ok
10:38:53.0359 0804 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:38:53.0359 0804 IRENUM - ok
10:38:53.0453 0804 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:38:53.0468 0804 isapnp - ok
10:38:53.0625 0804 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:38:53.0625 0804 JavaQuickStarterService - ok
10:38:53.0703 0804 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:38:53.0703 0804 Kbdclass - ok
10:38:53.0796 0804 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:38:53.0812 0804 kbdhid - ok
10:38:53.0906 0804 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:38:53.0921 0804 kmixer - ok
10:38:53.0968 0804 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:38:53.0984 0804 KSecDD - ok
10:38:54.0109 0804 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:38:54.0109 0804 lanmanserver - ok
10:38:54.0218 0804 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:38:54.0218 0804 lanmanworkstation - ok
10:38:54.0359 0804 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:38:54.0359 0804 LmHosts - ok
10:38:54.0484 0804 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:38:54.0484 0804 mdmxsdk - ok
10:38:54.0546 0804 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:38:54.0562 0804 Messenger - ok
10:38:54.0640 0804 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
10:38:54.0640 0804 MHN - ok
10:38:54.0734 0804 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:38:54.0734 0804 MHNDRV - ok
10:38:54.0859 0804 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:38:54.0859 0804 mnmdd - ok
10:38:54.0968 0804 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:38:54.0968 0804 mnmsrvc - ok
10:38:55.0109 0804 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:38:55.0109 0804 Modem - ok
10:38:55.0281 0804 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
10:38:55.0359 0804 monfilt - ok
10:38:55.0406 0804 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:38:55.0406 0804 Mouclass - ok
10:38:55.0531 0804 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:38:55.0531 0804 mouhid - ok
10:38:55.0593 0804 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:38:55.0593 0804 MountMgr - ok
10:38:55.0687 0804 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:38:55.0687 0804 MozillaMaintenance - ok
10:38:55.0718 0804 mraid35x - ok
10:38:55.0796 0804 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:38:55.0796 0804 MRxDAV - ok
10:38:55.0921 0804 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:38:55.0953 0804 MRxSmb - ok
10:38:56.0062 0804 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:38:56.0062 0804 MSDTC - ok
10:38:56.0140 0804 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:38:56.0140 0804 Msfs - ok
10:38:56.0203 0804 MSIServer - ok
10:38:56.0296 0804 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:38:56.0296 0804 MSKSSRV - ok
10:38:56.0375 0804 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:38:56.0375 0804 MSPCLOCK - ok
10:38:56.0406 0804 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:38:56.0406 0804 MSPQM - ok
10:38:56.0500 0804 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:38:56.0500 0804 mssmbios - ok
10:38:56.0578 0804 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:38:56.0593 0804 Mup - ok
10:38:56.0656 0804 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:38:56.0687 0804 napagent - ok
10:38:56.0765 0804 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:38:56.0781 0804 NDIS - ok
10:38:56.0921 0804 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:38:56.0921 0804 NdisTapi - ok
10:38:57.0000 0804 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:38:57.0000 0804 Ndisuio - ok
10:38:57.0062 0804 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:38:57.0062 0804 NdisWan - ok
10:38:57.0171 0804 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:38:57.0171 0804 NDProxy - ok
10:38:57.0218 0804 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:38:57.0218 0804 NetBIOS - ok
10:38:57.0312 0804 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:38:57.0328 0804 NetBT - ok
10:38:57.0421 0804 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:38:57.0437 0804 NetDDE - ok
10:38:57.0484 0804 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:38:57.0484 0804 NetDDEdsdm - ok
10:38:57.0640 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:38:57.0656 0804 Netlogon - ok
10:38:57.0734 0804 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:38:57.0750 0804 Netman - ok
10:38:57.0812 0804 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:38:57.0828 0804 NetTcpPortSharing - ok
10:38:57.0937 0804 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:38:57.0937 0804 NIC1394 - ok
10:38:58.0000 0804 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:38:58.0015 0804 Nla - ok
10:38:58.0125 0804 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:38:58.0125 0804 Npfs - ok
10:38:58.0218 0804 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:38:58.0250 0804 Ntfs - ok
10:38:58.0281 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:38:58.0296 0804 NtLmSsp - ok
10:38:58.0421 0804 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:38:58.0437 0804 NtmsSvc - ok
10:38:58.0500 0804 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:38:58.0515 0804 Null - ok
10:38:58.0593 0804 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:38:58.0593 0804 NwlnkFlt - ok
10:38:58.0718 0804 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:38:58.0718 0804 NwlnkFwd - ok
10:38:58.0781 0804 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:38:58.0781 0804 ohci1394 - ok
10:38:58.0937 0804 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:38:58.0953 0804 ose - ok
10:38:59.0000 0804 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
10:38:59.0000 0804 ossrv - ok
10:38:59.0093 0804 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:38:59.0109 0804 Parport - ok
10:38:59.0203 0804 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:38:59.0218 0804 PartMgr - ok
10:38:59.0296 0804 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:38:59.0296 0804 ParVdm - ok
10:38:59.0343 0804 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:38:59.0343 0804 PCI - ok
10:38:59.0406 0804 PCIDump - ok
10:38:59.0515 0804 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:38:59.0515 0804 PCIIde - ok
10:38:59.0562 0804 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:38:59.0609 0804 Pcmcia - ok
10:38:59.0640 0804 perc2 - ok
10:38:59.0703 0804 perc2hib - ok
10:38:59.0953 0804 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:38:59.0968 0804 PlugPlay - ok
10:39:00.0015 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:39:00.0015 0804 PolicyAgent - ok
10:39:00.0140 0804 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:39:00.0140 0804 PptpMiniport - ok
10:39:00.0171 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:39:00.0187 0804 ProtectedStorage - ok
10:39:00.0250 0804 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:39:00.0265 0804 PSched - ok
10:39:00.0328 0804 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:39:00.0328 0804 Ptilink - ok
10:39:00.0468 0804 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:39:00.0484 0804 PxHelp20 - ok
10:39:00.0531 0804 ql1080 - ok
10:39:00.0593 0804 Ql10wnt - ok
10:39:00.0656 0804 ql12160 - ok
10:39:00.0718 0804 ql1240 - ok
10:39:00.0781 0804 ql1280 - ok
10:39:00.0906 0804 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:39:00.0906 0804 RasAcd - ok
10:39:00.0968 0804 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:39:00.0984 0804 RasAuto - ok
10:39:01.0031 0804 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:39:01.0031 0804 Rasl2tp - ok
10:39:01.0156 0804 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:39:01.0171 0804 RasMan - ok
10:39:01.0203 0804 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:39:01.0203 0804 RasPppoe - ok
10:39:01.0265 0804 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:39:01.0265 0804 Raspti - ok
10:39:01.0359 0804 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:39:01.0359 0804 Rdbss - ok
10:39:01.0406 0804 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:39:01.0406 0804 RDPCDD - ok
10:39:01.0515 0804 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:39:01.0515 0804 rdpdr - ok
10:39:01.0625 0804 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:39:01.0640 0804 RDPWD - ok
10:39:01.0734 0804 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:39:01.0750 0804 RDSessMgr - ok
10:39:01.0796 0804 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:39:01.0796 0804 redbook - ok
10:39:01.0921 0804 [ 7274BD434B6165BAA382BDD87F6CA4CE ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
10:39:01.0953 0804 RegSrvc - ok
10:39:02.0046 0804 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:39:02.0046 0804 RemoteAccess - ok
10:39:02.0140 0804 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:39:02.0140 0804 RemoteRegistry - ok
10:39:02.0281 0804 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:39:02.0281 0804 rimmptsk - ok
10:39:02.0343 0804 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:39:02.0359 0804 rimsptsk - ok
10:39:02.0390 0804 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
10:39:02.0390 0804 rismxdp - ok
10:39:02.0500 0804 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:39:02.0500 0804 RpcLocator - ok
10:39:02.0593 0804 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:39:02.0609 0804 RpcSs - ok
10:39:02.0687 0804 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:39:02.0703 0804 RSVP - ok
10:39:02.0812 0804 [ 5B3A5BC13614FFFA1BE65D434688ED3F ] RTL8192cu C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
10:39:02.0875 0804 RTL8192cu - ok
10:39:02.0984 0804 [ 20F261E78CCF0EA36D4FE2C363A2EF8A ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
10:39:03.0046 0804 S24EventMonitor - ok
10:39:03.0109 0804 [ C26A053E4DB47F6CDD8653C83AAF22EE ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:39:03.0109 0804 s24trans - ok
10:39:03.0156 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:39:03.0156 0804 SamSs - ok
10:39:03.0296 0804 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:39:03.0296 0804 SASDIFSV - ok
10:39:03.0343 0804 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:39:03.0343 0804 SASKUTIL - ok
10:39:03.0453 0804 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:39:03.0453 0804 SCardSvr - ok
10:39:03.0546 0804 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:39:03.0546 0804 Schedule - ok
10:39:03.0687 0804 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:39:03.0703 0804 sdbus - ok
10:39:03.0781 0804 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:39:03.0781 0804 Secdrv - ok
10:39:03.0843 0804 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:39:03.0859 0804 seclogon - ok
10:39:03.0906 0804 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:39:03.0906 0804 SENS - ok
10:39:03.0968 0804 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:39:03.0968 0804 Serial - ok
10:39:04.0140 0804 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:39:04.0140 0804 Sfloppy - ok
10:39:04.0250 0804 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:39:04.0250 0804 ShellHWDetection - ok
10:39:04.0296 0804 Simbad - ok
10:39:04.0406 0804 Sparrow - ok
10:39:04.0468 0804 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:39:04.0468 0804 splitter - ok
10:39:04.0593 0804 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:39:04.0609 0804 Spooler - ok
10:39:04.0703 0804 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:39:04.0703 0804 sr - ok
10:39:04.0765 0804 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:39:04.0781 0804 srservice - ok
10:39:04.0906 0804 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:39:04.0921 0804 Srv - ok
10:39:05.0031 0804 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:39:05.0031 0804 SSDPSRV - ok
10:39:05.0218 0804 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
10:39:05.0296 0804 STHDA - ok
10:39:05.0343 0804 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:39:05.0390 0804 stisvc - ok
10:39:05.0500 0804 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:39:05.0500 0804 swenum - ok
10:39:05.0562 0804 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:39:05.0562 0804 swmidi - ok
10:39:05.0609 0804 SwPrv - ok
10:39:05.0703 0804 symc810 - ok
10:39:05.0765 0804 symc8xx - ok
10:39:05.0828 0804 sym_hi - ok
10:39:05.0890 0804 sym_u3 - ok
10:39:06.0078 0804 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:39:06.0093 0804 SynTP - ok
10:39:06.0140 0804 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:39:06.0140 0804 sysaudio - ok
10:39:06.0234 0804 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:39:06.0250 0804 SysmonLog - ok
10:39:06.0359 0804 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:39:06.0375 0804 TapiSrv - ok
10:39:06.0484 0804 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:39:06.0500 0804 Tcpip - ok
10:39:06.0609 0804 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:39:06.0625 0804 TDPIPE - ok
10:39:06.0734 0804 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:39:06.0750 0804 TDTCP - ok
10:39:06.0859 0804 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:39:06.0859 0804 TermDD - ok
10:39:06.0906 0804 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:39:06.0921 0804 TermService - ok
10:39:06.0984 0804 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:39:06.0984 0804 Themes - ok
10:39:07.0078 0804 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:39:07.0078 0804 TlntSvr - ok
10:39:07.0109 0804 TosIde - ok
10:39:07.0218 0804 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:39:07.0234 0804 TrkWks - ok
10:39:07.0375 0804 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
10:39:07.0375 0804 TVICHW32 - ok
10:39:07.0421 0804 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:39:07.0437 0804 Udfs - ok
10:39:07.0484 0804 ultra - ok
10:39:07.0609 0804 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
10:39:07.0625 0804 UMWdf - ok
10:39:07.0734 0804 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:39:07.0765 0804 Update - ok
10:39:07.0859 0804 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:39:07.0875 0804 upnphost - ok
10:39:07.0937 0804 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:39:07.0953 0804 UPS - ok
10:39:08.0062 0804 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:39:08.0062 0804 USBAAPL - ok
10:39:08.0156 0804 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:39:08.0156 0804 usbccgp - ok
10:39:08.0265 0804 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:39:08.0265 0804 usbehci - ok
10:39:08.0312 0804 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:39:08.0328 0804 usbhub - ok
10:39:08.0406 0804 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:39:08.0406 0804 usbprint - ok
10:39:08.0484 0804 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:39:08.0484 0804 usbscan - ok
10:39:08.0531 0804 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:39:08.0531 0804 USBSTOR - ok
10:39:08.0625 0804 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:39:08.0625 0804 usbuhci - ok
10:39:08.0671 0804 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:39:08.0671 0804 VgaSave - ok
10:39:08.0734 0804 ViaIde - ok
10:39:08.0812 0804 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:39:08.0812 0804 VolSnap - ok
10:39:08.0921 0804 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:39:08.0953 0804 VSS - ok
10:39:09.0031 0804 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:39:09.0046 0804 W32Time - ok
10:39:09.0125 0804 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:39:09.0125 0804 Wanarp - ok
10:39:09.0203 0804 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
10:39:09.0203 0804 WDC_SAM - ok
10:39:09.0281 0804 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:39:09.0281 0804 wdmaud - ok
10:39:09.0328 0804 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:39:09.0328 0804 WebClient - ok
10:39:09.0468 0804 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
10:39:09.0515 0804 winachsf - ok
10:39:09.0734 0804 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:39:09.0734 0804 winmgmt - ok
10:39:09.0906 0804 [ C2ED9211101F3C9CF70B9CBDB3E99C8C ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
10:39:09.0921 0804 WLANKEEPER - ok
10:39:09.0953 0804 wltrysvc - ok
10:39:10.0062 0804 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:39:10.0078 0804 WmdmPmSN - ok
10:39:10.0187 0804 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:39:10.0218 0804 Wmi - ok
10:39:10.0312 0804 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:39:10.0328 0804 WmiAcpi - ok
10:39:10.0421 0804 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:39:10.0437 0804 WmiApSrv - ok
10:39:10.0531 0804 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
10:39:10.0531 0804 WpdUsb - ok
10:39:10.0593 0804 [ 75A833B635E093C728F5027B01F8CBB7 ] WPN111 C:\WINDOWS\system32\DRIVERS\WPN111.sys
10:39:10.0625 0804 WPN111 - ok
10:39:10.0734 0804 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:39:10.0734 0804 WS2IFSL - ok
10:39:10.0875 0804 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:39:10.0953 0804 WZCSVC - ok
10:39:11.0031 0804 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:39:11.0046 0804 xmlprov - ok
10:39:11.0140 0804 [ C36D1EE1F52E95BEEDEEA275AD8A48F7 ] XPTWOPORT C:\WINDOWS\system32\DRIVERS\XPTWOPORT.SYS
10:39:11.0140 0804 XPTWOPORT - ok
10:39:11.0296 0804 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:39:11.0328 0804 YahooAUService - ok
10:39:11.0500 0804 ================ Scan global ===============================
10:39:11.0562 0804 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:39:11.0656 0804 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
10:39:11.0687 0804 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
10:39:11.0765 0804 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:39:11.0765 0804 [Global] - ok
10:39:11.0765 0804 ================ Scan MBR ==================================
10:39:11.0812 0804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:39:12.0234 0804 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:39:12.0234 0804 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:39:12.0234 0804 ================ Scan VBR ==================================
10:39:12.0265 0804 [ 8017E9D571B3BAC0049A451E3432DAA9 ] \Device\Harddisk0\DR0\Partition1
10:39:12.0265 0804 \Device\Harddisk0\DR0\Partition1 - ok
10:39:12.0296 0804 ============================================================
10:39:12.0296 0804 Scan finished
10:39:12.0296 0804 ============================================================
10:39:12.0406 0808 Detected object count: 1
10:39:12.0406 0808 Actual detected object count: 1
10:40:09.0453 0808 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:40:09.0453 0808 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#15 Djimbe

Djimbe
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 13 November 2012 - 11:22 AM

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Scan -- Date : 11/13/2012 10:44:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2160BH G2 +++++
--- User ---
[MBR] 33a72530173d98e0e55674d9e9c1ccb4
[BSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11132012_02d1044.txt >>
RKreport[1]_S_11132012_02d1044.txt

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Remove -- Date : 11/13/2012 10:45:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{aff775f1-2c54-877d-238b-f4f923048ba5}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2160BH G2 +++++
--- User ---
[MBR] 33a72530173d98e0e55674d9e9c1ccb4
[BSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11132012_02d1045.txt >>
RKreport[1]_S_11132012_02d1044.txt ; RKreport[2]_D_11132012_02d1045.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.0.6 (11.12.2012)
OS: Microsoft Windows XP x86
Ran by Administrator on Tue 11/13/2012 at 10:50:27.06
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\mozilla firefox\searchplugins"\bing-zugo.xml





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/13/2012 at 11:01:13.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users