Jump to content

stolen.data


gumdrop

Recommended Posts

Somehow win32/help.txt hit oue computer this week. Malwarebytes found it and its now in quarantine.

I ran Malwrebytes, Spybot and Avira anti-virus today with no detections of anything. However I understand that the .txt message can be controlling s trojan and I am therefore unsure if I have a problem or not.

I tried to run ddr.scr after checking that IE has both script debugging items checked as disabled in Internet options. A notice appears telling me that 2 logs will be placed on my desktop and a bunch of Zonealarm warings come up which I allow. However nothing happens and the Dell GX270 PC is frozen. I have tried repeating the operation again with no luck. Internet connection was off and Avira disabled. Help!

Link to post
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Hello gumdrop and welcome to MalwareBytes forums.

Let me suggest, if you're an MBAM customer, you contact the consumer help desk here.

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

Otherwise, I'll need to see from you some basic reports in order to get much further.

What is the version of ZoneAlarm that you have ?

What is the version of Windows on this system? XP, Vista, Windows 7, or 8 ?

You may need to disable Avira temporarily to get some basic reports.

You may also need to disable ZoneAlarm as well .... if you do, then turn ON the Windows firewall.

See How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Do NOT attach any logs. Always Copy & Paste all contents into main-body of reply.

Link to post
Share on other sites

Thanks for the respnse.

I am running XP Professional 2002 SP3

Zone Alarm Pro 11.0.000.018

info.txt logfile of random's system information tool 1.09 2012-12-15 13:15:58

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin

Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Agent Ransack Version 1.7.3-->"C:\Program Files\Mythicsoft\Agent Ransack\unins000.exe"

Agfa ScanWise 2.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 2_00\UNINSTALL.DLL"

Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}

Avira Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Canon PIXMA iP4000-->C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Corel Uninstaller-->C:\WINDOWS\Corel\uninst32.exe

EASEUS Partition Master 5.0.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 5.0.1 Home Edition\unins000.exe"

EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

GNU Privacy Guard-->"C:\Program Files\GNU\GnuPG\uninst-gnupg.exe"

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"

Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2756822)-->"C:\WINDOWS\$NtUninstallKB2756822$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

Intel® PRO Network Adapters and Drivers-->Prounstl.exe

Java 6 Update 37-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216033FF}

Malwarebytes Anti-Malware version 1.65.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Microsoft Works 4.5-->C:\Program Files\MSWorks\Setup45\setup.exe

Microsoft Works Setup Launcher-->C:\Program Files\Microsoft Works 4.5\Setup\Launcher.exe D:\

Mozilla Firefox 15.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird 17.0 (x86 en-US)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe

Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""

OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}

PowerDVD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"

Registry Mechanic 10.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log

Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2722913)-->"C:\WINDOWS\ie8updates\KB2722913-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2491683)-->"C:\WINDOWS\$NtUninstallKB2491683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2705219)-->"C:\WINDOWS\$NtUninstallKB2705219$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2712808)-->"C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2718523)-->"C:\WINDOWS\$NtUninstallKB2718523$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2723135)-->"C:\WINDOWS\$NtUninstallKB2723135$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2731847)-->"C:\WINDOWS\$NtUninstallKB2731847$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2753842)-->"C:\WINDOWS\$NtUninstallKB2753842$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2761226)-->"C:\WINDOWS\$NtUninstallKB2761226$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"

SimpleOCR 3.1-->C:\PROGRA~1\SIMPLE~1\UNWISE.EXE C:\PROGRA~1\SIMPLE~1\INSTALL.LOG

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe

SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"

TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"

Update for Windows XP (KB2616676-v2)-->"C:\WINDOWS\$NtUninstallKB2616676-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"

Update for Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe"

Update for Windows XP (KB2736233)-->"C:\WINDOWS\$NtUninstallKB2736233$\spuninst\spuninst.exe"

Update for Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"

VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}

VLC media player 2.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

ZoneAlarm Firewall-->MsiExec.exe /I{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}

ZoneAlarm Pro-->"C:\Program Files\CheckPoint\Install\Install.exe" /s uninstall

ZoneAlarm Security-->MsiExec.exe /I{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: Avira Desktop (disabled)

FW: ZoneAlarm Pro Firewall (disabled)

======System event log======

Computer Name: DELL

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 0019B92F743A. The following

error occurred:

The operation was canceled by the user.

.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

Record Number: 52830

Source Name: Dhcp

Time Written: 20120919064622.000000+060

Event Type: warning

User:

Computer Name: DELL

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 52826

Source Name: Tcpip

Time Written: 20120918151512.000000+060

Event Type: warning

User:

Computer Name: DELL

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

Lbd

SBRE

Record Number: 52814

Source Name: Service Control Manager

Time Written: 20120918114919.000000+060

Event Type: error

User:

Computer Name: DELL

Event Code: 1002

Message: The IP address lease 192.168.1.2 for the Network Card with network address 0019B92F743A has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 52808

Source Name: Dhcp

Time Written: 20120918114815.000000+060

Event Type: error

User:

Computer Name: DELL

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

Lbd

SBRE

Record Number: 52793

Source Name: Service Control Manager

Time Written: 20120918061952.000000+060

Event Type: error

User:

=====Application event log=====

Computer Name: DELL

Event Code: 0

Message:

Record Number: 5036

Source Name: System.ServiceModel.Install 3.0.0.0

Time Written: 20120407074350.000000+060

Event Type: warning

User:

Computer Name: DELL

Event Code: 0

Message:

Record Number: 5034

Source Name: System.ServiceModel.Install 3.0.0.0

Time Written: 20120407074347.000000+060

Event Type: warning

User:

Computer Name: DELL

Event Code: 0

Message:

Record Number: 5033

Source Name: System.ServiceModel.Install 3.0.0.0

Time Written: 20120407074347.000000+060

Event Type: warning

User:

Computer Name: DELL

Event Code: 0

Message:

Record Number: 5032

Source Name: System.ServiceModel.Install 3.0.0.0

Time Written: 20120407074346.000000+060

Event Type: warning

User:

Computer Name: DELL

Event Code: 0

Message:

Record Number: 5031

Source Name: System.ServiceModel.Install 3.0.0.0

Time Written: 20120407074346.000000+060

Event Type: warning

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0304

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"tvdebugcategories"=Off

"tvdumpflags"=8

-----------------EOF-----------------

Logfile of random's system information tool 1.09 (written by random/random)

Run by Administrator at 2012-12-15 13:44:47

Microsoft Windows XP Professional Service Pack 3

System drive C: has 9 GB (48%) free of 18 GB

Total RAM: 2039 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:44:58, on 15/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrator\Desktop\RSIT.exe

C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ZoneAlarm Security Suite - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - (no file)

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Global Startup: AutorunsDisabled

O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341986214343

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--

End of file - 7324 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\SyncBack BACKUP OF DATA.job

C:\WINDOWS\tasks\SyncBack daily.job

C:\WINDOWS\tasks\wavepadShakeIcon.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1

prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {3ce45c4f-bfff-4988-9a3c-a75c1f491319}:3.5.1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.5.502.135 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]

"Description"=ZoneAlarm LTD Toolbar Api

"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]

"Description"=

"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102]

"Description"=getPlus+®

"Path"=C:\Program Files\NOS\bin\np_gp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]

"Description"=Google Update

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\

nppdf32.dll

np_gp.dll

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\

{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]

ZoneAlarm Security Suite Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-10-25 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]

ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-02 603816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-10-25 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-10-25 79856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{3ce45c4f-bfff-4988-9a3c-a75c1f491319} -

{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-02 603816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-08-01 348664]

"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-16 1169776]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-05-25 155648]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-05-25 126976]

"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-02-16 1945960]

"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-02-16 149024]

"ISW"= []

"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2012-11-07 73392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

AutorunsDisabled

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2006-05-25 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"wave1"=serwvdrv.dll

======File associations======

.reg - edit -

.reg - open -

======List of files/folders created in the last 1 month======

2012-12-15 13:15:37 ----D---- C:\Program Files\trend micro

2012-12-15 13:15:36 ----D---- C:\rsit

2012-12-12 06:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$

2012-12-12 06:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$

2012-12-12 06:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$

2012-12-12 06:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$

2012-12-12 06:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$

2012-12-09 19:01:05 ----D---- C:\Program Files\Mozilla Thunderbird

2012-11-21 19:33:18 ----D---- C:\Program Files\Common Files\Java

2012-11-21 19:32:01 ----A---- C:\WINDOWS\system32\javaws.exe

2012-11-21 19:32:01 ----A---- C:\WINDOWS\system32\javaw.exe

2012-11-21 19:32:01 ----A---- C:\WINDOWS\system32\java.exe

2012-11-16 09:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$

2012-11-16 09:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$

======List of files/folders modified in the last 1 month======

2012-12-15 13:44:58 ----D---- C:\WINDOWS\Prefetch

2012-12-15 13:44:24 ----D---- C:\WINDOWS\Temp

2012-12-15 13:15:37 ----RD---- C:\Program Files

2012-12-15 08:59:49 ----SHD---- C:\System Volume Information

2012-12-15 08:56:52 ----D---- C:\WINDOWS\system32\NtmsData

2012-12-15 08:18:13 ----D---- C:\WINDOWS\Registration

2012-12-15 08:17:46 ----D---- C:\WINDOWS\system32\drivers

2012-12-15 08:11:24 ----D---- C:\WINDOWS\system32\CatRoot2

2012-12-15 08:10:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-12-15 06:55:27 ----SD---- C:\WINDOWS\Tasks

2012-12-15 06:54:12 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-12-15 06:44:51 ----D---- C:\WINDOWS

2012-12-14 18:28:59 ----D---- C:\Program Files\Mozilla Firefox

2012-12-13 09:02:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2012-12-12 17:38:23 ----D---- C:\WINDOWS\system32

2012-12-12 08:09:23 ----D---- C:\WINDOWS\Debug

2012-12-12 06:59:30 ----D---- C:\WINDOWS\inf

2012-12-12 06:59:24 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-12-12 06:56:01 ----D---- C:\Program Files\Internet Explorer

2012-12-12 06:51:54 ----A---- C:\WINDOWS\system32\MRT.exe

2012-12-12 06:50:58 ----D---- C:\WINDOWS\ie8updates

2012-12-12 06:50:43 ----HD---- C:\WINDOWS\$hf_mig$

2012-12-10 17:49:20 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc

2012-12-10 17:49:18 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss

2012-12-10 11:37:53 ----D---- C:\WINDOWS\system32\FxsTmp

2012-12-07 20:42:24 ----D---- C:\Program Files\Winamp

2012-12-07 17:17:47 ----A---- C:\WINDOWS\winamp.ini

2012-11-28 19:45:48 ----D---- C:\Program Files\CCleaner

2012-11-23 09:48:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2012-11-23 09:44:41 ----SHD---- C:\WINDOWS\Installer

2012-11-23 09:44:41 ----D---- C:\WINDOWS\WinSxS

2012-11-23 09:44:33 ----D---- C:\Program Files\Common Files\Microsoft Shared

2012-11-21 19:33:18 ----D---- C:\Program Files\Common Files

2012-11-21 19:31:58 ----D---- C:\Program Files\Java

2012-11-21 18:25:43 ----SH---- C:\boot.ini

2012-11-21 18:25:43 ----A---- C:\WINDOWS\win.ini

2012-11-21 18:25:43 ----A---- C:\WINDOWS\system.ini

2012-11-18 15:14:54 ----D---- C:\Program Files\CheckPoint

2012-11-18 15:13:18 ----D---- C:\Documents and Settings\All Users\Application Data\CheckPoint

2012-11-17 09:25:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2012-11-16 16:26:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-11-16 08:59:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-01-27 114048]

R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-01-27 392320]

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-05-08 137928]

R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-09-20 29696]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-09-20 28672]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]

R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-03-09 223440]

R1 Vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2012-11-07 527408]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-05-08 83392]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []

R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-01-27 32768]

R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-07-11 121856]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-05-25 807804]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-09-20 101760]

S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []

S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []

S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []

S3 ham50;Intel V92 HaM Data Fax Voice; C:\WINDOWS\system32\DRIVERS\IntelH51.sys [2002-06-21 469935]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 W8335XP;802.11g/b Driver for Windows XP ; C:\WINDOWS\system32\DRIVERS\Mrvw125.sys [2007-06-19 282624]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-16 411168]

R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-08 110032]

R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-09-20 877056]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 497320]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-09-24 153584]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2012-11-07 2447440]

S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 nosGetPlusHelper;getPlus® Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Link to post
Share on other sites

These steps are for member gumdrop only. If you are a casual viewer, do NOT try this on your system!

If you are not gumdrop and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

You must keep Spybot's Tea Timer disabled ( OFF ) for the entire duration of this case until after I give the all clear, otherwise it will interfere (revert) with all fixes we make.

If you are not very familiar with it, keep it off on a permanent basis in future.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 4

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 5

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Thanks again.......I ran tdsskiller.exe and it gave the following results

294 objects

found 0 threats

neutralized 0 threats

quarantined 0 objects

I was able to highlight the report but unable to copy with either mouse or keyboard

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 12/16/2012 08:16:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF7A8639C)

SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xF7A86356)

SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0xF7A8634C)

SSDT[63] : NtDeleteKey @ 0x80599777 -> HOOKED (Unknown @ 0xF7A8635B)

SSDT[65] : NtDeleteValueKey @ 0x80598396 -> HOOKED (Unknown @ 0xF7A86365)

SSDT[98] : NtLoadKey @ 0x805D5235 -> HOOKED (Unknown @ 0xF7A8636A)

SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xF7A863BF)

SSDT[193] : NtReplaceKey @ 0x806571D6 -> HOOKED (Unknown @ 0xF7A86374)

SSDT[204] : NtRestoreKey @ 0x80656D6D -> HOOKED (Unknown @ 0xF7A8636F)

SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0xF7A863AB)

SSDT[237] : NtSetSecurityObject @ 0x8059DDD3 -> HOOKED (Unknown @ 0xF7A863B5)

SSDT[247] : NtSetValueKey @ 0x80580090 -> HOOKED (Unknown @ 0xF7A86360)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7A863CE)

S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7A863D3)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JD-08LSA0 +++++

--- User ---

[MBR] 3262568dc9d189ef5bea61906495ad37

[bSP] 49cdaa68ee98ee3c32955765d6f227b6 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 18010 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 36885240 | Size: 23454 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 84919590 | Size: 34859 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12162012_02d0816.txt >>

RKreport[1]_S_12162012_02d0816.txt

08:20:36.0187 2928 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

08:20:36.0500 2928 ============================================================

08:20:36.0500 2928 Current date / time: 2012/12/16 08:20:36.0500

08:20:36.0500 2928 SystemInfo:

08:20:36.0500 2928

08:20:36.0500 2928 OS Version: 5.1.2600 ServicePack: 3.0

08:20:36.0500 2928 Product type: Workstation

08:20:36.0500 2928 ComputerName: DELL

08:20:36.0500 2928 UserName: Administrator

08:20:36.0500 2928 Windows directory: C:\WINDOWS

08:20:36.0500 2928 System windows directory: C:\WINDOWS

08:20:36.0500 2928 Processor architecture: Intel x86

08:20:36.0500 2928 Number of processors: 2

08:20:36.0500 2928 Page size: 0x1000

08:20:36.0500 2928 Boot type: Normal boot

08:20:36.0500 2928 ============================================================

08:20:37.0656 2928 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:20:37.0656 2928 ============================================================

08:20:37.0656 2928 \Device\Harddisk0\DR0:

08:20:37.0656 2928 MBR partitions:

08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x232D2B9

08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x232D2F8, BlocksNum 0x2DCF22E

08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50FC526, BlocksNum 0x4415E5C

08:20:37.0656 2928 ============================================================

08:20:37.0859 2928 E: <-> \Device\Harddisk0\DR0\Partition3

08:20:37.0890 2928 C: <-> \Device\Harddisk0\DR0\Partition1

08:20:37.0921 2928 D: <-> \Device\Harddisk0\DR0\Partition2

08:20:37.0921 2928 ============================================================

08:20:37.0921 2928 Initialize success

08:20:37.0921 2928 ============================================================

08:20:39.0328 2112 ============================================================

08:20:39.0328 2112 Scan started

08:20:39.0328 2112 Mode: Manual;

08:20:39.0328 2112 ============================================================

08:20:40.0125 2112 ================ Scan system memory ========================

08:20:40.0125 2112 System memory - ok

08:20:40.0125 2112 ================ Scan services =============================

08:20:40.0187 2112 Abiosdsk - ok

08:20:40.0187 2112 abp480n5 - ok

08:20:40.0218 2112 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:20:40.0218 2112 ACPI - ok

08:20:40.0250 2112 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

08:20:40.0250 2112 ACPIEC - ok

08:20:40.0312 2112 [ 46A5CBB09B8F0C46F8CBE9210E5E3BE2 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

08:20:40.0328 2112 AcrSch2Svc - ok

08:20:40.0328 2112 adpu160m - ok

08:20:40.0343 2112 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

08:20:40.0343 2112 aec - ok

08:20:40.0390 2112 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

08:20:40.0390 2112 AFD - ok

08:20:40.0390 2112 Aha154x - ok

08:20:40.0406 2112 aic78u2 - ok

08:20:40.0406 2112 aic78xx - ok

08:20:40.0453 2112 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

08:20:40.0453 2112 Alerter - ok

08:20:40.0468 2112 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

08:20:40.0468 2112 ALG - ok

08:20:40.0468 2112 AliIde - ok

08:20:40.0484 2112 amsint - ok

08:20:40.0531 2112 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

08:20:40.0531 2112 AntiVirSchedulerService - ok

08:20:40.0546 2112 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe

08:20:40.0546 2112 AntiVirService - ok

08:20:40.0578 2112 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

08:20:40.0578 2112 AppMgmt - ok

08:20:40.0609 2112 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:20:40.0609 2112 Arp1394 - ok

08:20:40.0609 2112 asc - ok

08:20:40.0625 2112 asc3350p - ok

08:20:40.0640 2112 asc3550 - ok

08:20:40.0671 2112 [ 20D04091EBA710F6988F710507D85868 ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys

08:20:40.0671 2112 Aspi32 - ok

08:20:40.0703 2112 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:20:40.0703 2112 AsyncMac - ok

08:20:40.0718 2112 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

08:20:40.0718 2112 atapi - ok

08:20:40.0734 2112 Atdisk - ok

08:20:40.0750 2112 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:20:40.0750 2112 Atmarpc - ok

08:20:40.0765 2112 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

08:20:40.0765 2112 AudioSrv - ok

08:20:40.0781 2112 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

08:20:40.0781 2112 audstub - ok

08:20:40.0796 2112 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys

08:20:40.0796 2112 avgntflt - ok

08:20:40.0812 2112 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys

08:20:40.0812 2112 avipbb - ok

08:20:40.0828 2112 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys

08:20:40.0828 2112 avkmgr - ok

08:20:40.0859 2112 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

08:20:40.0859 2112 Beep - ok

08:20:40.0906 2112 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

08:20:40.0906 2112 BITS - ok

08:20:40.0937 2112 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

08:20:40.0937 2112 Browser - ok

08:20:40.0968 2112 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

08:20:40.0968 2112 cbidf2k - ok

08:20:40.0984 2112 cd20xrnt - ok

08:20:41.0000 2112 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

08:20:41.0000 2112 Cdaudio - ok

08:20:41.0031 2112 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

08:20:41.0031 2112 Cdfs - ok

08:20:41.0046 2112 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:20:41.0046 2112 Cdrom - ok

08:20:41.0062 2112 Changer - ok

08:20:41.0093 2112 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

08:20:41.0093 2112 CiSvc - ok

08:20:41.0125 2112 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

08:20:41.0125 2112 ClipSrv - ok

08:20:41.0125 2112 CmdIde - ok

08:20:41.0140 2112 COMSysApp - ok

08:20:41.0156 2112 Cpqarray - ok

08:20:41.0187 2112 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

08:20:41.0187 2112 CryptSvc - ok

08:20:41.0187 2112 dac2w2k - ok

08:20:41.0203 2112 dac960nt - ok

08:20:41.0250 2112 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

08:20:41.0250 2112 DcomLaunch - ok

08:20:41.0281 2112 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

08:20:41.0296 2112 Dhcp - ok

08:20:41.0312 2112 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

08:20:41.0312 2112 Disk - ok

08:20:41.0328 2112 dmadmin - ok

08:20:41.0375 2112 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

08:20:41.0375 2112 dmboot - ok

08:20:41.0406 2112 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

08:20:41.0406 2112 dmio - ok

08:20:41.0421 2112 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

08:20:41.0421 2112 dmload - ok

08:20:41.0437 2112 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

08:20:41.0437 2112 dmserver - ok

08:20:41.0468 2112 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

08:20:41.0468 2112 DMusic - ok

08:20:41.0484 2112 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

08:20:41.0484 2112 Dnscache - ok

08:20:41.0531 2112 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

08:20:41.0531 2112 Dot3svc - ok

08:20:41.0531 2112 dpti2o - ok

08:20:41.0546 2112 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

08:20:41.0546 2112 drmkaud - ok

08:20:41.0593 2112 [ A8B3EC8EE13CBE14F067C72110155A1B ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys

08:20:41.0593 2112 E1000 - ok

08:20:41.0625 2112 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

08:20:41.0625 2112 EapHost - ok

08:20:41.0656 2112 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys

08:20:41.0656 2112 epmntdrv - ok

08:20:41.0687 2112 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

08:20:41.0687 2112 ERSvc - ok

08:20:41.0703 2112 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys

08:20:41.0703 2112 EuGdiDrv - ok

08:20:41.0750 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

08:20:41.0750 2112 Eventlog - ok

08:20:41.0781 2112 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

08:20:41.0781 2112 EventSystem - ok

08:20:41.0812 2112 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

08:20:41.0812 2112 Fastfat - ok

08:20:41.0828 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

08:20:41.0843 2112 FastUserSwitchingCompatibility - ok

08:20:41.0859 2112 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

08:20:41.0875 2112 Fax - ok

08:20:41.0875 2112 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

08:20:41.0875 2112 Fdc - ok

08:20:41.0890 2112 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

08:20:41.0890 2112 Fips - ok

08:20:41.0906 2112 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:20:41.0906 2112 Flpydisk - ok

08:20:41.0937 2112 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

08:20:41.0937 2112 FltMgr - ok

08:20:41.0937 2112 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:20:41.0937 2112 Fs_Rec - ok

08:20:41.0953 2112 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:20:41.0953 2112 Ftdisk - ok

08:20:42.0000 2112 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll

08:20:42.0000 2112 getPlusHelper - ok

08:20:42.0031 2112 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:20:42.0031 2112 Gpc - ok

08:20:42.0078 2112 [ 575976CD9F6A60BE788F8AEBAEF44AE5 ] ham50 C:\WINDOWS\system32\DRIVERS\IntelH51.sys

08:20:42.0078 2112 ham50 - ok

08:20:42.0140 2112 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:20:42.0140 2112 helpsvc - ok

08:20:42.0171 2112 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:20:42.0171 2112 HidUsb - ok

08:20:42.0203 2112 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

08:20:42.0203 2112 hkmsvc - ok

08:20:42.0218 2112 hpn - ok

08:20:42.0250 2112 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

08:20:42.0250 2112 HTTP - ok

08:20:42.0281 2112 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

08:20:42.0296 2112 HTTPFilter - ok

08:20:42.0296 2112 i2omgmt - ok

08:20:42.0312 2112 i2omp - ok

08:20:42.0328 2112 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:20:42.0328 2112 i8042prt - ok

08:20:42.0437 2112 [ 3CA41CDB9C912AED354B0C7ABE4A4654 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

08:20:42.0437 2112 ialm - ok

08:20:42.0531 2112 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

08:20:42.0531 2112 Imapi - ok

08:20:42.0609 2112 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

08:20:42.0609 2112 ImapiService - ok

08:20:42.0671 2112 [ BA316207C794B08F9DF091D69C15732D ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys

08:20:42.0703 2112 InCDfs - ok

08:20:42.0750 2112 [ 67B66F3E1492BB1D6C4FC85AD70CDC2D ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys

08:20:42.0750 2112 InCDPass - ok

08:20:42.0781 2112 [ 09DE3DB2C41443049F3B2B7F56F57540 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys

08:20:42.0796 2112 InCDrec - ok

08:20:42.0812 2112 [ 0755C3F5D7A844E3CF2F1AE770F0F189 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys

08:20:42.0828 2112 incdrm - ok

08:20:42.0953 2112 [ 45B09DB32DF8D1C8FA26DF54ECB37B8D ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe

08:20:42.0968 2112 InCDsrv - ok

08:20:42.0968 2112 ini910u - ok

08:20:42.0984 2112 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

08:20:42.0984 2112 IntelIde - ok

08:20:43.0015 2112 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:20:43.0015 2112 intelppm - ok

08:20:43.0031 2112 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

08:20:43.0031 2112 Ip6Fw - ok

08:20:43.0062 2112 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:20:43.0062 2112 IpFilterDriver - ok

08:20:43.0078 2112 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:20:43.0078 2112 IpInIp - ok

08:20:43.0109 2112 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:20:43.0109 2112 IpNat - ok

08:20:43.0140 2112 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:20:43.0140 2112 IPSec - ok

08:20:43.0156 2112 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

08:20:43.0156 2112 IRENUM - ok

08:20:43.0171 2112 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:20:43.0171 2112 isapnp - ok

08:20:43.0234 2112 [ 33112D12B95BD1DE18AF409D865DF10C ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

08:20:43.0234 2112 ISWKL - ok

08:20:43.0265 2112 [ CFF1CD2C1CC8F5271967AA268982E878 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

08:20:43.0265 2112 IswSvc - ok

08:20:43.0312 2112 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

08:20:43.0312 2112 JavaQuickStarterService - ok

08:20:43.0328 2112 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:20:43.0328 2112 Kbdclass - ok

08:20:43.0359 2112 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:20:43.0359 2112 kbdhid - ok

08:20:43.0375 2112 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

08:20:43.0375 2112 kmixer - ok

08:20:43.0390 2112 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

08:20:43.0406 2112 KSecDD - ok

08:20:43.0421 2112 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

08:20:43.0421 2112 lanmanserver - ok

08:20:43.0468 2112 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

08:20:43.0468 2112 lanmanworkstation - ok

08:20:43.0468 2112 Lavasoft Kernexplorer - ok

08:20:43.0484 2112 Lbd - ok

08:20:43.0500 2112 lbrtfdc - ok

08:20:43.0531 2112 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

08:20:43.0531 2112 LmHosts - ok

08:20:43.0562 2112 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

08:20:43.0562 2112 Messenger - ok

08:20:43.0578 2112 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

08:20:43.0578 2112 mnmdd - ok

08:20:43.0609 2112 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

08:20:43.0609 2112 mnmsrvc - ok

08:20:43.0640 2112 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

08:20:43.0640 2112 Modem - ok

08:20:43.0671 2112 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

08:20:43.0671 2112 MODEMCSA - ok

08:20:43.0671 2112 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:20:43.0671 2112 Mouclass - ok

08:20:43.0703 2112 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:20:43.0703 2112 mouhid - ok

08:20:43.0734 2112 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

08:20:43.0734 2112 MountMgr - ok

08:20:43.0734 2112 mraid35x - ok

08:20:43.0765 2112 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:20:43.0765 2112 MRxDAV - ok

08:20:43.0796 2112 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:20:43.0796 2112 MRxSmb - ok

08:20:43.0812 2112 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

08:20:43.0812 2112 MSDTC - ok

08:20:43.0828 2112 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

08:20:43.0828 2112 Msfs - ok

08:20:43.0843 2112 MSIServer - ok

08:20:43.0875 2112 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:20:43.0875 2112 MSKSSRV - ok

08:20:43.0890 2112 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:20:43.0890 2112 MSPCLOCK - ok

08:20:43.0906 2112 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

08:20:43.0906 2112 MSPQM - ok

08:20:43.0937 2112 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:20:43.0937 2112 mssmbios - ok

08:20:43.0953 2112 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

08:20:43.0968 2112 Mup - ok

08:20:44.0000 2112 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

08:20:44.0031 2112 napagent - ok

08:20:44.0046 2112 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

08:20:44.0046 2112 NDIS - ok

08:20:44.0062 2112 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:20:44.0062 2112 NdisTapi - ok

08:20:44.0078 2112 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:20:44.0078 2112 Ndisuio - ok

08:20:44.0093 2112 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:20:44.0093 2112 NdisWan - ok

08:20:44.0109 2112 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

08:20:44.0109 2112 NDProxy - ok

08:20:44.0125 2112 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

08:20:44.0125 2112 NetBIOS - ok

08:20:44.0140 2112 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

08:20:44.0140 2112 NetBT - ok

08:20:44.0171 2112 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

08:20:44.0171 2112 NetDDE - ok

08:20:44.0187 2112 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

08:20:44.0187 2112 NetDDEdsdm - ok

08:20:44.0203 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

08:20:44.0203 2112 Netlogon - ok

08:20:44.0250 2112 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

08:20:44.0250 2112 Netman - ok

08:20:44.0265 2112 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:20:44.0265 2112 NIC1394 - ok

08:20:44.0312 2112 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

08:20:44.0312 2112 Nla - ok

08:20:44.0328 2112 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys

08:20:44.0328 2112 nm - ok

08:20:44.0359 2112 [ 9865516D33BC66FDDAC9DB4087D4B6AA ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll

08:20:44.0359 2112 nosGetPlusHelper - ok

08:20:44.0375 2112 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

08:20:44.0375 2112 Npfs - ok

08:20:44.0406 2112 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

08:20:44.0437 2112 Ntfs - ok

08:20:44.0453 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

08:20:44.0453 2112 NtLmSsp - ok

08:20:44.0500 2112 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

08:20:44.0515 2112 NtmsSvc - ok

08:20:44.0531 2112 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

08:20:44.0531 2112 Null - ok

08:20:44.0562 2112 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:20:44.0562 2112 NwlnkFlt - ok

08:20:44.0578 2112 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:20:44.0578 2112 NwlnkFwd - ok

08:20:44.0593 2112 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:20:44.0593 2112 ohci1394 - ok

08:20:44.0625 2112 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

08:20:44.0625 2112 Parport - ok

08:20:44.0640 2112 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

08:20:44.0640 2112 PartMgr - ok

08:20:44.0671 2112 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

08:20:44.0671 2112 ParVdm - ok

08:20:44.0687 2112 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

08:20:44.0687 2112 PCI - ok

08:20:44.0703 2112 PCIDump - ok

08:20:44.0703 2112 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys

08:20:44.0703 2112 PCIIde - ok

08:20:44.0734 2112 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

08:20:44.0734 2112 Pcmcia - ok

08:20:44.0796 2112 [ C98CD9EE0012DF72206BD519DB9780D4 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

08:20:44.0796 2112 PCToolsSSDMonitorSvc - ok

08:20:44.0812 2112 PDCOMP - ok

08:20:44.0828 2112 PDFRAME - ok

08:20:44.0828 2112 PDRELI - ok

08:20:44.0843 2112 PDRFRAME - ok

08:20:44.0843 2112 perc2 - ok

08:20:44.0859 2112 perc2hib - ok

08:20:44.0890 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

08:20:44.0890 2112 PlugPlay - ok

08:20:44.0906 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

08:20:44.0906 2112 PolicyAgent - ok

08:20:44.0937 2112 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:20:44.0937 2112 PptpMiniport - ok

08:20:44.0937 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

08:20:44.0953 2112 ProtectedStorage - ok

08:20:44.0953 2112 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

08:20:44.0953 2112 PSched - ok

08:20:44.0968 2112 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:20:44.0968 2112 Ptilink - ok

08:20:44.0984 2112 ql1080 - ok

08:20:44.0984 2112 Ql10wnt - ok

08:20:45.0000 2112 ql12160 - ok

08:20:45.0000 2112 ql1240 - ok

08:20:45.0015 2112 ql1280 - ok

08:20:45.0031 2112 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:20:45.0031 2112 RasAcd - ok

08:20:45.0031 2112 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

08:20:45.0031 2112 RasAuto - ok

08:20:45.0062 2112 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:20:45.0062 2112 Rasl2tp - ok

08:20:45.0109 2112 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

08:20:45.0109 2112 RasMan - ok

08:20:45.0125 2112 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:20:45.0125 2112 RasPppoe - ok

08:20:45.0140 2112 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

08:20:45.0140 2112 Raspti - ok

08:20:45.0156 2112 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:20:45.0156 2112 Rdbss - ok

08:20:45.0156 2112 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:20:45.0171 2112 RDPCDD - ok

08:20:45.0187 2112 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:20:45.0187 2112 rdpdr - ok

08:20:45.0218 2112 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

08:20:45.0218 2112 RDPWD - ok

08:20:45.0234 2112 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

08:20:45.0250 2112 RDSessMgr - ok

08:20:45.0265 2112 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

08:20:45.0265 2112 redbook - ok

08:20:45.0296 2112 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

08:20:45.0296 2112 RemoteAccess - ok

08:20:45.0312 2112 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

08:20:45.0312 2112 RemoteRegistry - ok

08:20:45.0328 2112 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

08:20:45.0328 2112 RpcLocator - ok

08:20:45.0359 2112 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

08:20:45.0359 2112 RpcSs - ok

08:20:45.0375 2112 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

08:20:45.0375 2112 RSVP - ok

08:20:45.0390 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

08:20:45.0406 2112 SamSs - ok

08:20:45.0406 2112 SBRE - ok

08:20:45.0421 2112 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

08:20:45.0421 2112 SCardSvr - ok

08:20:45.0453 2112 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

08:20:45.0453 2112 Schedule - ok

08:20:45.0484 2112 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:20:45.0484 2112 Secdrv - ok

08:20:45.0500 2112 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

08:20:45.0500 2112 seclogon - ok

08:20:45.0546 2112 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys

08:20:45.0562 2112 senfilt - ok

08:20:45.0578 2112 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

08:20:45.0578 2112 SENS - ok

08:20:45.0593 2112 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

08:20:45.0593 2112 serenum - ok

08:20:45.0609 2112 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

08:20:45.0609 2112 Serial - ok

08:20:45.0640 2112 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys

08:20:45.0640 2112 Sfloppy - ok

08:20:45.0671 2112 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

08:20:45.0687 2112 SharedAccess - ok

08:20:45.0703 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

08:20:45.0703 2112 ShellHWDetection - ok

08:20:45.0718 2112 Simbad - ok

08:20:45.0750 2112 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

08:20:45.0765 2112 smwdm - ok

08:20:45.0796 2112 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys

08:20:45.0796 2112 snapman - ok

08:20:45.0812 2112 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

08:20:45.0812 2112 SONYPVU1 - ok

08:20:45.0828 2112 Sparrow - ok

08:20:45.0843 2112 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

08:20:45.0843 2112 splitter - ok

08:20:45.0875 2112 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

08:20:45.0875 2112 Spooler - ok

08:20:45.0890 2112 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

08:20:45.0906 2112 sr - ok

08:20:45.0921 2112 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

08:20:45.0921 2112 srservice - ok

08:20:45.0968 2112 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

08:20:45.0968 2112 Srv - ok

08:20:45.0984 2112 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

08:20:45.0984 2112 SSDPSRV - ok

08:20:46.0015 2112 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

08:20:46.0015 2112 ssmdrv - ok

08:20:46.0062 2112 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

08:20:46.0062 2112 stisvc - ok

08:20:46.0093 2112 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

08:20:46.0093 2112 swenum - ok

08:20:46.0109 2112 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

08:20:46.0109 2112 swmidi - ok

08:20:46.0125 2112 SwPrv - ok

08:20:46.0140 2112 symc810 - ok

08:20:46.0140 2112 symc8xx - ok

08:20:46.0156 2112 sym_hi - ok

08:20:46.0156 2112 sym_u3 - ok

08:20:46.0171 2112 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

08:20:46.0187 2112 sysaudio - ok

08:20:46.0203 2112 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

08:20:46.0203 2112 SysmonLog - ok

08:20:46.0234 2112 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

08:20:46.0234 2112 TapiSrv - ok

08:20:46.0265 2112 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:20:46.0265 2112 Tcpip - ok

08:20:46.0296 2112 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

08:20:46.0296 2112 TDPIPE - ok

08:20:46.0312 2112 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

08:20:46.0312 2112 TDTCP - ok

08:20:46.0343 2112 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

08:20:46.0343 2112 TermDD - ok

08:20:46.0359 2112 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

08:20:46.0375 2112 TermService - ok

08:20:46.0390 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

08:20:46.0390 2112 Themes - ok

08:20:46.0421 2112 [ B84B82C0CBEB1B0D7EB7A946BADE5830 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

08:20:46.0421 2112 tifsfilter - ok

08:20:46.0437 2112 [ 74711884439BDF9CCF446C79CB05FAC0 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys

08:20:46.0453 2112 timounter - ok

08:20:46.0484 2112 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

08:20:46.0484 2112 TlntSvr - ok

08:20:46.0484 2112 TosIde - ok

08:20:46.0500 2112 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

08:20:46.0500 2112 TrkWks - ok

08:20:46.0531 2112 [ ACEB4F4F83B895E15C8C1A2F55009783 ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys

08:20:46.0531 2112 truecrypt - ok

08:20:46.0546 2112 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys

08:20:46.0562 2112 TrueSight - ok

08:20:46.0593 2112 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

08:20:46.0593 2112 Udfs - ok

08:20:46.0593 2112 ultra - ok

08:20:46.0625 2112 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

08:20:46.0640 2112 Update - ok

08:20:46.0656 2112 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

08:20:46.0671 2112 upnphost - ok

08:20:46.0671 2112 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

08:20:46.0687 2112 UPS - ok

08:20:46.0703 2112 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:20:46.0703 2112 usbccgp - ok

08:20:46.0734 2112 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:20:46.0734 2112 usbehci - ok

08:20:46.0734 2112 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:20:46.0734 2112 usbhub - ok

08:20:46.0765 2112 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:20:46.0765 2112 usbscan - ok

08:20:46.0781 2112 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:20:46.0781 2112 USBSTOR - ok

08:20:46.0796 2112 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:20:46.0796 2112 usbuhci - ok

08:20:46.0812 2112 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

08:20:46.0812 2112 VgaSave - ok

08:20:46.0828 2112 ViaIde - ok

08:20:46.0828 2112 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

08:20:46.0828 2112 VolSnap - ok

08:20:46.0875 2112 [ E0743BBE28AD2C310698148C75333729 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys

08:20:46.0890 2112 Vsdatant - ok

08:20:46.0906 2112 vsmon - ok

08:20:46.0937 2112 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

08:20:46.0937 2112 VSS - ok

08:20:46.0984 2112 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

08:20:46.0984 2112 W32Time - ok

08:20:47.0031 2112 [ F0BDC2B474E26117EE77BFDBA051FB3C ] W8335XP C:\WINDOWS\system32\DRIVERS\Mrvw125.sys

08:20:47.0031 2112 W8335XP - ok

08:20:47.0046 2112 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:20:47.0046 2112 Wanarp - ok

08:20:47.0062 2112 WDICA - ok

08:20:47.0078 2112 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

08:20:47.0078 2112 wdmaud - ok

08:20:47.0109 2112 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

08:20:47.0109 2112 WebClient - ok

08:20:47.0171 2112 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

08:20:47.0171 2112 winmgmt - ok

08:20:47.0218 2112 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

08:20:47.0218 2112 WmdmPmSN - ok

08:20:47.0265 2112 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

08:20:47.0265 2112 Wmi - ok

08:20:47.0281 2112 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:20:47.0281 2112 WmiApSrv - ok

08:20:47.0328 2112 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

08:20:47.0328 2112 wscsvc - ok

08:20:47.0375 2112 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

08:20:47.0375 2112 wuauserv - ok

08:20:47.0406 2112 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

08:20:47.0421 2112 WZCSVC - ok

08:20:47.0453 2112 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

08:20:47.0453 2112 xmlprov - ok

08:20:47.0468 2112 ================ Scan global ===============================

08:20:47.0500 2112 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

08:20:47.0531 2112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:20:47.0531 2112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:20:47.0546 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

08:20:47.0562 2112 [Global] - ok

08:20:47.0562 2112 ================ Scan MBR ==================================

08:20:47.0593 2112 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

08:20:47.0734 2112 \Device\Harddisk0\DR0 - ok

08:20:47.0734 2112 ================ Scan VBR ==================================

08:20:47.0750 2112 [ 0400AE14AB0914DB997F5CDE2A347C0E ] \Device\Harddisk0\DR0\Partition1

08:20:47.0750 2112 \Device\Harddisk0\DR0\Partition1 - ok

08:20:47.0765 2112 [ 377E80364CDE6122C2B890ABB0DDFCBC ] \Device\Harddisk0\DR0\Partition2

08:20:47.0765 2112 \Device\Harddisk0\DR0\Partition2 - ok

08:20:47.0796 2112 [ 6F620A36A6DCDDB5AF4390CDA7EF4011 ] \Device\Harddisk0\DR0\Partition3

08:20:47.0796 2112 \Device\Harddisk0\DR0\Partition3 - ok

08:20:47.0796 2112 ============================================================

08:20:47.0796 2112 Scan finished

08:20:47.0796 2112 ============================================================

08:20:47.0812 1612 Detected object count: 0

08:20:47.0812 1612 Actual detected object count: 0

08:20:36.0187 2928 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

08:20:36.0500 2928 ============================================================

08:20:36.0500 2928 Current date / time: 2012/12/16 08:20:36.0500

08:20:36.0500 2928 SystemInfo:

08:20:36.0500 2928

08:20:36.0500 2928 OS Version: 5.1.2600 ServicePack: 3.0

08:20:36.0500 2928 Product type: Workstation

08:20:36.0500 2928 ComputerName: DELL

08:20:36.0500 2928 UserName: Administrator

08:20:36.0500 2928 Windows directory: C:\WINDOWS

08:20:36.0500 2928 System windows directory: C:\WINDOWS

08:20:36.0500 2928 Processor architecture: Intel x86

08:20:36.0500 2928 Number of processors: 2

08:20:36.0500 2928 Page size: 0x1000

08:20:36.0500 2928 Boot type: Normal boot

08:20:36.0500 2928 ============================================================

08:20:37.0656 2928 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:20:37.0656 2928 ============================================================

08:20:37.0656 2928 \Device\Harddisk0\DR0:

08:20:37.0656 2928 MBR partitions:

08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x232D2B9

08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x232D2F8, BlocksNum 0x2DCF22E

08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50FC526, BlocksNum 0x4415E5C

08:20:37.0656 2928 ============================================================

08:20:37.0859 2928 E: <-> \Device\Harddisk0\DR0\Partition3

08:20:37.0890 2928 C: <-> \Device\Harddisk0\DR0\Partition1

08:20:37.0921 2928 D: <-> \Device\Harddisk0\DR0\Partition2

08:20:37.0921 2928 ============================================================

08:20:37.0921 2928 Initialize success

08:20:37.0921 2928 ============================================================

08:20:39.0328 2112 ============================================================

08:20:39.0328 2112 Scan started

08:20:39.0328 2112 Mode: Manual;

08:20:39.0328 2112 ============================================================

08:20:40.0125 2112 ================ Scan system memory ========================

08:20:40.0125 2112 System memory - ok

08:20:40.0125 2112 ================ Scan services =============================

08:20:40.0187 2112 Abiosdsk - ok

08:20:40.0187 2112 abp480n5 - ok

08:20:40.0218 2112 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:20:40.0218 2112 ACPI - ok

08:20:40.0250 2112 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

08:20:40.0250 2112 ACPIEC - ok

08:20:40.0312 2112 [ 46A5CBB09B8F0C46F8CBE9210E5E3BE2 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

08:20:40.0328 2112 AcrSch2Svc - ok

08:20:40.0328 2112 adpu160m - ok

08:20:40.0343 2112 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

08:20:40.0343 2112 aec - ok

08:20:40.0390 2112 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

08:20:40.0390 2112 AFD - ok

08:20:40.0390 2112 Aha154x - ok

08:20:40.0406 2112 aic78u2 - ok

08:20:40.0406 2112 aic78xx - ok

08:20:40.0453 2112 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

08:20:40.0453 2112 Alerter - ok

08:20:40.0468 2112 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

08:20:40.0468 2112 ALG - ok

08:20:40.0468 2112 AliIde - ok

08:20:40.0484 2112 amsint - ok

08:20:40.0531 2112 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

08:20:40.0531 2112 AntiVirSchedulerService - ok

08:20:40.0546 2112 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe

08:20:40.0546 2112 AntiVirService - ok

08:20:40.0578 2112 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

08:20:40.0578 2112 AppMgmt - ok

08:20:40.0609 2112 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:20:40.0609 2112 Arp1394 - ok

08:20:40.0609 2112 asc - ok

08:20:40.0625 2112 asc3350p - ok

08:20:40.0640 2112 asc3550 - ok

08:20:40.0671 2112 [ 20D04091EBA710F6988F710507D85868 ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys

08:20:40.0671 2112 Aspi32 - ok

08:20:40.0703 2112 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:20:40.0703 2112 AsyncMac - ok

08:20:40.0718 2112 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

08:20:40.0718 2112 atapi - ok

08:20:40.0734 2112 Atdisk - ok

08:20:40.0750 2112 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:20:40.0750 2112 Atmarpc - ok

08:20:40.0765 2112 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

08:20:40.0765 2112 AudioSrv - ok

08:20:40.0781 2112 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

08:20:40.0781 2112 audstub - ok

08:20:40.0796 2112 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys

08:20:40.0796 2112 avgntflt - ok

08:20:40.0812 2112 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys

08:20:40.0812 2112 avipbb - ok

08:20:40.0828 2112 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys

08:20:40.0828 2112 avkmgr - ok

08:20:40.0859 2112 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

08:20:40.0859 2112 Beep - ok

08:20:40.0906 2112 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

08:20:40.0906 2112 BITS - ok

08:20:40.0937 2112 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

08:20:40.0937 2112 Browser - ok

08:20:40.0968 2112 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

08:20:40.0968 2112 cbidf2k - ok

08:20:40.0984 2112 cd20xrnt - ok

08:20:41.0000 2112 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

08:20:41.0000 2112 Cdaudio - ok

08:20:41.0031 2112 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

08:20:41.0031 2112 Cdfs - ok

08:20:41.0046 2112 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:20:41.0046 2112 Cdrom - ok

08:20:41.0062 2112 Changer - ok

08:20:41.0093 2112 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

08:20:41.0093 2112 CiSvc - ok

08:20:41.0125 2112 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

08:20:41.0125 2112 ClipSrv - ok

08:20:41.0125 2112 CmdIde - ok

08:20:41.0140 2112 COMSysApp - ok

08:20:41.0156 2112 Cpqarray - ok

08:20:41.0187 2112 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

08:20:41.0187 2112 CryptSvc - ok

08:20:41.0187 2112 dac2w2k - ok

08:20:41.0203 2112 dac960nt - ok

08:20:41.0250 2112 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

08:20:41.0250 2112 DcomLaunch - ok

08:20:41.0281 2112 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

08:20:41.0296 2112 Dhcp - ok

08:20:41.0312 2112 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

08:20:41.0312 2112 Disk - ok

08:20:41.0328 2112 dmadmin - ok

08:20:41.0375 2112 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

08:20:41.0375 2112 dmboot - ok

08:20:41.0406 2112 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

08:20:41.0406 2112 dmio - ok

08:20:41.0421 2112 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

08:20:41.0421 2112 dmload - ok

08:20:41.0437 2112 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

08:20:41.0437 2112 dmserver - ok

08:20:41.0468 2112 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

08:20:41.0468 2112 DMusic - ok

08:20:41.0484 2112 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

08:20:41.0484 2112 Dnscache - ok

08:20:41.0531 2112 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

08:20:41.0531 2112 Dot3svc - ok

08:20:41.0531 2112 dpti2o - ok

08:20:41.0546 2112 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

08:20:41.0546 2112 drmkaud - ok

08:20:41.0593 2112 [ A8B3EC8EE13CBE14F067C72110155A1B ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys

08:20:41.0593 2112 E1000 - ok

08:20:41.0625 2112 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

08:20:41.0625 2112 EapHost - ok

08:20:41.0656 2112 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys

08:20:41.0656 2112 epmntdrv - ok

08:20:41.0687 2112 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

08:20:41.0687 2112 ERSvc - ok

08:20:41.0703 2112 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys

08:20:41.0703 2112 EuGdiDrv - ok

08:20:41.0750 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

08:20:41.0750 2112 Eventlog - ok

08:20:41.0781 2112 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

08:20:41.0781 2112 EventSystem - ok

08:20:41.0812 2112 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

08:20:41.0812 2112 Fastfat - ok

08:20:41.0828 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

08:20:41.0843 2112 FastUserSwitchingCompatibility - ok

08:20:41.0859 2112 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

08:20:41.0875 2112 Fax - ok

08:20:41.0875 2112 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

08:20:41.0875 2112 Fdc - ok

08:20:41.0890 2112 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

08:20:41.0890 2112 Fips - ok

08:20:41.0906 2112 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:20:41.0906 2112 Flpydisk - ok

08:20:41.0937 2112 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

08:20:41.0937 2112 FltMgr - ok

08:20:41.0937 2112 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:20:41.0937 2112 Fs_Rec - ok

08:20:41.0953 2112 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:20:41.0953 2112 Ftdisk - ok

08:20:42.0000 2112 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll

08:20:42.0000 2112 getPlusHelper - ok

08:20:42.0031 2112 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:20:42.0031 2112 Gpc - ok

08:20:42.0078 2112 [ 575976CD9F6A60BE788F8AEBAEF44AE5 ] ham50 C:\WINDOWS\system32\DRIVERS\IntelH51.sys

08:20:42.0078 2112 ham50 - ok

08:20:42.0140 2112 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:20:42.0140 2112 helpsvc - ok

08:20:42.0171 2112 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:20:42.0171 2112 HidUsb - ok

08:20:42.0203 2112 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

08:20:42.0203 2112 hkmsvc - ok

08:20:42.0218 2112 hpn - ok

08:20:42.0250 2112 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

08:20:42.0250 2112 HTTP - ok

08:20:42.0281 2112 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

08:20:42.0296 2112 HTTPFilter - ok

08:20:42.0296 2112 i2omgmt - ok

08:20:42.0312 2112 i2omp - ok

08:20:42.0328 2112 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:20:42.0328 2112 i8042prt - ok

08:20:42.0437 2112 [ 3CA41CDB9C912AED354B0C7ABE4A4654 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

08:20:42.0437 2112 ialm - ok

08:20:42.0531 2112 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

08:20:42.0531 2112 Imapi - ok

08:20:42.0609 2112 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

08:20:42.0609 2112 ImapiService - ok

08:20:42.0671 2112 [ BA316207C794B08F9DF091D69C15732D ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys

08:20:42.0703 2112 InCDfs - ok

08:20:42.0750 2112 [ 67B66F3E1492BB1D6C4FC85AD70CDC2D ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys

08:20:42.0750 2112 InCDPass - ok

08:20:42.0781 2112 [ 09DE3DB2C41443049F3B2B7F56F57540 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys

08:20:42.0796 2112 InCDrec - ok

08:20:42.0812 2112 [ 0755C3F5D7A844E3CF2F1AE770F0F189 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys

08:20:42.0828 2112 incdrm - ok

08:20:42.0953 2112 [ 45B09DB32DF8D1C8FA26DF54ECB37B8D ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe

08:20:42.0968 2112 InCDsrv - ok

08:20:42.0968 2112 ini910u - ok

08:20:42.0984 2112 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

08:20:42.0984 2112 IntelIde - ok

08:20:43.0015 2112 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:20:43.0015 2112 intelppm - ok

08:20:43.0031 2112 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

08:20:43.0031 2112 Ip6Fw - ok

08:20:43.0062 2112 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:20:43.0062 2112 IpFilterDriver - ok

08:20:43.0078 2112 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:20:43.0078 2112 IpInIp - ok

08:20:43.0109 2112 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:20:43.0109 2112 IpNat - ok

08:20:43.0140 2112 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:20:43.0140 2112 IPSec - ok

08:20:43.0156 2112 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

08:20:43.0156 2112 IRENUM - ok

08:20:43.0171 2112 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:20:43.0171 2112 isapnp - ok

08:20:43.0234 2112 [ 33112D12B95BD1DE18AF409D865DF10C ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

08:20:43.0234 2112 ISWKL - ok

08:20:43.0265 2112 [ CFF1CD2C1CC8F5271967AA268982E878 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

08:20:43.0265 2112 IswSvc - ok

08:20:43.0312 2112 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

08:20:43.0312 2112 JavaQuickStarterService - ok

08:20:43.0328 2112 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:20:43.0328 2112 Kbdclass - ok

08:20:43.0359 2112 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:20:43.0359 2112 kbdhid - ok

08:20:43.0375 2112 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

08:20:43.0375 2112 kmixer - ok

08:20:43.0390 2112 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

08:20:43.0406 2112 KSecDD - ok

08:20:43.0421 2112 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

08:20:43.0421 2112 lanmanserver - ok

08:20:43.0468 2112 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

08:20:43.0468 2112 lanmanworkstation - ok

08:20:43.0468 2112 Lavasoft Kernexplorer - ok

08:20:43.0484 2112 Lbd - ok

08:20:43.0500 2112 lbrtfdc - ok

08:20:43.0531 2112 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

08:20:43.0531 2112 LmHosts - ok

08:20:43.0562 2112 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

08:20:43.0562 2112 Messenger - ok

08:20:43.0578 2112 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

08:20:43.0578 2112 mnmdd - ok

08:20:43.0609 2112 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

08:20:43.0609 2112 mnmsrvc - ok

08:20:43.0640 2112 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

08:20:43.0640 2112 Modem - ok

08:20:43.0671 2112 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

08:20:43.0671 2112 MODEMCSA - ok

08:20:43.0671 2112 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:20:43.0671 2112 Mouclass - ok

08:20:43.0703 2112 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:20:43.0703 2112 mouhid - ok

08:20:43.0734 2112 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

08:20:43.0734 2112 MountMgr - ok

08:20:43.0734 2112 mraid35x - ok

08:20:43.0765 2112 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:20:43.0765 2112 MRxDAV - ok

08:20:43.0796 2112 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:20:43.0796 2112 MRxSmb - ok

08:20:43.0812 2112 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

08:20:43.0812 2112 MSDTC - ok

08:20:43.0828 2112 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

08:20:43.0828 2112 Msfs - ok

08:20:43.0843 2112 MSIServer - ok

08:20:43.0875 2112 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:20:43.0875 2112 MSKSSRV - ok

08:20:43.0890 2112 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:20:43.0890 2112 MSPCLOCK - ok

08:20:43.0906 2112 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

08:20:43.0906 2112 MSPQM - ok

08:20:43.0937 2112 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:20:43.0937 2112 mssmbios - ok

08:20:43.0953 2112 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

08:20:43.0968 2112 Mup - ok

08:20:44.0000 2112 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

08:20:44.0031 2112 napagent - ok

08:20:44.0046 2112 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

08:20:44.0046 2112 NDIS - ok

08:20:44.0062 2112 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:20:44.0062 2112 NdisTapi - ok

08:20:44.0078 2112 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:20:44.0078 2112 Ndisuio - ok

08:20:44.0093 2112 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:20:44.0093 2112 NdisWan - ok

08:20:44.0109 2112 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

08:20:44.0109 2112 NDProxy - ok

08:20:44.0125 2112 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

08:20:44.0125 2112 NetBIOS - ok

08:20:44.0140 2112 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

08:20:44.0140 2112 NetBT - ok

08:20:44.0171 2112 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

08:20:44.0171 2112 NetDDE - ok

08:20:44.0187 2112 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

08:20:44.0187 2112 NetDDEdsdm - ok

08:20:44.0203 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

08:20:44.0203 2112 Netlogon - ok

08:20:44.0250 2112 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

08:20:44.0250 2112 Netman - ok

08:20:44.0265 2112 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:20:44.0265 2112 NIC1394 - ok

08:20:44.0312 2112 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

08:20:44.0312 2112 Nla - ok

08:20:44.0328 2112 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys

08:20:44.0328 2112 nm - ok

08:20:44.0359 2112 [ 9865516D33BC66FDDAC9DB4087D4B6AA ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll

08:20:44.0359 2112 nosGetPlusHelper - ok

08:20:44.0375 2112 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

08:20:44.0375 2112 Npfs - ok

08:20:44.0406 2112 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

08:20:44.0437 2112 Ntfs - ok

08:20:44.0453 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

08:20:44.0453 2112 NtLmSsp - ok

08:20:44.0500 2112 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

08:20:44.0515 2112 NtmsSvc - ok

08:20:44.0531 2112 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

08:20:44.0531 2112 Null - ok

08:20:44.0562 2112 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:20:44.0562 2112 NwlnkFlt - ok

08:20:44.0578 2112 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:20:44.0578 2112 NwlnkFwd - ok

08:20:44.0593 2112 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:20:44.0593 2112 ohci1394 - ok

08:20:44.0625 2112 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

08:20:44.0625 2112 Parport - ok

08:20:44.0640 2112 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

08:20:44.0640 2112 PartMgr - ok

08:20:44.0671 2112 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

08:20:44.0671 2112 ParVdm - ok

08:20:44.0687 2112 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

08:20:44.0687 2112 PCI - ok

08:20:44.0703 2112 PCIDump - ok

08:20:44.0703 2112 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys

08:20:44.0703 2112 PCIIde - ok

08:20:44.0734 2112 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

08:20:44.0734 2112 Pcmcia - ok

08:20:44.0796 2112 [ C98CD9EE0012DF72206BD519DB9780D4 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

08:20:44.0796 2112 PCToolsSSDMonitorSvc - ok

08:20:44.0812 2112 PDCOMP - ok

08:20:44.0828 2112 PDFRAME - ok

08:20:44.0828 2112 PDRELI - ok

08:20:44.0843 2112 PDRFRAME - ok

08:20:44.0843 2112 perc2 - ok

08:20:44.0859 2112 perc2hib - ok

08:20:44.0890 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

08:20:44.0890 2112 PlugPlay - ok

08:20:44.0906 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

08:20:44.0906 2112 PolicyAgent - ok

08:20:44.0937 2112 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:20:44.0937 2112 PptpMiniport - ok

08:20:44.0937 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

08:20:44.0953 2112 ProtectedStorage - ok

08:20:44.0953 2112 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

08:20:44.0953 2112 PSched - ok

08:20:44.0968 2112 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:20:44.0968 2112 Ptilink - ok

08:20:44.0984 2112 ql1080 - ok

08:20:44.0984 2112 Ql10wnt - ok

08:20:45.0000 2112 ql12160 - ok

08:20:45.0000 2112 ql1240 - ok

08:20:45.0015 2112 ql1280 - ok

08:20:45.0031 2112 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:20:45.0031 2112 RasAcd - ok

08:20:45.0031 2112 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

08:20:45.0031 2112 RasAuto - ok

08:20:45.0062 2112 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:20:45.0062 2112 Rasl2tp - ok

08:20:45.0109 2112 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

08:20:45.0109 2112 RasMan - ok

08:20:45.0125 2112 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:20:45.0125 2112 RasPppoe - ok

08:20:45.0140 2112 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

08:20:45.0140 2112 Raspti - ok

08:20:45.0156 2112 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:20:45.0156 2112 Rdbss - ok

08:20:45.0156 2112 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:20:45.0171 2112 RDPCDD - ok

08:20:45.0187 2112 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:20:45.0187 2112 rdpdr - ok

08:20:45.0218 2112 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

08:20:45.0218 2112 RDPWD - ok

08:20:45.0234 2112 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

08:20:45.0250 2112 RDSessMgr - ok

08:20:45.0265 2112 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

08:20:45.0265 2112 redbook - ok

08:20:45.0296 2112 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

08:20:45.0296 2112 RemoteAccess - ok

08:20:45.0312 2112 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

08:20:45.0312 2112 RemoteRegistry - ok

08:20:45.0328 2112 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

08:20:45.0328 2112 RpcLocator - ok

08:20:45.0359 2112 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

08:20:45.0359 2112 RpcSs - ok

08:20:45.0375 2112 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

08:20:45.0375 2112 RSVP - ok

08:20:45.0390 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

08:20:45.0406 2112 SamSs - ok

08:20:45.0406 2112 SBRE - ok

08:20:45.0421 2112 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

08:20:45.0421 2112 SCardSvr - ok

08:20:45.0453 2112 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

08:20:45.0453 2112 Schedule - ok

08:20:45.0484 2112 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:20:45.0484 2112 Secdrv - ok

08:20:45.0500 2112 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

08:20:45.0500 2112 seclogon - ok

08:20:45.0546 2112 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys

08:20:45.0562 2112 senfilt - ok

08:20:45.0578 2112 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

08:20:45.0578 2112 SENS - ok

08:20:45.0593 2112 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

08:20:45.0593 2112 serenum - ok

08:20:45.0609 2112 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

08:20:45.0609 2112 Serial - ok

08:20:45.0640 2112 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys

08:20:45.0640 2112 Sfloppy - ok

08:20:45.0671 2112 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

08:20:45.0687 2112 SharedAccess - ok

08:20:45.0703 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

08:20:45.0703 2112 ShellHWDetection - ok

08:20:45.0718 2112 Simbad - ok

08:20:45.0750 2112 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

08:20:45.0765 2112 smwdm - ok

08:20:45.0796 2112 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys

08:20:45.0796 2112 snapman - ok

08:20:45.0812 2112 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

08:20:45.0812 2112 SONYPVU1 - ok

08:20:45.0828 2112 Sparrow - ok

08:20:45.0843 2112 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

08:20:45.0843 2112 splitter - ok

08:20:45.0875 2112 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

08:20:45.0875 2112 Spooler - ok

08:20:45.0890 2112 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

08:20:45.0906 2112 sr - ok

08:20:45.0921 2112 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

08:20:45.0921 2112 srservice - ok

08:20:45.0968 2112 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

08:20:45.0968 2112 Srv - ok

08:20:45.0984 2112 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

08:20:45.0984 2112 SSDPSRV - ok

08:20:46.0015 2112 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

08:20:46.0015 2112 ssmdrv - ok

08:20:46.0062 2112 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

08:20:46.0062 2112 stisvc - ok

08:20:46.0093 2112 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

08:20:46.0093 2112 swenum - ok

08:20:46.0109 2112 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

08:20:46.0109 2112 swmidi - ok

08:20:46.0125 2112 SwPrv - ok

08:20:46.0140 2112 symc810 - ok

08:20:46.0140 2112 symc8xx - ok

08:20:46.0156 2112 sym_hi - ok

08:20:46.0156 2112 sym_u3 - ok

08:20:46.0171 2112 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

08:20:46.0187 2112 sysaudio - ok

08:20:46.0203 2112 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

08:20:46.0203 2112 SysmonLog - ok

08:20:46.0234 2112 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

08:20:46.0234 2112 TapiSrv - ok

08:20:46.0265 2112 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:20:46.0265 2112 Tcpip - ok

08:20:46.0296 2112 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

08:20:46.0296 2112 TDPIPE - ok

08:20:46.0312 2112 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

08:20:46.0312 2112 TDTCP - ok

08:20:46.0343 2112 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

08:20:46.0343 2112 TermDD - ok

08:20:46.0359 2112 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

08:20:46.0375 2112 TermService - ok

08:20:46.0390 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

08:20:46.0390 2112 Themes - ok

08:20:46.0421 2112 [ B84B82C0CBEB1B0D7EB7A946BADE5830 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

08:20:46.0421 2112 tifsfilter - ok

08:20:46.0437 2112 [ 74711884439BDF9CCF446C79CB05FAC0 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys

08:20:46.0453 2112 timounter - ok

08:20:46.0484 2112 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

08:20:46.0484 2112 TlntSvr - ok

08:20:46.0484 2112 TosIde - ok

08:20:46.0500 2112 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

08:20:46.0500 2112 TrkWks - ok

08:20:46.0531 2112 [ ACEB4F4F83B895E15C8C1A2F55009783 ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys

08:20:46.0531 2112 truecrypt - ok

08:20:46.0546 2112 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys

08:20:46.0562 2112 TrueSight - ok

08:20:46.0593 2112 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

08:20:46.0593 2112 Udfs - ok

08:20:46.0593 2112 ultra - ok

08:20:46.0625 2112 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

08:20:46.0640 2112 Update - ok

08:20:46.0656 2112 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

08:20:46.0671 2112 upnphost - ok

08:20:46.0671 2112 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

08:20:46.0687 2112 UPS - ok

08:20:46.0703 2112 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:20:46.0703 2112 usbccgp - ok

08:20:46.0734 2112 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:20:46.0734 2112 usbehci - ok

08:20:46.0734 2112 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:20:46.0734 2112 usbhub - ok

08:20:46.0765 2112 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:20:46.0765 2112 usbscan - ok

08:20:46.0781 2112 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:20:46.0781 2112 USBSTOR - ok

08:20:46.0796 2112 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:20:46.0796 2112 usbuhci - ok

08:20:46.0812 2112 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

08:20:46.0812 2112 VgaSave - ok

08:20:46.0828 2112 ViaIde - ok

08:20:46.0828 2112 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

08:20:46.0828 2112 VolSnap - ok

08:20:46.0875 2112 [ E0743BBE28AD2C310698148C75333729 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys

08:20:46.0890 2112 Vsdatant - ok

08:20:46.0906 2112 vsmon - ok

08:20:46.0937 2112 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

08:20:46.0937 2112 VSS - ok

08:20:46.0984 2112 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

08:20:46.0984 2112 W32Time - ok

08:20:47.0031 2112 [ F0BDC2B474E26117EE77BFDBA051FB3C ] W8335XP C:\WINDOWS\system32\DRIVERS\Mrvw125.sys

08:20:47.0031 2112 W8335XP - ok

08:20:47.0046 2112 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:20:47.0046 2112 Wanarp - ok

08:20:47.0062 2112 WDICA - ok

08:20:47.0078 2112 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

08:20:47.0078 2112 wdmaud - ok

08:20:47.0109 2112 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

08:20:47.0109 2112 WebClient - ok

08:20:47.0171 2112 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

08:20:47.0171 2112 winmgmt - ok

08:20:47.0218 2112 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

08:20:47.0218 2112 WmdmPmSN - ok

08:20:47.0265 2112 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

08:20:47.0265 2112 Wmi - ok

08:20:47.0281 2112 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:20:47.0281 2112 WmiApSrv - ok

08:20:47.0328 2112 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

08:20:47.0328 2112 wscsvc - ok

08:20:47.0375 2112 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

08:20:47.0375 2112 wuauserv - ok

08:20:47.0406 2112 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

08:20:47.0421 2112 WZCSVC - ok

08:20:47.0453 2112 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

08:20:47.0453 2112 xmlprov - ok

08:20:47.0468 2112 ================ Scan global ===============================

08:20:47.0500 2112 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

08:20:47.0531 2112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:20:47.0531 2112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:20:47.0546 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

08:20:47.0562 2112 [Global] - ok

08:20:47.0562 2112 ================ Scan MBR ==================================

08:20:47.0593 2112 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

08:20:47.0734 2112 \Device\Harddisk0\DR0 - ok

08:20:47.0734 2112 ================ Scan VBR ==================================

08:20:47.0750 2112 [ 0400AE14AB0914DB997F5CDE2A347C0E ] \Device\Harddisk0\DR0\Partition1

08:20:47.0750 2112 \Device\Harddisk0\DR0\Partition1 - ok

08:20:47.0765 2112 [ 377E80364CDE6122C2B890ABB0DDFCBC ] \Device\Harddisk0\DR0\Partition2

08:20:47.0765 2112 \Device\Harddisk0\DR0\Partition2 - ok

08:20:47.0796 2112 [ 6F620A36A6DCDDB5AF4390CDA7EF4011 ] \Device\Harddisk0\DR0\Partition3

08:20:47.0796 2112 \Device\Harddisk0\DR0\Partition3 - ok

08:20:47.0796 2112 ============================================================

08:20:47.0796 2112 Scan finished

08:20:47.0796 2112 ============================================================

08:20:47.0812 1612 Detected object count: 0

08:20:47.0812 1612 Actual detected object count: 0

Link to post
Share on other sites

Note: Always wait for my reply and guidance and do not do any fixes on your own.

There is only 1 entry that needs attention in RogueKiller:

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Start RogueKiller .
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to this 1 item only and uncheck the rest: (if found)
    [HJ] HKLM\[...]\SystemRestore : DisableSR (1)
  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

NOTE: I need for you to check with ZoneAlarm/Checkpoint as to whether the version of PRO that you have does or does not hava antivirus !!

If your ZoneAlarm PRO has an antivirus component, then you will need to uninstall Avira antivirus.

Having more than 1 active-monitor antivirus will lead to deadlocks and conflicts.

Link to post
Share on other sites

Thanks again for your help. Have I been in error in using tea timer ? Was any data actually stolen ?

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Remove -- Date : 12/17/2012 07:06:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF7AA4CAC)

SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xF7AA4C66)

SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0xF7AA4C5C)

SSDT[63] : NtDeleteKey @ 0x80599777 -> HOOKED (Unknown @ 0xF7AA4C6B)

SSDT[65] : NtDeleteValueKey @ 0x80598396 -> HOOKED (Unknown @ 0xF7AA4C75)

SSDT[98] : NtLoadKey @ 0x805D5235 -> HOOKED (Unknown @ 0xF7AA4C7A)

SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xF7AA4CCF)

SSDT[193] : NtReplaceKey @ 0x806571D6 -> HOOKED (Unknown @ 0xF7AA4C84)

SSDT[204] : NtRestoreKey @ 0x80656D6D -> HOOKED (Unknown @ 0xF7AA4C7F)

SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0xF7AA4CBB)

SSDT[237] : NtSetSecurityObject @ 0x8059DDD3 -> HOOKED (Unknown @ 0xF7AA4CC5)

SSDT[247] : NtSetValueKey @ 0x80580090 -> HOOKED (Unknown @ 0xF7AA4C70)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7AA4CDE)

S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7AA4CE3)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JD-08LSA0 +++++

--- User ---

[MBR] 3262568dc9d189ef5bea61906495ad37

[bSP] 49cdaa68ee98ee3c32955765d6f227b6 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 18010 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 36885240 | Size: 23454 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 84919590 | Size: 34859 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_12172012_02d0706.txt >>

RKreport[1]_S_12162012_02d0816.txt ; RKreport[2]_S_12172012_02d0705.txt ; RKreport[3]_D_12172012_02d0706.txt

Link to post
Share on other sites

Like I noted before, Tea Timer must stay OFF while we do fixing and cleaning....otherwise it will interfere and revert fixes.

Unless you are yourself more familiar with it, I'd suggest you not have it on in the future.

Safer pc-usage practices and safer web-practices by you will help to lessen odds of future infection.

You can use Spybot in the future, as an on-demand tool.

As to what and if anything was stolen, I cannot guesstimate at this point.

For now, do these next. There will be more later, as we are not done.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus application.

Link to post
Share on other sites

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/17/2012 04:57:32 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\igfxtray.exe (PID: 1440) [WD-HEUR]

* C:\WINDOWS\system32\hkcmd.exe (PID: 1500) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

* HKLM\Software\Classes\.exe\shell found and deleted!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.

Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.

Startup Type set to: Disabled

* HidServ [Missing ServiceDLL Value]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.

* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

20 out of 14988 HOSTS entries shown.

Please review HOSTS file for further entries.

Program finished at: 12/17/2012 04:58:11 PM

Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)

Link to post
Share on other sites

Can not get Combofix to work. Downloaded with changed name, firewall and anti-virus disabled, clicked run, tried to make restore point, found recovery not installed, installed, ok.

Then 3 lines of text on a blue background.

Scanning for infected files,

Typically ....10 mins

Badly infected........double

and then the PC freezes and need to power off on tower.

Used Link 1, Link 2 seemed in code

Link to post
Share on other sites

Hi..........I didn't try to restore, combo-fix on its blue dialog box said that was what it was trying to do, to set a new restore point. It has installed recovery because that now shows at each logon. After that it seems to stall, the clock in the bottom right stops working. I left the first scan for 50 mins, I will try tomorrow for longer.

I am getting concerned about the data that might be being removed and would like your advice on immediate precautions. Would changing passwords now work or would the new password be stolen as its changed.

And would it be appropriate to use a previous Acronis backup from before the infection to get rid of any problem. The problem then is that I would never know what had hit me and what I might have lost.

Your advice please.

Link to post
Share on other sites

I ran 2 scans over night. The first started as described above and the windows clock stopped 1 min after combo-fix said it was scanning. Left it for 2 hours with no result. PC frozen. At 07.16 this morning I deleted combo-fix and downloaded it again and changed its name before it downloaded. Turned off avira and left ZA running. Again combo tried to make a new restore point and told me it was scanning. I allowed all ZA alerts and the scan continued for 95mins before the monitor shutdown kicked in and froze the PC. Up to that time windows clock was running. I will try again leaving more time before the monitor turns itself off. In the blue combo screen nothing was added after the note that saying heavily infected computers took a long time to scan.

Link to post
Share on other sites

As to changing of passwords, ONLY do that for online passwords but using another but clean system.

In other words, if you do change passwords, you must do it using a clean system !.

As to restoration by using Acronis, you may consider that.... IF you have a full system image from a known good backup.

Let me know what you decide.

Please stop trying to run any more Combofix. If needed, we could run other tools.

BTW

Combofix will at the start, try to save a system restore point IF Windows System restore service is available.

And on XP systems, it will attempt to install the XP Recovery Console at the beginning.

Also that last "note" you mentioned is just general information, and not necessarily something specific to your system.

Other notes:

IF this system is a notebook system (or laptop) it is a good practice to have it powered directly to a UPS system or to wall-electric power.

And as to ZoneAlarm, I personnaly would have disabled ZA & just turned on the Windows firewall service.

ZA adds more complications in these situations.

Link to post
Share on other sites

Thanks for the response. If we can check the problem that would be good as it might indicate any data that has been taken. I have started changing passwords on a separate netbook. I have tried getting combo to run all day, the last time it asked ZA to allow Catchme and then mbr.3XE. The windows clock froze at that time, The cursor is still alive in the blue combo box but nothing is happening. As much as possible I am keeping the infected machine disabled from the internet. Please let me know what we can try next. I all fails I do have a clean acronis image but it will be a couple of months old.

Link to post
Share on other sites

IF Combofix has been "running" and it has been more than an hour.....try CTRL+ALT+DEL to stop and reboot the system.

run the Microsoft Windows Defender Offline. This is an "offline" tool that you boot the pc with and scan your system for malware.

To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and then download and run the tool—the tool will help you create the removable media.

The basic sequence of steps are

a) Download and SAVE the tool to a unique folder/location on your pc

b) Create the CD/DVD/USB-flash drive with tool

c) Set pc to boot from the offline media

d) Place media in & restart system

e) Run the tool. Have infinite patience & have it scan the entire system. Remove any malware that is found.

Download & info link http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

The frequently asked questions for this tool

http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq

Another How-to article on WDO http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

Link to post
Share on other sites

Thanks again but still not a lot of luck. I created media on a usb flash drive and defender was happy with the creation. Set the PC running and a black screen with a blue windows logo came up, the usb flashing away. After 5 mins an error message came up 0x0000005D telling me to hold down the power button as the system needed to re-start. I decided to re install the tool but instead of re-formatting defender just added 68mb of data and again said it was happy. Again after 5 mins the same error message to restart. I thought of trying it via DVD but that requires yet more software to be used. What would you advise. I will not have time untill early tomorrow to try again...Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.