gumdrop Posted December 13, 2012 ID:622988 Share Posted December 13, 2012 Somehow win32/help.txt hit oue computer this week. Malwarebytes found it and its now in quarantine.I ran Malwrebytes, Spybot and Avira anti-virus today with no detections of anything. However I understand that the .txt message can be controlling s trojan and I am therefore unsure if I have a problem or not.I tried to run ddr.scr after checking that IE has both script debugging items checked as disabled in Internet options. A notice appears telling me that 2 logs will be placed on my desktop and a bunch of Zonealarm warings come up which I allow. However nothing happens and the Dell GX270 PC is frozen. I have tried repeating the operation again with no luck. Internet connection was off and Avira disabled. Help! Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 14, 2012 ID:623248 Share Posted December 14, 2012 Hello gumdrop and welcome to MalwareBytes forums.Let me suggest, if you're an MBAM customer, you contact the consumer help desk here. If you are in an organization or a corporate customer, contact Corporate Support for assistance.Otherwise, I'll need to see from you some basic reports in order to get much further.What is the version of ZoneAlarm that you have ?What is the version of Windows on this system? XP, Vista, Windows 7, or 8 ?You may need to disable Avira temporarily to get some basic reports.You may also need to disable ZoneAlarm as well .... if you do, then turn ON the Windows firewall.See How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDownload Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Do NOT attach any logs. Always Copy & Paste all contents into main-body of reply. Link to post Share on other sites More sharing options...
gumdrop Posted December 15, 2012 Author ID:623546 Share Posted December 15, 2012 Thanks for the respnse.I am running XP Professional 2002 SP3Zone Alarm Pro 11.0.000.018info.txt logfile of random's system information tool 1.09 2012-12-15 13:15:58======Uninstall list======-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL-->C:\WINDOWS\NuNInst.exe /UNINSTALL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstallAdobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activexAdobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain pluginAdobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}Agent Ransack Version 1.7.3-->"C:\Program Files\Mythicsoft\Agent Ransack\unins000.exe"Agfa ScanWise 2.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 2_00\UNINSTALL.DLL"Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}Avira Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVECanon PIXMA iP4000-->C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"CCleaner-->"C:\Program Files\CCleaner\uninst.exe"Corel Uninstaller-->C:\WINDOWS\Corel\uninst32.exeEASEUS Partition Master 5.0.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 5.0.1 Home Edition\unins000.exe"EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"GNU Privacy Guard-->"C:\Program Files\GNU\GnuPG\uninst-gnupg.exe"Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"Hotfix for Windows XP (KB2756822)-->"C:\WINDOWS\$NtUninstallKB2756822$\spuninst\spuninst.exe"Hotfix for Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe"Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572Intel® PRO Network Adapters and Drivers-->Prounstl.exeJava 6 Update 37-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216033FF}Malwarebytes Anti-Malware version 1.65.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}Microsoft Works 4.5-->C:\Program Files\MSWorks\Setup45\setup.exeMicrosoft Works Setup Launcher-->C:\Program Files\Microsoft Works 4.5\Setup\Launcher.exe D:\Mozilla Firefox 15.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exeMozilla Thunderbird 17.0 (x86 en-US)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exeMSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exeNero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}PowerDVD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"Registry Mechanic 10.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /LogSecurity Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2722913)-->"C:\WINDOWS\ie8updates\KB2722913-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"Security Update for Windows XP (KB2491683)-->"C:\WINDOWS\$NtUninstallKB2491683$\spuninst\spuninst.exe"Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"Security Update for Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe"Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe"Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"Security Update for Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe"Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe"Security Update for Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe"Security Update for Windows XP (KB2705219)-->"C:\WINDOWS\$NtUninstallKB2705219$\spuninst\spuninst.exe"Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe"Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe"Security Update for Windows XP (KB2712808)-->"C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe"Security Update for Windows XP (KB2718523)-->"C:\WINDOWS\$NtUninstallKB2718523$\spuninst\spuninst.exe"Security Update for Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe"Security Update for Windows XP (KB2723135)-->"C:\WINDOWS\$NtUninstallKB2723135$\spuninst\spuninst.exe"Security Update for Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe"Security Update for Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe"Security Update for Windows XP (KB2731847)-->"C:\WINDOWS\$NtUninstallKB2731847$\spuninst\spuninst.exe"Security Update for Windows XP (KB2753842)-->"C:\WINDOWS\$NtUninstallKB2753842$\spuninst\spuninst.exe"Security Update for Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe"Security Update for Windows XP (KB2761226)-->"C:\WINDOWS\$NtUninstallKB2761226$\spuninst\spuninst.exe"Security Update for Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe"Security Update for Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe"Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.infSecurity Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"SimpleOCR 3.1-->C:\PROGRA~1\SIMPLE~1\UNWISE.EXE C:\PROGRA~1\SIMPLE~1\INSTALL.LOGSoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonlySpybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exeSyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /uUpdate for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"Update for Windows XP (KB2616676-v2)-->"C:\WINDOWS\$NtUninstallKB2616676-v2$\spuninst\spuninst.exe"Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"Update for Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe"Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe"Update for Windows XP (KB2736233)-->"C:\WINDOWS\$NtUninstallKB2736233$\spuninst\spuninst.exe"Update for Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe"Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}VLC media player 2.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exeWavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exeWindows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"ZoneAlarm Firewall-->MsiExec.exe /I{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}ZoneAlarm Pro-->"C:\Program Files\CheckPoint\Install\Install.exe" /s uninstallZoneAlarm Security-->MsiExec.exe /I{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}======Hosts File======127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com======Security center information======AV: Avira Desktop (disabled)FW: ZoneAlarm Pro Firewall (disabled)======System event log======Computer Name: DELLEvent Code: 1003Message: Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0019B92F743A. The followingerror occurred:The operation was canceled by the user..Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server.Record Number: 52830Source Name: DhcpTime Written: 20120919064622.000000+060Event Type: warningUser:Computer Name: DELLEvent Code: 4226Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.Record Number: 52826Source Name: TcpipTime Written: 20120918151512.000000+060Event Type: warningUser:Computer Name: DELLEvent Code: 7026Message: The following boot-start or system-start driver(s) failed to load:LbdSBRERecord Number: 52814Source Name: Service Control ManagerTime Written: 20120918114919.000000+060Event Type: errorUser:Computer Name: DELLEvent Code: 1002Message: The IP address lease 192.168.1.2 for the Network Card with network address 0019B92F743A has beendenied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).Record Number: 52808Source Name: DhcpTime Written: 20120918114815.000000+060Event Type: errorUser:Computer Name: DELLEvent Code: 7026Message: The following boot-start or system-start driver(s) failed to load:LbdSBRERecord Number: 52793Source Name: Service Control ManagerTime Written: 20120918061952.000000+060Event Type: errorUser:=====Application event log=====Computer Name: DELLEvent Code: 0Message:Record Number: 5036Source Name: System.ServiceModel.Install 3.0.0.0Time Written: 20120407074350.000000+060Event Type: warningUser:Computer Name: DELLEvent Code: 0Message:Record Number: 5034Source Name: System.ServiceModel.Install 3.0.0.0Time Written: 20120407074347.000000+060Event Type: warningUser:Computer Name: DELLEvent Code: 0Message:Record Number: 5033Source Name: System.ServiceModel.Install 3.0.0.0Time Written: 20120407074347.000000+060Event Type: warningUser:Computer Name: DELLEvent Code: 0Message:Record Number: 5032Source Name: System.ServiceModel.Install 3.0.0.0Time Written: 20120407074346.000000+060Event Type: warningUser:Computer Name: DELLEvent Code: 0Message:Record Number: 5031Source Name: System.ServiceModel.Install 3.0.0.0Time Written: 20120407074346.000000+060Event Type: warningUser:======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem"windir"=%SystemRoot%"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"PROCESSOR_ARCHITECTURE"=x86"PROCESSOR_LEVEL"=15"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel"PROCESSOR_REVISION"=0304"NUMBER_OF_PROCESSORS"=2"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"tvdebugcategories"=Off"tvdumpflags"=8-----------------EOF-----------------Logfile of random's system information tool 1.09 (written by random/random)Run by Administrator at 2012-12-15 13:44:47Microsoft Windows XP Professional Service Pack 3System drive C: has 9 GB (48%) free of 18 GBTotal RAM: 2039 MB (71% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 13:44:58, on 15/12/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\Administrator\Desktop\RSIT.exeC:\Program Files\trend micro\Administrator.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R3 - URLSearchHook: ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: ZoneAlarm Security Suite - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: ZoneAlarm Security Suite Toolbar - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - (no file)O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dllO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeO4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: AutorunsDisabledO4 - Global Startup: AutorunsDisabledO8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesaveO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341986214343O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exeO24 - Desktop Component AutorunsDisabled: (no name) - (no file)--End of file - 7324 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\SyncBack BACKUP OF DATA.jobC:\WINDOWS\tasks\SyncBack daily.jobC:\WINDOWS\tasks\wavepadShakeIcon.job=========Mozilla firefox=========ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {3ce45c4f-bfff-4988-9a3c-a75c1f491319}:3.5.1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties""{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]"Description"=Adobe® Flash® Player 11.5.502.135 Plugin"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]"Description"=ZoneAlarm LTD Toolbar Api"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]"Description"="Path"=C:\WINDOWS\system32\npdeployJava1.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]"Description"=Oracle® Next Generation Java™ Plug-In"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102]"Description"=getPlus+®"Path"=C:\Program Files\NOS\bin\np_gp.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]"Description"=Google Update"Path"=[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]"Description"=VLC Multimedia Plugin"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]"Description"=Handles PDFs in-place in Firefox"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllC:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}C:\Program Files\Mozilla Firefox\components\binary.manifestbrowsercomps.dllC:\Program Files\Mozilla Firefox\plugins\nppdf32.dllnp_gp.dllC:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xmlbing.xmleBay.xmlgoogle.xmltwitter.xmlwikipedia.xmlyahoo.xmlC:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]ZoneAlarm Security Suite Toolbar[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-10-25 329712][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-02 603816][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-10-25 59376][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-10-25 79856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{3ce45c4f-bfff-4988-9a3c-a75c1f491319} -{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-02 603816][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-08-01 348664]"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-16 1169776]"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-05-25 155648]"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-05-25 126976]"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-02-16 1945960]"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-02-16 149024]"ISW"= []"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2012-11-07 73392][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]C:\Documents and Settings\All Users\Start Menu\Programs\StartupAutorunsDisabledC:\Documents and Settings\Administrator\Start Menu\Programs\StartupAutorunsDisabled[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\system32\igfxsrvc.dll [2006-05-25 348160][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"authentication packages"=msv1_0relog_ap[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"=1[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]"midimapper"=midimap.dll"msacm.imaadpcm"=imaadp32.acm"msacm.msadpcm"=msadp32.acm"msacm.msg711"=msg711.acm"msacm.msgsm610"=msgsm32.acm"msacm.trspch"=tssoft32.acm"vidc.cvid"=iccvid.dll"vidc.I420"=msh263.drv"vidc.iv31"=ir32_32.dll"vidc.iv32"=ir32_32.dll"vidc.iv41"=ir41_32.ax"vidc.iyuv"=iyuv_32.dll"vidc.mrle"=msrle32.dll"vidc.msvc"=msvidc32.dll"vidc.uyvy"=msyuv.dll"vidc.yuy2"=msyuv.dll"vidc.yvu9"=tsbyuv.dll"vidc.yvyu"=msyuv.dll"wavemapper"=msacm32.drv"msacm.msg723"=msg723.acm"vidc.M263"=msh263.drv"vidc.M261"=msh261.drv"msacm.msaudio1"=msaud32.acm"msacm.sl_anet"=sl_anet.acm"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax"vidc.iv50"=ir50_32.dll"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm"wave"=wdmaud.drv"midi"=wdmaud.drv"mixer"=wdmaud.drv"wave1"=serwvdrv.dll======File associations======.reg - edit -.reg - open -======List of files/folders created in the last 1 month======2012-12-15 13:15:37 ----D---- C:\Program Files\trend micro2012-12-15 13:15:36 ----D---- C:\rsit2012-12-12 06:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$2012-12-12 06:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$2012-12-12 06:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$2012-12-12 06:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$2012-12-12 06:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$2012-12-09 19:01:05 ----D---- C:\Program Files\Mozilla Thunderbird2012-11-21 19:33:18 ----D---- C:\Program Files\Common Files\Java2012-11-21 19:32:01 ----A---- C:\WINDOWS\system32\javaws.exe2012-11-21 19:32:01 ----A---- C:\WINDOWS\system32\javaw.exe2012-11-21 19:32:01 ----A---- C:\WINDOWS\system32\java.exe2012-11-16 09:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$2012-11-16 09:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$======List of files/folders modified in the last 1 month======2012-12-15 13:44:58 ----D---- C:\WINDOWS\Prefetch2012-12-15 13:44:24 ----D---- C:\WINDOWS\Temp2012-12-15 13:15:37 ----RD---- C:\Program Files2012-12-15 08:59:49 ----SHD---- C:\System Volume Information2012-12-15 08:56:52 ----D---- C:\WINDOWS\system32\NtmsData2012-12-15 08:18:13 ----D---- C:\WINDOWS\Registration2012-12-15 08:17:46 ----D---- C:\WINDOWS\system32\drivers2012-12-15 08:11:24 ----D---- C:\WINDOWS\system32\CatRoot22012-12-15 08:10:49 ----A---- C:\WINDOWS\SchedLgU.Txt2012-12-15 06:55:27 ----SD---- C:\WINDOWS\Tasks2012-12-15 06:54:12 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe2012-12-15 06:44:51 ----D---- C:\WINDOWS2012-12-14 18:28:59 ----D---- C:\Program Files\Mozilla Firefox2012-12-13 09:02:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2012-12-12 17:38:23 ----D---- C:\WINDOWS\system322012-12-12 08:09:23 ----D---- C:\WINDOWS\Debug2012-12-12 06:59:30 ----D---- C:\WINDOWS\inf2012-12-12 06:59:24 ----RSHDC---- C:\WINDOWS\system32\dllcache2012-12-12 06:56:01 ----D---- C:\Program Files\Internet Explorer2012-12-12 06:51:54 ----A---- C:\WINDOWS\system32\MRT.exe2012-12-12 06:50:58 ----D---- C:\WINDOWS\ie8updates2012-12-12 06:50:43 ----HD---- C:\WINDOWS\$hf_mig$2012-12-10 17:49:20 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc2012-12-10 17:49:18 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss2012-12-10 11:37:53 ----D---- C:\WINDOWS\system32\FxsTmp2012-12-07 20:42:24 ----D---- C:\Program Files\Winamp2012-12-07 17:17:47 ----A---- C:\WINDOWS\winamp.ini2012-11-28 19:45:48 ----D---- C:\Program Files\CCleaner2012-11-23 09:48:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP2012-11-23 09:44:41 ----SHD---- C:\WINDOWS\Installer2012-11-23 09:44:41 ----D---- C:\WINDOWS\WinSxS2012-11-23 09:44:33 ----D---- C:\Program Files\Common Files\Microsoft Shared2012-11-21 19:33:18 ----D---- C:\Program Files\Common Files2012-11-21 19:31:58 ----D---- C:\Program Files\Java2012-11-21 18:25:43 ----SH---- C:\boot.ini2012-11-21 18:25:43 ----A---- C:\WINDOWS\win.ini2012-11-21 18:25:43 ----A---- C:\WINDOWS\system.ini2012-11-18 15:14:54 ----D---- C:\Program Files\CheckPoint2012-11-18 15:13:18 ----D---- C:\Documents and Settings\All Users\Application Data\CheckPoint2012-11-17 09:25:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe2012-11-16 16:26:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2012-11-16 08:59:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-01-27 114048]R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-01-27 392320]R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-05-08 137928]R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-09-20 29696]R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-09-20 28672]R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-03-09 223440]R1 Vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2012-11-07 527408]R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-05-08 83392]R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-01-27 32768]R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-07-11 121856]R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-05-25 807804]R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-09-20 101760]S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []S3 ham50;Intel V92 HaM Data Fax Voice; C:\WINDOWS\system32\DRIVERS\IntelH51.sys [2002-06-21 469935]S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 W8335XP;802.11g/b Driver for Windows XP ; C:\WINDOWS\system32\DRIVERS\Mrvw125.sys [2007-06-19 282624]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-16 411168]R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-08 110032]R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-09-20 877056]R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 497320]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-09-24 153584]R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]S2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2012-11-07 2447440]S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]S3 nosGetPlusHelper;getPlus® Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]-----------------EOF----------------- Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 15, 2012 ID:623553 Share Posted December 15, 2012 These steps are for member gumdrop only. If you are a casual viewer, do NOT try this on your system! If you are not gumdrop and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use!Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.You must keep Spybot's Tea Timer disabled ( OFF ) for the entire duration of this case until after I give the all clear, otherwise it will interfere (revert) with all fixes we make.If you are not very familiar with it, keep it off on a permanent basis in future.Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode then select Advanced ModeOn the left hand side, slect ToolsThen click on the Resident icon in the listUncheck Resident TeaTimer and OK any prompts.Now Logoff & Restart your computer fresh.Step 21. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 3Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Step 4 Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here << Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start. Wait until Prescan has finished ... Click on Scan. Click on Report and copy/paste the content of the notepad into your next reply.Step 5Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIt may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Link to post Share on other sites More sharing options...
gumdrop Posted December 16, 2012 Author ID:623800 Share Posted December 16, 2012 Thanks again.......I ran tdsskiller.exe and it gave the following results294 objectsfound 0 threatsneutralized 0 threatsquarantined 0 objectsI was able to highlight the report but unable to copy with either mouse or keyboardRogueKiller V8.4.0 [Dec 15 2012] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Administrator [Admin rights]Mode : Scan -- Date : 12/16/2012 08:16:27¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF7A8639C)SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xF7A86356)SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0xF7A8634C)SSDT[63] : NtDeleteKey @ 0x80599777 -> HOOKED (Unknown @ 0xF7A8635B)SSDT[65] : NtDeleteValueKey @ 0x80598396 -> HOOKED (Unknown @ 0xF7A86365)SSDT[98] : NtLoadKey @ 0x805D5235 -> HOOKED (Unknown @ 0xF7A8636A)SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xF7A863BF)SSDT[193] : NtReplaceKey @ 0x806571D6 -> HOOKED (Unknown @ 0xF7A86374)SSDT[204] : NtRestoreKey @ 0x80656D6D -> HOOKED (Unknown @ 0xF7A8636F)SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0xF7A863AB)SSDT[237] : NtSetSecurityObject @ 0x8059DDD3 -> HOOKED (Unknown @ 0xF7A863B5)SSDT[247] : NtSetValueKey @ 0x80580090 -> HOOKED (Unknown @ 0xF7A86360)S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7A863CE)S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7A863D3)¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD800JD-08LSA0 +++++--- User ---[MBR] 3262568dc9d189ef5bea61906495ad37[bSP] 49cdaa68ee98ee3c32955765d6f227b6 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 18010 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 36885240 | Size: 23454 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 84919590 | Size: 34859 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_12162012_02d0816.txt >>RKreport[1]_S_12162012_02d0816.txt08:20:36.0187 2928 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3508:20:36.0500 2928 ============================================================08:20:36.0500 2928 Current date / time: 2012/12/16 08:20:36.050008:20:36.0500 2928 SystemInfo:08:20:36.0500 2928 08:20:36.0500 2928 OS Version: 5.1.2600 ServicePack: 3.008:20:36.0500 2928 Product type: Workstation08:20:36.0500 2928 ComputerName: DELL08:20:36.0500 2928 UserName: Administrator08:20:36.0500 2928 Windows directory: C:\WINDOWS08:20:36.0500 2928 System windows directory: C:\WINDOWS08:20:36.0500 2928 Processor architecture: Intel x8608:20:36.0500 2928 Number of processors: 208:20:36.0500 2928 Page size: 0x100008:20:36.0500 2928 Boot type: Normal boot08:20:36.0500 2928 ============================================================08:20:37.0656 2928 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005408:20:37.0656 2928 ============================================================08:20:37.0656 2928 \Device\Harddisk0\DR0:08:20:37.0656 2928 MBR partitions:08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x232D2B908:20:37.0656 2928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x232D2F8, BlocksNum 0x2DCF22E08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50FC526, BlocksNum 0x4415E5C08:20:37.0656 2928 ============================================================08:20:37.0859 2928 E: <-> \Device\Harddisk0\DR0\Partition308:20:37.0890 2928 C: <-> \Device\Harddisk0\DR0\Partition108:20:37.0921 2928 D: <-> \Device\Harddisk0\DR0\Partition208:20:37.0921 2928 ============================================================08:20:37.0921 2928 Initialize success08:20:37.0921 2928 ============================================================08:20:39.0328 2112 ============================================================08:20:39.0328 2112 Scan started08:20:39.0328 2112 Mode: Manual;08:20:39.0328 2112 ============================================================08:20:40.0125 2112 ================ Scan system memory ========================08:20:40.0125 2112 System memory - ok08:20:40.0125 2112 ================ Scan services =============================08:20:40.0187 2112 Abiosdsk - ok08:20:40.0187 2112 abp480n5 - ok08:20:40.0218 2112 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys08:20:40.0218 2112 ACPI - ok08:20:40.0250 2112 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys08:20:40.0250 2112 ACPIEC - ok08:20:40.0312 2112 [ 46A5CBB09B8F0C46F8CBE9210E5E3BE2 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe08:20:40.0328 2112 AcrSch2Svc - ok08:20:40.0328 2112 adpu160m - ok08:20:40.0343 2112 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys08:20:40.0343 2112 aec - ok08:20:40.0390 2112 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys08:20:40.0390 2112 AFD - ok08:20:40.0390 2112 Aha154x - ok08:20:40.0406 2112 aic78u2 - ok08:20:40.0406 2112 aic78xx - ok08:20:40.0453 2112 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll08:20:40.0453 2112 Alerter - ok08:20:40.0468 2112 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe08:20:40.0468 2112 ALG - ok08:20:40.0468 2112 AliIde - ok08:20:40.0484 2112 amsint - ok08:20:40.0531 2112 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe08:20:40.0531 2112 AntiVirSchedulerService - ok08:20:40.0546 2112 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe08:20:40.0546 2112 AntiVirService - ok08:20:40.0578 2112 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll08:20:40.0578 2112 AppMgmt - ok08:20:40.0609 2112 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys08:20:40.0609 2112 Arp1394 - ok08:20:40.0609 2112 asc - ok08:20:40.0625 2112 asc3350p - ok08:20:40.0640 2112 asc3550 - ok08:20:40.0671 2112 [ 20D04091EBA710F6988F710507D85868 ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys08:20:40.0671 2112 Aspi32 - ok08:20:40.0703 2112 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys08:20:40.0703 2112 AsyncMac - ok08:20:40.0718 2112 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys08:20:40.0718 2112 atapi - ok08:20:40.0734 2112 Atdisk - ok08:20:40.0750 2112 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys08:20:40.0750 2112 Atmarpc - ok08:20:40.0765 2112 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll08:20:40.0765 2112 AudioSrv - ok08:20:40.0781 2112 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys08:20:40.0781 2112 audstub - ok08:20:40.0796 2112 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys08:20:40.0796 2112 avgntflt - ok08:20:40.0812 2112 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys08:20:40.0812 2112 avipbb - ok08:20:40.0828 2112 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys08:20:40.0828 2112 avkmgr - ok08:20:40.0859 2112 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys08:20:40.0859 2112 Beep - ok08:20:40.0906 2112 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll08:20:40.0906 2112 BITS - ok08:20:40.0937 2112 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll08:20:40.0937 2112 Browser - ok08:20:40.0968 2112 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys08:20:40.0968 2112 cbidf2k - ok08:20:40.0984 2112 cd20xrnt - ok08:20:41.0000 2112 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys08:20:41.0000 2112 Cdaudio - ok08:20:41.0031 2112 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys08:20:41.0031 2112 Cdfs - ok08:20:41.0046 2112 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys08:20:41.0046 2112 Cdrom - ok08:20:41.0062 2112 Changer - ok08:20:41.0093 2112 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe08:20:41.0093 2112 CiSvc - ok08:20:41.0125 2112 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe08:20:41.0125 2112 ClipSrv - ok08:20:41.0125 2112 CmdIde - ok08:20:41.0140 2112 COMSysApp - ok08:20:41.0156 2112 Cpqarray - ok08:20:41.0187 2112 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll08:20:41.0187 2112 CryptSvc - ok08:20:41.0187 2112 dac2w2k - ok08:20:41.0203 2112 dac960nt - ok08:20:41.0250 2112 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll08:20:41.0250 2112 DcomLaunch - ok08:20:41.0281 2112 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll08:20:41.0296 2112 Dhcp - ok08:20:41.0312 2112 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys08:20:41.0312 2112 Disk - ok08:20:41.0328 2112 dmadmin - ok08:20:41.0375 2112 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys08:20:41.0375 2112 dmboot - ok08:20:41.0406 2112 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys08:20:41.0406 2112 dmio - ok08:20:41.0421 2112 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys08:20:41.0421 2112 dmload - ok08:20:41.0437 2112 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll08:20:41.0437 2112 dmserver - ok08:20:41.0468 2112 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys08:20:41.0468 2112 DMusic - ok08:20:41.0484 2112 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll08:20:41.0484 2112 Dnscache - ok08:20:41.0531 2112 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll08:20:41.0531 2112 Dot3svc - ok08:20:41.0531 2112 dpti2o - ok08:20:41.0546 2112 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys08:20:41.0546 2112 drmkaud - ok08:20:41.0593 2112 [ A8B3EC8EE13CBE14F067C72110155A1B ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys08:20:41.0593 2112 E1000 - ok08:20:41.0625 2112 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll08:20:41.0625 2112 EapHost - ok08:20:41.0656 2112 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys08:20:41.0656 2112 epmntdrv - ok08:20:41.0687 2112 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll08:20:41.0687 2112 ERSvc - ok08:20:41.0703 2112 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys08:20:41.0703 2112 EuGdiDrv - ok08:20:41.0750 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe08:20:41.0750 2112 Eventlog - ok08:20:41.0781 2112 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll08:20:41.0781 2112 EventSystem - ok08:20:41.0812 2112 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys08:20:41.0812 2112 Fastfat - ok08:20:41.0828 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll08:20:41.0843 2112 FastUserSwitchingCompatibility - ok08:20:41.0859 2112 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe08:20:41.0875 2112 Fax - ok08:20:41.0875 2112 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys08:20:41.0875 2112 Fdc - ok08:20:41.0890 2112 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys08:20:41.0890 2112 Fips - ok08:20:41.0906 2112 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys08:20:41.0906 2112 Flpydisk - ok08:20:41.0937 2112 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys08:20:41.0937 2112 FltMgr - ok08:20:41.0937 2112 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys08:20:41.0937 2112 Fs_Rec - ok08:20:41.0953 2112 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys08:20:41.0953 2112 Ftdisk - ok08:20:42.0000 2112 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll08:20:42.0000 2112 getPlusHelper - ok08:20:42.0031 2112 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys08:20:42.0031 2112 Gpc - ok08:20:42.0078 2112 [ 575976CD9F6A60BE788F8AEBAEF44AE5 ] ham50 C:\WINDOWS\system32\DRIVERS\IntelH51.sys08:20:42.0078 2112 ham50 - ok08:20:42.0140 2112 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll08:20:42.0140 2112 helpsvc - ok08:20:42.0171 2112 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys08:20:42.0171 2112 HidUsb - ok08:20:42.0203 2112 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll08:20:42.0203 2112 hkmsvc - ok08:20:42.0218 2112 hpn - ok08:20:42.0250 2112 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys08:20:42.0250 2112 HTTP - ok08:20:42.0281 2112 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll08:20:42.0296 2112 HTTPFilter - ok08:20:42.0296 2112 i2omgmt - ok08:20:42.0312 2112 i2omp - ok08:20:42.0328 2112 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys08:20:42.0328 2112 i8042prt - ok08:20:42.0437 2112 [ 3CA41CDB9C912AED354B0C7ABE4A4654 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys08:20:42.0437 2112 ialm - ok08:20:42.0531 2112 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys08:20:42.0531 2112 Imapi - ok08:20:42.0609 2112 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe08:20:42.0609 2112 ImapiService - ok08:20:42.0671 2112 [ BA316207C794B08F9DF091D69C15732D ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys08:20:42.0703 2112 InCDfs - ok08:20:42.0750 2112 [ 67B66F3E1492BB1D6C4FC85AD70CDC2D ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys08:20:42.0750 2112 InCDPass - ok08:20:42.0781 2112 [ 09DE3DB2C41443049F3B2B7F56F57540 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys08:20:42.0796 2112 InCDrec - ok08:20:42.0812 2112 [ 0755C3F5D7A844E3CF2F1AE770F0F189 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys08:20:42.0828 2112 incdrm - ok08:20:42.0953 2112 [ 45B09DB32DF8D1C8FA26DF54ECB37B8D ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe08:20:42.0968 2112 InCDsrv - ok08:20:42.0968 2112 ini910u - ok08:20:42.0984 2112 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys08:20:42.0984 2112 IntelIde - ok08:20:43.0015 2112 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys08:20:43.0015 2112 intelppm - ok08:20:43.0031 2112 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys08:20:43.0031 2112 Ip6Fw - ok08:20:43.0062 2112 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys08:20:43.0062 2112 IpFilterDriver - ok08:20:43.0078 2112 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys08:20:43.0078 2112 IpInIp - ok08:20:43.0109 2112 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys08:20:43.0109 2112 IpNat - ok08:20:43.0140 2112 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys08:20:43.0140 2112 IPSec - ok08:20:43.0156 2112 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys08:20:43.0156 2112 IRENUM - ok08:20:43.0171 2112 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys08:20:43.0171 2112 isapnp - ok08:20:43.0234 2112 [ 33112D12B95BD1DE18AF409D865DF10C ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys08:20:43.0234 2112 ISWKL - ok08:20:43.0265 2112 [ CFF1CD2C1CC8F5271967AA268982E878 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe08:20:43.0265 2112 IswSvc - ok08:20:43.0312 2112 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe08:20:43.0312 2112 JavaQuickStarterService - ok08:20:43.0328 2112 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys08:20:43.0328 2112 Kbdclass - ok08:20:43.0359 2112 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys08:20:43.0359 2112 kbdhid - ok08:20:43.0375 2112 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys08:20:43.0375 2112 kmixer - ok08:20:43.0390 2112 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys08:20:43.0406 2112 KSecDD - ok08:20:43.0421 2112 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll08:20:43.0421 2112 lanmanserver - ok08:20:43.0468 2112 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll08:20:43.0468 2112 lanmanworkstation - ok08:20:43.0468 2112 Lavasoft Kernexplorer - ok08:20:43.0484 2112 Lbd - ok08:20:43.0500 2112 lbrtfdc - ok08:20:43.0531 2112 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll08:20:43.0531 2112 LmHosts - ok08:20:43.0562 2112 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll08:20:43.0562 2112 Messenger - ok08:20:43.0578 2112 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys08:20:43.0578 2112 mnmdd - ok08:20:43.0609 2112 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe08:20:43.0609 2112 mnmsrvc - ok08:20:43.0640 2112 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys08:20:43.0640 2112 Modem - ok08:20:43.0671 2112 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys08:20:43.0671 2112 MODEMCSA - ok08:20:43.0671 2112 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys08:20:43.0671 2112 Mouclass - ok08:20:43.0703 2112 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys08:20:43.0703 2112 mouhid - ok08:20:43.0734 2112 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys08:20:43.0734 2112 MountMgr - ok08:20:43.0734 2112 mraid35x - ok08:20:43.0765 2112 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys08:20:43.0765 2112 MRxDAV - ok08:20:43.0796 2112 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys08:20:43.0796 2112 MRxSmb - ok08:20:43.0812 2112 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe08:20:43.0812 2112 MSDTC - ok08:20:43.0828 2112 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys08:20:43.0828 2112 Msfs - ok08:20:43.0843 2112 MSIServer - ok08:20:43.0875 2112 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys08:20:43.0875 2112 MSKSSRV - ok08:20:43.0890 2112 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys08:20:43.0890 2112 MSPCLOCK - ok08:20:43.0906 2112 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys08:20:43.0906 2112 MSPQM - ok08:20:43.0937 2112 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys08:20:43.0937 2112 mssmbios - ok08:20:43.0953 2112 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys08:20:43.0968 2112 Mup - ok08:20:44.0000 2112 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll08:20:44.0031 2112 napagent - ok08:20:44.0046 2112 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys08:20:44.0046 2112 NDIS - ok08:20:44.0062 2112 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys08:20:44.0062 2112 NdisTapi - ok08:20:44.0078 2112 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys08:20:44.0078 2112 Ndisuio - ok08:20:44.0093 2112 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys08:20:44.0093 2112 NdisWan - ok08:20:44.0109 2112 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys08:20:44.0109 2112 NDProxy - ok08:20:44.0125 2112 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys08:20:44.0125 2112 NetBIOS - ok08:20:44.0140 2112 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys08:20:44.0140 2112 NetBT - ok08:20:44.0171 2112 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe08:20:44.0171 2112 NetDDE - ok08:20:44.0187 2112 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe08:20:44.0187 2112 NetDDEdsdm - ok08:20:44.0203 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe08:20:44.0203 2112 Netlogon - ok08:20:44.0250 2112 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll08:20:44.0250 2112 Netman - ok08:20:44.0265 2112 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys08:20:44.0265 2112 NIC1394 - ok08:20:44.0312 2112 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll08:20:44.0312 2112 Nla - ok08:20:44.0328 2112 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys08:20:44.0328 2112 nm - ok08:20:44.0359 2112 [ 9865516D33BC66FDDAC9DB4087D4B6AA ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll08:20:44.0359 2112 nosGetPlusHelper - ok08:20:44.0375 2112 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys08:20:44.0375 2112 Npfs - ok08:20:44.0406 2112 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys08:20:44.0437 2112 Ntfs - ok08:20:44.0453 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe08:20:44.0453 2112 NtLmSsp - ok08:20:44.0500 2112 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll08:20:44.0515 2112 NtmsSvc - ok08:20:44.0531 2112 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys08:20:44.0531 2112 Null - ok08:20:44.0562 2112 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys08:20:44.0562 2112 NwlnkFlt - ok08:20:44.0578 2112 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys08:20:44.0578 2112 NwlnkFwd - ok08:20:44.0593 2112 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys08:20:44.0593 2112 ohci1394 - ok08:20:44.0625 2112 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys08:20:44.0625 2112 Parport - ok08:20:44.0640 2112 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys08:20:44.0640 2112 PartMgr - ok08:20:44.0671 2112 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys08:20:44.0671 2112 ParVdm - ok08:20:44.0687 2112 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys08:20:44.0687 2112 PCI - ok08:20:44.0703 2112 PCIDump - ok08:20:44.0703 2112 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys08:20:44.0703 2112 PCIIde - ok08:20:44.0734 2112 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys08:20:44.0734 2112 Pcmcia - ok08:20:44.0796 2112 [ C98CD9EE0012DF72206BD519DB9780D4 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe08:20:44.0796 2112 PCToolsSSDMonitorSvc - ok08:20:44.0812 2112 PDCOMP - ok08:20:44.0828 2112 PDFRAME - ok08:20:44.0828 2112 PDRELI - ok08:20:44.0843 2112 PDRFRAME - ok08:20:44.0843 2112 perc2 - ok08:20:44.0859 2112 perc2hib - ok08:20:44.0890 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe08:20:44.0890 2112 PlugPlay - ok08:20:44.0906 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe08:20:44.0906 2112 PolicyAgent - ok08:20:44.0937 2112 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys08:20:44.0937 2112 PptpMiniport - ok08:20:44.0937 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe08:20:44.0953 2112 ProtectedStorage - ok08:20:44.0953 2112 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys08:20:44.0953 2112 PSched - ok08:20:44.0968 2112 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys08:20:44.0968 2112 Ptilink - ok08:20:44.0984 2112 ql1080 - ok08:20:44.0984 2112 Ql10wnt - ok08:20:45.0000 2112 ql12160 - ok08:20:45.0000 2112 ql1240 - ok08:20:45.0015 2112 ql1280 - ok08:20:45.0031 2112 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys08:20:45.0031 2112 RasAcd - ok08:20:45.0031 2112 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll08:20:45.0031 2112 RasAuto - ok08:20:45.0062 2112 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys08:20:45.0062 2112 Rasl2tp - ok08:20:45.0109 2112 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll08:20:45.0109 2112 RasMan - ok08:20:45.0125 2112 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys08:20:45.0125 2112 RasPppoe - ok08:20:45.0140 2112 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys08:20:45.0140 2112 Raspti - ok08:20:45.0156 2112 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys08:20:45.0156 2112 Rdbss - ok08:20:45.0156 2112 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys08:20:45.0171 2112 RDPCDD - ok08:20:45.0187 2112 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys08:20:45.0187 2112 rdpdr - ok08:20:45.0218 2112 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys08:20:45.0218 2112 RDPWD - ok08:20:45.0234 2112 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe08:20:45.0250 2112 RDSessMgr - ok08:20:45.0265 2112 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys08:20:45.0265 2112 redbook - ok08:20:45.0296 2112 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll08:20:45.0296 2112 RemoteAccess - ok08:20:45.0312 2112 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll08:20:45.0312 2112 RemoteRegistry - ok08:20:45.0328 2112 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe08:20:45.0328 2112 RpcLocator - ok08:20:45.0359 2112 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll08:20:45.0359 2112 RpcSs - ok08:20:45.0375 2112 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe08:20:45.0375 2112 RSVP - ok08:20:45.0390 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe08:20:45.0406 2112 SamSs - ok08:20:45.0406 2112 SBRE - ok08:20:45.0421 2112 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe08:20:45.0421 2112 SCardSvr - ok08:20:45.0453 2112 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll08:20:45.0453 2112 Schedule - ok08:20:45.0484 2112 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys08:20:45.0484 2112 Secdrv - ok08:20:45.0500 2112 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll08:20:45.0500 2112 seclogon - ok08:20:45.0546 2112 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys08:20:45.0562 2112 senfilt - ok08:20:45.0578 2112 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll08:20:45.0578 2112 SENS - ok08:20:45.0593 2112 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys08:20:45.0593 2112 serenum - ok08:20:45.0609 2112 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys08:20:45.0609 2112 Serial - ok08:20:45.0640 2112 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys08:20:45.0640 2112 Sfloppy - ok08:20:45.0671 2112 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll08:20:45.0687 2112 SharedAccess - ok08:20:45.0703 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll08:20:45.0703 2112 ShellHWDetection - ok08:20:45.0718 2112 Simbad - ok08:20:45.0750 2112 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys08:20:45.0765 2112 smwdm - ok08:20:45.0796 2112 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys08:20:45.0796 2112 snapman - ok08:20:45.0812 2112 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS08:20:45.0812 2112 SONYPVU1 - ok08:20:45.0828 2112 Sparrow - ok08:20:45.0843 2112 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys08:20:45.0843 2112 splitter - ok08:20:45.0875 2112 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe08:20:45.0875 2112 Spooler - ok08:20:45.0890 2112 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys08:20:45.0906 2112 sr - ok08:20:45.0921 2112 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll08:20:45.0921 2112 srservice - ok08:20:45.0968 2112 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys08:20:45.0968 2112 Srv - ok08:20:45.0984 2112 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll08:20:45.0984 2112 SSDPSRV - ok08:20:46.0015 2112 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys08:20:46.0015 2112 ssmdrv - ok08:20:46.0062 2112 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll08:20:46.0062 2112 stisvc - ok08:20:46.0093 2112 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys08:20:46.0093 2112 swenum - ok08:20:46.0109 2112 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys08:20:46.0109 2112 swmidi - ok08:20:46.0125 2112 SwPrv - ok08:20:46.0140 2112 symc810 - ok08:20:46.0140 2112 symc8xx - ok08:20:46.0156 2112 sym_hi - ok08:20:46.0156 2112 sym_u3 - ok08:20:46.0171 2112 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys08:20:46.0187 2112 sysaudio - ok08:20:46.0203 2112 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe08:20:46.0203 2112 SysmonLog - ok08:20:46.0234 2112 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll08:20:46.0234 2112 TapiSrv - ok08:20:46.0265 2112 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys08:20:46.0265 2112 Tcpip - ok08:20:46.0296 2112 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys08:20:46.0296 2112 TDPIPE - ok08:20:46.0312 2112 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys08:20:46.0312 2112 TDTCP - ok08:20:46.0343 2112 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys08:20:46.0343 2112 TermDD - ok08:20:46.0359 2112 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll08:20:46.0375 2112 TermService - ok08:20:46.0390 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll08:20:46.0390 2112 Themes - ok08:20:46.0421 2112 [ B84B82C0CBEB1B0D7EB7A946BADE5830 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys08:20:46.0421 2112 tifsfilter - ok08:20:46.0437 2112 [ 74711884439BDF9CCF446C79CB05FAC0 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys08:20:46.0453 2112 timounter - ok08:20:46.0484 2112 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe08:20:46.0484 2112 TlntSvr - ok08:20:46.0484 2112 TosIde - ok08:20:46.0500 2112 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll08:20:46.0500 2112 TrkWks - ok08:20:46.0531 2112 [ ACEB4F4F83B895E15C8C1A2F55009783 ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys08:20:46.0531 2112 truecrypt - ok08:20:46.0546 2112 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys08:20:46.0562 2112 TrueSight - ok08:20:46.0593 2112 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys08:20:46.0593 2112 Udfs - ok08:20:46.0593 2112 ultra - ok08:20:46.0625 2112 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys08:20:46.0640 2112 Update - ok08:20:46.0656 2112 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll08:20:46.0671 2112 upnphost - ok08:20:46.0671 2112 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe08:20:46.0687 2112 UPS - ok08:20:46.0703 2112 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys08:20:46.0703 2112 usbccgp - ok08:20:46.0734 2112 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys08:20:46.0734 2112 usbehci - ok08:20:46.0734 2112 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys08:20:46.0734 2112 usbhub - ok08:20:46.0765 2112 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys08:20:46.0765 2112 usbscan - ok08:20:46.0781 2112 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS08:20:46.0781 2112 USBSTOR - ok08:20:46.0796 2112 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys08:20:46.0796 2112 usbuhci - ok08:20:46.0812 2112 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys08:20:46.0812 2112 VgaSave - ok08:20:46.0828 2112 ViaIde - ok08:20:46.0828 2112 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys08:20:46.0828 2112 VolSnap - ok08:20:46.0875 2112 [ E0743BBE28AD2C310698148C75333729 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys08:20:46.0890 2112 Vsdatant - ok08:20:46.0906 2112 vsmon - ok08:20:46.0937 2112 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe08:20:46.0937 2112 VSS - ok08:20:46.0984 2112 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll08:20:46.0984 2112 W32Time - ok08:20:47.0031 2112 [ F0BDC2B474E26117EE77BFDBA051FB3C ] W8335XP C:\WINDOWS\system32\DRIVERS\Mrvw125.sys08:20:47.0031 2112 W8335XP - ok08:20:47.0046 2112 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys08:20:47.0046 2112 Wanarp - ok08:20:47.0062 2112 WDICA - ok08:20:47.0078 2112 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys08:20:47.0078 2112 wdmaud - ok08:20:47.0109 2112 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll08:20:47.0109 2112 WebClient - ok08:20:47.0171 2112 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll08:20:47.0171 2112 winmgmt - ok08:20:47.0218 2112 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll08:20:47.0218 2112 WmdmPmSN - ok08:20:47.0265 2112 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll08:20:47.0265 2112 Wmi - ok08:20:47.0281 2112 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe08:20:47.0281 2112 WmiApSrv - ok08:20:47.0328 2112 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll08:20:47.0328 2112 wscsvc - ok08:20:47.0375 2112 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll08:20:47.0375 2112 wuauserv - ok08:20:47.0406 2112 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll08:20:47.0421 2112 WZCSVC - ok08:20:47.0453 2112 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll08:20:47.0453 2112 xmlprov - ok08:20:47.0468 2112 ================ Scan global ===============================08:20:47.0500 2112 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll08:20:47.0531 2112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll08:20:47.0531 2112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll08:20:47.0546 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe08:20:47.0562 2112 [Global] - ok08:20:47.0562 2112 ================ Scan MBR ==================================08:20:47.0593 2112 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR008:20:47.0734 2112 \Device\Harddisk0\DR0 - ok08:20:47.0734 2112 ================ Scan VBR ==================================08:20:47.0750 2112 [ 0400AE14AB0914DB997F5CDE2A347C0E ] \Device\Harddisk0\DR0\Partition108:20:47.0750 2112 \Device\Harddisk0\DR0\Partition1 - ok08:20:47.0765 2112 [ 377E80364CDE6122C2B890ABB0DDFCBC ] \Device\Harddisk0\DR0\Partition208:20:47.0765 2112 \Device\Harddisk0\DR0\Partition2 - ok08:20:47.0796 2112 [ 6F620A36A6DCDDB5AF4390CDA7EF4011 ] \Device\Harddisk0\DR0\Partition308:20:47.0796 2112 \Device\Harddisk0\DR0\Partition3 - ok08:20:47.0796 2112 ============================================================08:20:47.0796 2112 Scan finished08:20:47.0796 2112 ============================================================08:20:47.0812 1612 Detected object count: 008:20:47.0812 1612 Actual detected object count: 008:20:36.0187 2928 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3508:20:36.0500 2928 ============================================================08:20:36.0500 2928 Current date / time: 2012/12/16 08:20:36.050008:20:36.0500 2928 SystemInfo:08:20:36.0500 2928 08:20:36.0500 2928 OS Version: 5.1.2600 ServicePack: 3.008:20:36.0500 2928 Product type: Workstation08:20:36.0500 2928 ComputerName: DELL08:20:36.0500 2928 UserName: Administrator08:20:36.0500 2928 Windows directory: C:\WINDOWS08:20:36.0500 2928 System windows directory: C:\WINDOWS08:20:36.0500 2928 Processor architecture: Intel x8608:20:36.0500 2928 Number of processors: 208:20:36.0500 2928 Page size: 0x100008:20:36.0500 2928 Boot type: Normal boot08:20:36.0500 2928 ============================================================08:20:37.0656 2928 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005408:20:37.0656 2928 ============================================================08:20:37.0656 2928 \Device\Harddisk0\DR0:08:20:37.0656 2928 MBR partitions:08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x232D2B908:20:37.0656 2928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x232D2F8, BlocksNum 0x2DCF22E08:20:37.0656 2928 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50FC526, BlocksNum 0x4415E5C08:20:37.0656 2928 ============================================================08:20:37.0859 2928 E: <-> \Device\Harddisk0\DR0\Partition308:20:37.0890 2928 C: <-> \Device\Harddisk0\DR0\Partition108:20:37.0921 2928 D: <-> \Device\Harddisk0\DR0\Partition208:20:37.0921 2928 ============================================================08:20:37.0921 2928 Initialize success08:20:37.0921 2928 ============================================================08:20:39.0328 2112 ============================================================08:20:39.0328 2112 Scan started08:20:39.0328 2112 Mode: Manual;08:20:39.0328 2112 ============================================================08:20:40.0125 2112 ================ Scan system memory ========================08:20:40.0125 2112 System memory - ok08:20:40.0125 2112 ================ Scan services =============================08:20:40.0187 2112 Abiosdsk - ok08:20:40.0187 2112 abp480n5 - ok08:20:40.0218 2112 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys08:20:40.0218 2112 ACPI - ok08:20:40.0250 2112 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys08:20:40.0250 2112 ACPIEC - ok08:20:40.0312 2112 [ 46A5CBB09B8F0C46F8CBE9210E5E3BE2 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe08:20:40.0328 2112 AcrSch2Svc - ok08:20:40.0328 2112 adpu160m - ok08:20:40.0343 2112 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys08:20:40.0343 2112 aec - ok08:20:40.0390 2112 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys08:20:40.0390 2112 AFD - ok08:20:40.0390 2112 Aha154x - ok08:20:40.0406 2112 aic78u2 - ok08:20:40.0406 2112 aic78xx - ok08:20:40.0453 2112 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll08:20:40.0453 2112 Alerter - ok08:20:40.0468 2112 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe08:20:40.0468 2112 ALG - ok08:20:40.0468 2112 AliIde - ok08:20:40.0484 2112 amsint - ok08:20:40.0531 2112 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe08:20:40.0531 2112 AntiVirSchedulerService - ok08:20:40.0546 2112 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe08:20:40.0546 2112 AntiVirService - ok08:20:40.0578 2112 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll08:20:40.0578 2112 AppMgmt - ok08:20:40.0609 2112 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys08:20:40.0609 2112 Arp1394 - ok08:20:40.0609 2112 asc - ok08:20:40.0625 2112 asc3350p - ok08:20:40.0640 2112 asc3550 - ok08:20:40.0671 2112 [ 20D04091EBA710F6988F710507D85868 ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys08:20:40.0671 2112 Aspi32 - ok08:20:40.0703 2112 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys08:20:40.0703 2112 AsyncMac - ok08:20:40.0718 2112 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys08:20:40.0718 2112 atapi - ok08:20:40.0734 2112 Atdisk - ok08:20:40.0750 2112 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys08:20:40.0750 2112 Atmarpc - ok08:20:40.0765 2112 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll08:20:40.0765 2112 AudioSrv - ok08:20:40.0781 2112 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys08:20:40.0781 2112 audstub - ok08:20:40.0796 2112 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys08:20:40.0796 2112 avgntflt - ok08:20:40.0812 2112 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys08:20:40.0812 2112 avipbb - ok08:20:40.0828 2112 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys08:20:40.0828 2112 avkmgr - ok08:20:40.0859 2112 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys08:20:40.0859 2112 Beep - ok08:20:40.0906 2112 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll08:20:40.0906 2112 BITS - ok08:20:40.0937 2112 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll08:20:40.0937 2112 Browser - ok08:20:40.0968 2112 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys08:20:40.0968 2112 cbidf2k - ok08:20:40.0984 2112 cd20xrnt - ok08:20:41.0000 2112 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys08:20:41.0000 2112 Cdaudio - ok08:20:41.0031 2112 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys08:20:41.0031 2112 Cdfs - ok08:20:41.0046 2112 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys08:20:41.0046 2112 Cdrom - ok08:20:41.0062 2112 Changer - ok08:20:41.0093 2112 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe08:20:41.0093 2112 CiSvc - ok08:20:41.0125 2112 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe08:20:41.0125 2112 ClipSrv - ok08:20:41.0125 2112 CmdIde - ok08:20:41.0140 2112 COMSysApp - ok08:20:41.0156 2112 Cpqarray - ok08:20:41.0187 2112 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll08:20:41.0187 2112 CryptSvc - ok08:20:41.0187 2112 dac2w2k - ok08:20:41.0203 2112 dac960nt - ok08:20:41.0250 2112 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll08:20:41.0250 2112 DcomLaunch - ok08:20:41.0281 2112 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll08:20:41.0296 2112 Dhcp - ok08:20:41.0312 2112 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys08:20:41.0312 2112 Disk - ok08:20:41.0328 2112 dmadmin - ok08:20:41.0375 2112 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys08:20:41.0375 2112 dmboot - ok08:20:41.0406 2112 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys08:20:41.0406 2112 dmio - ok08:20:41.0421 2112 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys08:20:41.0421 2112 dmload - ok08:20:41.0437 2112 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll08:20:41.0437 2112 dmserver - ok08:20:41.0468 2112 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys08:20:41.0468 2112 DMusic - ok08:20:41.0484 2112 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll08:20:41.0484 2112 Dnscache - ok08:20:41.0531 2112 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll08:20:41.0531 2112 Dot3svc - ok08:20:41.0531 2112 dpti2o - ok08:20:41.0546 2112 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys08:20:41.0546 2112 drmkaud - ok08:20:41.0593 2112 [ A8B3EC8EE13CBE14F067C72110155A1B ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys08:20:41.0593 2112 E1000 - ok08:20:41.0625 2112 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll08:20:41.0625 2112 EapHost - ok08:20:41.0656 2112 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys08:20:41.0656 2112 epmntdrv - ok08:20:41.0687 2112 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll08:20:41.0687 2112 ERSvc - ok08:20:41.0703 2112 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys08:20:41.0703 2112 EuGdiDrv - ok08:20:41.0750 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe08:20:41.0750 2112 Eventlog - ok08:20:41.0781 2112 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll08:20:41.0781 2112 EventSystem - ok08:20:41.0812 2112 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys08:20:41.0812 2112 Fastfat - ok08:20:41.0828 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll08:20:41.0843 2112 FastUserSwitchingCompatibility - ok08:20:41.0859 2112 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe08:20:41.0875 2112 Fax - ok08:20:41.0875 2112 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys08:20:41.0875 2112 Fdc - ok08:20:41.0890 2112 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys08:20:41.0890 2112 Fips - ok08:20:41.0906 2112 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys08:20:41.0906 2112 Flpydisk - ok08:20:41.0937 2112 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys08:20:41.0937 2112 FltMgr - ok08:20:41.0937 2112 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys08:20:41.0937 2112 Fs_Rec - ok08:20:41.0953 2112 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys08:20:41.0953 2112 Ftdisk - ok08:20:42.0000 2112 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll08:20:42.0000 2112 getPlusHelper - ok08:20:42.0031 2112 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys08:20:42.0031 2112 Gpc - ok08:20:42.0078 2112 [ 575976CD9F6A60BE788F8AEBAEF44AE5 ] ham50 C:\WINDOWS\system32\DRIVERS\IntelH51.sys08:20:42.0078 2112 ham50 - ok08:20:42.0140 2112 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll08:20:42.0140 2112 helpsvc - ok08:20:42.0171 2112 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys08:20:42.0171 2112 HidUsb - ok08:20:42.0203 2112 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll08:20:42.0203 2112 hkmsvc - ok08:20:42.0218 2112 hpn - ok08:20:42.0250 2112 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys08:20:42.0250 2112 HTTP - ok08:20:42.0281 2112 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll08:20:42.0296 2112 HTTPFilter - ok08:20:42.0296 2112 i2omgmt - ok08:20:42.0312 2112 i2omp - ok08:20:42.0328 2112 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys08:20:42.0328 2112 i8042prt - ok08:20:42.0437 2112 [ 3CA41CDB9C912AED354B0C7ABE4A4654 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys08:20:42.0437 2112 ialm - ok08:20:42.0531 2112 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys08:20:42.0531 2112 Imapi - ok08:20:42.0609 2112 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe08:20:42.0609 2112 ImapiService - ok08:20:42.0671 2112 [ BA316207C794B08F9DF091D69C15732D ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys08:20:42.0703 2112 InCDfs - ok08:20:42.0750 2112 [ 67B66F3E1492BB1D6C4FC85AD70CDC2D ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys08:20:42.0750 2112 InCDPass - ok08:20:42.0781 2112 [ 09DE3DB2C41443049F3B2B7F56F57540 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys08:20:42.0796 2112 InCDrec - ok08:20:42.0812 2112 [ 0755C3F5D7A844E3CF2F1AE770F0F189 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys08:20:42.0828 2112 incdrm - ok08:20:42.0953 2112 [ 45B09DB32DF8D1C8FA26DF54ECB37B8D ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe08:20:42.0968 2112 InCDsrv - ok08:20:42.0968 2112 ini910u - ok08:20:42.0984 2112 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys08:20:42.0984 2112 IntelIde - ok08:20:43.0015 2112 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys08:20:43.0015 2112 intelppm - ok08:20:43.0031 2112 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys08:20:43.0031 2112 Ip6Fw - ok08:20:43.0062 2112 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys08:20:43.0062 2112 IpFilterDriver - ok08:20:43.0078 2112 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys08:20:43.0078 2112 IpInIp - ok08:20:43.0109 2112 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys08:20:43.0109 2112 IpNat - ok08:20:43.0140 2112 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys08:20:43.0140 2112 IPSec - ok08:20:43.0156 2112 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys08:20:43.0156 2112 IRENUM - ok08:20:43.0171 2112 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys08:20:43.0171 2112 isapnp - ok08:20:43.0234 2112 [ 33112D12B95BD1DE18AF409D865DF10C ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys08:20:43.0234 2112 ISWKL - ok08:20:43.0265 2112 [ CFF1CD2C1CC8F5271967AA268982E878 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe08:20:43.0265 2112 IswSvc - ok08:20:43.0312 2112 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe08:20:43.0312 2112 JavaQuickStarterService - ok08:20:43.0328 2112 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys08:20:43.0328 2112 Kbdclass - ok08:20:43.0359 2112 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys08:20:43.0359 2112 kbdhid - ok08:20:43.0375 2112 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys08:20:43.0375 2112 kmixer - ok08:20:43.0390 2112 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys08:20:43.0406 2112 KSecDD - ok08:20:43.0421 2112 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll08:20:43.0421 2112 lanmanserver - ok08:20:43.0468 2112 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll08:20:43.0468 2112 lanmanworkstation - ok08:20:43.0468 2112 Lavasoft Kernexplorer - ok08:20:43.0484 2112 Lbd - ok08:20:43.0500 2112 lbrtfdc - ok08:20:43.0531 2112 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll08:20:43.0531 2112 LmHosts - ok08:20:43.0562 2112 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll08:20:43.0562 2112 Messenger - ok08:20:43.0578 2112 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys08:20:43.0578 2112 mnmdd - ok08:20:43.0609 2112 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe08:20:43.0609 2112 mnmsrvc - ok08:20:43.0640 2112 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys08:20:43.0640 2112 Modem - ok08:20:43.0671 2112 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys08:20:43.0671 2112 MODEMCSA - ok08:20:43.0671 2112 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys08:20:43.0671 2112 Mouclass - ok08:20:43.0703 2112 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys08:20:43.0703 2112 mouhid - ok08:20:43.0734 2112 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys08:20:43.0734 2112 MountMgr - ok08:20:43.0734 2112 mraid35x - ok08:20:43.0765 2112 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys08:20:43.0765 2112 MRxDAV - ok08:20:43.0796 2112 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys08:20:43.0796 2112 MRxSmb - ok08:20:43.0812 2112 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe08:20:43.0812 2112 MSDTC - ok08:20:43.0828 2112 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys08:20:43.0828 2112 Msfs - ok08:20:43.0843 2112 MSIServer - ok08:20:43.0875 2112 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys08:20:43.0875 2112 MSKSSRV - ok08:20:43.0890 2112 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys08:20:43.0890 2112 MSPCLOCK - ok08:20:43.0906 2112 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys08:20:43.0906 2112 MSPQM - ok08:20:43.0937 2112 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys08:20:43.0937 2112 mssmbios - ok08:20:43.0953 2112 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys08:20:43.0968 2112 Mup - ok08:20:44.0000 2112 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll08:20:44.0031 2112 napagent - ok08:20:44.0046 2112 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys08:20:44.0046 2112 NDIS - ok08:20:44.0062 2112 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys08:20:44.0062 2112 NdisTapi - ok08:20:44.0078 2112 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys08:20:44.0078 2112 Ndisuio - ok08:20:44.0093 2112 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys08:20:44.0093 2112 NdisWan - ok08:20:44.0109 2112 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys08:20:44.0109 2112 NDProxy - ok08:20:44.0125 2112 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys08:20:44.0125 2112 NetBIOS - ok08:20:44.0140 2112 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys08:20:44.0140 2112 NetBT - ok08:20:44.0171 2112 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe08:20:44.0171 2112 NetDDE - ok08:20:44.0187 2112 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe08:20:44.0187 2112 NetDDEdsdm - ok08:20:44.0203 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe08:20:44.0203 2112 Netlogon - ok08:20:44.0250 2112 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll08:20:44.0250 2112 Netman - ok08:20:44.0265 2112 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys08:20:44.0265 2112 NIC1394 - ok08:20:44.0312 2112 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll08:20:44.0312 2112 Nla - ok08:20:44.0328 2112 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys08:20:44.0328 2112 nm - ok08:20:44.0359 2112 [ 9865516D33BC66FDDAC9DB4087D4B6AA ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll08:20:44.0359 2112 nosGetPlusHelper - ok08:20:44.0375 2112 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys08:20:44.0375 2112 Npfs - ok08:20:44.0406 2112 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys08:20:44.0437 2112 Ntfs - ok08:20:44.0453 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe08:20:44.0453 2112 NtLmSsp - ok08:20:44.0500 2112 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll08:20:44.0515 2112 NtmsSvc - ok08:20:44.0531 2112 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys08:20:44.0531 2112 Null - ok08:20:44.0562 2112 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys08:20:44.0562 2112 NwlnkFlt - ok08:20:44.0578 2112 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys08:20:44.0578 2112 NwlnkFwd - ok08:20:44.0593 2112 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys08:20:44.0593 2112 ohci1394 - ok08:20:44.0625 2112 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys08:20:44.0625 2112 Parport - ok08:20:44.0640 2112 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys08:20:44.0640 2112 PartMgr - ok08:20:44.0671 2112 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys08:20:44.0671 2112 ParVdm - ok08:20:44.0687 2112 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys08:20:44.0687 2112 PCI - ok08:20:44.0703 2112 PCIDump - ok08:20:44.0703 2112 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys08:20:44.0703 2112 PCIIde - ok08:20:44.0734 2112 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys08:20:44.0734 2112 Pcmcia - ok08:20:44.0796 2112 [ C98CD9EE0012DF72206BD519DB9780D4 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe08:20:44.0796 2112 PCToolsSSDMonitorSvc - ok08:20:44.0812 2112 PDCOMP - ok08:20:44.0828 2112 PDFRAME - ok08:20:44.0828 2112 PDRELI - ok08:20:44.0843 2112 PDRFRAME - ok08:20:44.0843 2112 perc2 - ok08:20:44.0859 2112 perc2hib - ok08:20:44.0890 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe08:20:44.0890 2112 PlugPlay - ok08:20:44.0906 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe08:20:44.0906 2112 PolicyAgent - ok08:20:44.0937 2112 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys08:20:44.0937 2112 PptpMiniport - ok08:20:44.0937 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe08:20:44.0953 2112 ProtectedStorage - ok08:20:44.0953 2112 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys08:20:44.0953 2112 PSched - ok08:20:44.0968 2112 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys08:20:44.0968 2112 Ptilink - ok08:20:44.0984 2112 ql1080 - ok08:20:44.0984 2112 Ql10wnt - ok08:20:45.0000 2112 ql12160 - ok08:20:45.0000 2112 ql1240 - ok08:20:45.0015 2112 ql1280 - ok08:20:45.0031 2112 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys08:20:45.0031 2112 RasAcd - ok08:20:45.0031 2112 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll08:20:45.0031 2112 RasAuto - ok08:20:45.0062 2112 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys08:20:45.0062 2112 Rasl2tp - ok08:20:45.0109 2112 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll08:20:45.0109 2112 RasMan - ok08:20:45.0125 2112 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys08:20:45.0125 2112 RasPppoe - ok08:20:45.0140 2112 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys08:20:45.0140 2112 Raspti - ok08:20:45.0156 2112 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys08:20:45.0156 2112 Rdbss - ok08:20:45.0156 2112 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys08:20:45.0171 2112 RDPCDD - ok08:20:45.0187 2112 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys08:20:45.0187 2112 rdpdr - ok08:20:45.0218 2112 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys08:20:45.0218 2112 RDPWD - ok08:20:45.0234 2112 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe08:20:45.0250 2112 RDSessMgr - ok08:20:45.0265 2112 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys08:20:45.0265 2112 redbook - ok08:20:45.0296 2112 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll08:20:45.0296 2112 RemoteAccess - ok08:20:45.0312 2112 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll08:20:45.0312 2112 RemoteRegistry - ok08:20:45.0328 2112 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe08:20:45.0328 2112 RpcLocator - ok08:20:45.0359 2112 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll08:20:45.0359 2112 RpcSs - ok08:20:45.0375 2112 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe08:20:45.0375 2112 RSVP - ok08:20:45.0390 2112 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe08:20:45.0406 2112 SamSs - ok08:20:45.0406 2112 SBRE - ok08:20:45.0421 2112 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe08:20:45.0421 2112 SCardSvr - ok08:20:45.0453 2112 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll08:20:45.0453 2112 Schedule - ok08:20:45.0484 2112 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys08:20:45.0484 2112 Secdrv - ok08:20:45.0500 2112 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll08:20:45.0500 2112 seclogon - ok08:20:45.0546 2112 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys08:20:45.0562 2112 senfilt - ok08:20:45.0578 2112 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll08:20:45.0578 2112 SENS - ok08:20:45.0593 2112 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys08:20:45.0593 2112 serenum - ok08:20:45.0609 2112 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys08:20:45.0609 2112 Serial - ok08:20:45.0640 2112 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys08:20:45.0640 2112 Sfloppy - ok08:20:45.0671 2112 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll08:20:45.0687 2112 SharedAccess - ok08:20:45.0703 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll08:20:45.0703 2112 ShellHWDetection - ok08:20:45.0718 2112 Simbad - ok08:20:45.0750 2112 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys08:20:45.0765 2112 smwdm - ok08:20:45.0796 2112 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys08:20:45.0796 2112 snapman - ok08:20:45.0812 2112 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS08:20:45.0812 2112 SONYPVU1 - ok08:20:45.0828 2112 Sparrow - ok08:20:45.0843 2112 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys08:20:45.0843 2112 splitter - ok08:20:45.0875 2112 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe08:20:45.0875 2112 Spooler - ok08:20:45.0890 2112 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys08:20:45.0906 2112 sr - ok08:20:45.0921 2112 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll08:20:45.0921 2112 srservice - ok08:20:45.0968 2112 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys08:20:45.0968 2112 Srv - ok08:20:45.0984 2112 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll08:20:45.0984 2112 SSDPSRV - ok08:20:46.0015 2112 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys08:20:46.0015 2112 ssmdrv - ok08:20:46.0062 2112 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll08:20:46.0062 2112 stisvc - ok08:20:46.0093 2112 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys08:20:46.0093 2112 swenum - ok08:20:46.0109 2112 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys08:20:46.0109 2112 swmidi - ok08:20:46.0125 2112 SwPrv - ok08:20:46.0140 2112 symc810 - ok08:20:46.0140 2112 symc8xx - ok08:20:46.0156 2112 sym_hi - ok08:20:46.0156 2112 sym_u3 - ok08:20:46.0171 2112 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys08:20:46.0187 2112 sysaudio - ok08:20:46.0203 2112 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe08:20:46.0203 2112 SysmonLog - ok08:20:46.0234 2112 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll08:20:46.0234 2112 TapiSrv - ok08:20:46.0265 2112 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys08:20:46.0265 2112 Tcpip - ok08:20:46.0296 2112 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys08:20:46.0296 2112 TDPIPE - ok08:20:46.0312 2112 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys08:20:46.0312 2112 TDTCP - ok08:20:46.0343 2112 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys08:20:46.0343 2112 TermDD - ok08:20:46.0359 2112 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll08:20:46.0375 2112 TermService - ok08:20:46.0390 2112 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll08:20:46.0390 2112 Themes - ok08:20:46.0421 2112 [ B84B82C0CBEB1B0D7EB7A946BADE5830 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys08:20:46.0421 2112 tifsfilter - ok08:20:46.0437 2112 [ 74711884439BDF9CCF446C79CB05FAC0 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys08:20:46.0453 2112 timounter - ok08:20:46.0484 2112 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe08:20:46.0484 2112 TlntSvr - ok08:20:46.0484 2112 TosIde - ok08:20:46.0500 2112 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll08:20:46.0500 2112 TrkWks - ok08:20:46.0531 2112 [ ACEB4F4F83B895E15C8C1A2F55009783 ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys08:20:46.0531 2112 truecrypt - ok08:20:46.0546 2112 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys08:20:46.0562 2112 TrueSight - ok08:20:46.0593 2112 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys08:20:46.0593 2112 Udfs - ok08:20:46.0593 2112 ultra - ok08:20:46.0625 2112 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys08:20:46.0640 2112 Update - ok08:20:46.0656 2112 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll08:20:46.0671 2112 upnphost - ok08:20:46.0671 2112 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe08:20:46.0687 2112 UPS - ok08:20:46.0703 2112 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys08:20:46.0703 2112 usbccgp - ok08:20:46.0734 2112 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys08:20:46.0734 2112 usbehci - ok08:20:46.0734 2112 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys08:20:46.0734 2112 usbhub - ok08:20:46.0765 2112 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys08:20:46.0765 2112 usbscan - ok08:20:46.0781 2112 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS08:20:46.0781 2112 USBSTOR - ok08:20:46.0796 2112 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys08:20:46.0796 2112 usbuhci - ok08:20:46.0812 2112 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys08:20:46.0812 2112 VgaSave - ok08:20:46.0828 2112 ViaIde - ok08:20:46.0828 2112 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys08:20:46.0828 2112 VolSnap - ok08:20:46.0875 2112 [ E0743BBE28AD2C310698148C75333729 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys08:20:46.0890 2112 Vsdatant - ok08:20:46.0906 2112 vsmon - ok08:20:46.0937 2112 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe08:20:46.0937 2112 VSS - ok08:20:46.0984 2112 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll08:20:46.0984 2112 W32Time - ok08:20:47.0031 2112 [ F0BDC2B474E26117EE77BFDBA051FB3C ] W8335XP C:\WINDOWS\system32\DRIVERS\Mrvw125.sys08:20:47.0031 2112 W8335XP - ok08:20:47.0046 2112 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys08:20:47.0046 2112 Wanarp - ok08:20:47.0062 2112 WDICA - ok08:20:47.0078 2112 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys08:20:47.0078 2112 wdmaud - ok08:20:47.0109 2112 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll08:20:47.0109 2112 WebClient - ok08:20:47.0171 2112 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll08:20:47.0171 2112 winmgmt - ok08:20:47.0218 2112 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll08:20:47.0218 2112 WmdmPmSN - ok08:20:47.0265 2112 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll08:20:47.0265 2112 Wmi - ok08:20:47.0281 2112 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe08:20:47.0281 2112 WmiApSrv - ok08:20:47.0328 2112 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll08:20:47.0328 2112 wscsvc - ok08:20:47.0375 2112 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll08:20:47.0375 2112 wuauserv - ok08:20:47.0406 2112 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll08:20:47.0421 2112 WZCSVC - ok08:20:47.0453 2112 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll08:20:47.0453 2112 xmlprov - ok08:20:47.0468 2112 ================ Scan global ===============================08:20:47.0500 2112 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll08:20:47.0531 2112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll08:20:47.0531 2112 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll08:20:47.0546 2112 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe08:20:47.0562 2112 [Global] - ok08:20:47.0562 2112 ================ Scan MBR ==================================08:20:47.0593 2112 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR008:20:47.0734 2112 \Device\Harddisk0\DR0 - ok08:20:47.0734 2112 ================ Scan VBR ==================================08:20:47.0750 2112 [ 0400AE14AB0914DB997F5CDE2A347C0E ] \Device\Harddisk0\DR0\Partition108:20:47.0750 2112 \Device\Harddisk0\DR0\Partition1 - ok08:20:47.0765 2112 [ 377E80364CDE6122C2B890ABB0DDFCBC ] \Device\Harddisk0\DR0\Partition208:20:47.0765 2112 \Device\Harddisk0\DR0\Partition2 - ok08:20:47.0796 2112 [ 6F620A36A6DCDDB5AF4390CDA7EF4011 ] \Device\Harddisk0\DR0\Partition308:20:47.0796 2112 \Device\Harddisk0\DR0\Partition3 - ok08:20:47.0796 2112 ============================================================08:20:47.0796 2112 Scan finished08:20:47.0796 2112 ============================================================08:20:47.0812 1612 Detected object count: 008:20:47.0812 1612 Actual detected object count: 0 Link to post Share on other sites More sharing options...
gumdrop Posted December 16, 2012 Author ID:623801 Share Posted December 16, 2012 Should I delete the items found in Rogue Killer Link to post Share on other sites More sharing options...
gumdrop Posted December 16, 2012 Author ID:623812 Share Posted December 16, 2012 I forgot to add that in Resident in spybot SD help was checked. Tea Timer was notwhen I followed your instructions regarding spybot. Therefore I changed nothing in spybot beyond dis-abling tea timer. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 16, 2012 ID:623884 Share Posted December 16, 2012 Note: Always wait for my reply and guidance and do not do any fixes on your own.There is only 1 entry that needs attention in RogueKiller:Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsPlease disconnect any USB or external drives from the computer before you run this scan!Start RogueKiller .Wait until Prescan finishes.On the RogueKiller console, click the Registry tab.Put a check next to this 1 item only and uncheck the rest: (if found)[HJ] HKLM\[...]\SystemRestore : DisableSR (1) Then click on Delete on the right hand column under Options.When done, logoff & Restart the system.The log will be found as RKreportCopy & Paste the contents into next reply.NOTE: I need for you to check with ZoneAlarm/Checkpoint as to whether the version of PRO that you have does or does not hava antivirus !!If your ZoneAlarm PRO has an antivirus component, then you will need to uninstall Avira antivirus.Having more than 1 active-monitor antivirus will lead to deadlocks and conflicts. Link to post Share on other sites More sharing options...
gumdrop Posted December 17, 2012 Author ID:624121 Share Posted December 17, 2012 Thanks again for your help. Have I been in error in using tea timer ? Was any data actually stolen ?RogueKiller V8.4.0 [Dec 15 2012] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Administrator [Admin rights]Mode : Remove -- Date : 12/17/2012 07:06:30¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF7AA4CAC)SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xF7AA4C66)SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0xF7AA4C5C)SSDT[63] : NtDeleteKey @ 0x80599777 -> HOOKED (Unknown @ 0xF7AA4C6B)SSDT[65] : NtDeleteValueKey @ 0x80598396 -> HOOKED (Unknown @ 0xF7AA4C75)SSDT[98] : NtLoadKey @ 0x805D5235 -> HOOKED (Unknown @ 0xF7AA4C7A)SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xF7AA4CCF)SSDT[193] : NtReplaceKey @ 0x806571D6 -> HOOKED (Unknown @ 0xF7AA4C84)SSDT[204] : NtRestoreKey @ 0x80656D6D -> HOOKED (Unknown @ 0xF7AA4C7F)SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0xF7AA4CBB)SSDT[237] : NtSetSecurityObject @ 0x8059DDD3 -> HOOKED (Unknown @ 0xF7AA4CC5)SSDT[247] : NtSetValueKey @ 0x80580090 -> HOOKED (Unknown @ 0xF7AA4C70)S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7AA4CDE)S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7AA4CE3)¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD800JD-08LSA0 +++++--- User ---[MBR] 3262568dc9d189ef5bea61906495ad37[bSP] 49cdaa68ee98ee3c32955765d6f227b6 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 18010 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 36885240 | Size: 23454 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 84919590 | Size: 34859 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[3]_D_12172012_02d0706.txt >>RKreport[1]_S_12162012_02d0816.txt ; RKreport[2]_S_12172012_02d0705.txt ; RKreport[3]_D_12172012_02d0706.txt Link to post Share on other sites More sharing options...
gumdrop Posted December 17, 2012 Author ID:624124 Share Posted December 17, 2012 Checkpoint confirms that Zonealarm Pro is a firewall only, with no anti-virus element Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 17, 2012 ID:624221 Share Posted December 17, 2012 Like I noted before, Tea Timer must stay OFF while we do fixing and cleaning....otherwise it will interfere and revert fixes.Unless you are yourself more familiar with it, I'd suggest you not have it on in the future.Safer pc-usage practices and safer web-practices by you will help to lessen odds of future infection.You can use Spybot in the future, as an on-demand tool.As to what and if anything was stolen, I cannot guesstimate at this point.For now, do these next. There will be more later, as we are not done.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If your antivirus program gives a prompt message, respond positive to allow RKILL to run.If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILLIF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlStep 2Logoff and Restart the system fresh.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallIf you have a prior copy of Combofix, delete it now !Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop. Link 1 Link 2* IMPORTANT !!! SAVE AS Combo-Fix.exe to your DesktopIf your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on Combo-Fix.exe accept the EULA & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.------------------------------------------------------- A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. Notes:[1] IF after Combofix reboot you get the message Illegal operation attempted on registry key that has been marked for deletion....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.[2] Do not mouseclick combofix's window nor run any program while Combofix is running.That may cause it to stall.[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ? RE-Enable your AntiVirus application. Link to post Share on other sites More sharing options...
gumdrop Posted December 17, 2012 Author ID:624245 Share Posted December 17, 2012 Rkill 2.4.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 12/17/2012 04:57:32 PM in x86 mode.Windows Version: Microsoft Windows XP Service Pack 3Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * C:\WINDOWS\system32\igfxtray.exe (PID: 1440) [WD-HEUR] * C:\WINDOWS\system32\hkcmd.exe (PID: 1500) [WD-HEUR]2 proccesses terminated!Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKLM\Software\Classes\.exe\shell found and deleted!Performing miscellaneous checks: * No issues found.Checking Windows Service Integrity: * System Restore Service (srservice) is not Running. Startup Type set to: Automatic * System Restore Filter Driver (sr) is not Running. Startup Type set to: Disabled * HidServ [Missing ServiceDLL Value]Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * Cannot edit the HOSTS file. * Permissions Fixed. Administrators can now edit the HOSTS file. * HOSTS file entries found: 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 20 out of 14988 HOSTS entries shown. Please review HOSTS file for further entries.Program finished at: 12/17/2012 04:58:11 PMExecution time: 0 hours(s), 0 minute(s), and 39 seconds(s) Link to post Share on other sites More sharing options...
gumdrop Posted December 17, 2012 Author ID:624302 Share Posted December 17, 2012 Can not get Combofix to work. Downloaded with changed name, firewall and anti-virus disabled, clicked run, tried to make restore point, found recovery not installed, installed, ok.Then 3 lines of text on a blue background.Scanning for infected files,Typically ....10 minsBadly infected........doubleand then the PC freezes and need to power off on tower.Used Link 1, Link 2 seemed in code Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 17, 2012 ID:624303 Share Posted December 17, 2012 No, please do NOT try any restore operation.What is the name of Combofix.exe on your Desktop?Look at my instructions closer and you should be able to start it.Make sure you agree to the EULA and watch it as it starts for the 1st few minutes. Link to post Share on other sites More sharing options...
gumdrop Posted December 17, 2012 Author ID:624352 Share Posted December 17, 2012 Combo-fix.exe Link to post Share on other sites More sharing options...
gumdrop Posted December 17, 2012 Author ID:624368 Share Posted December 17, 2012 Hi..........I didn't try to restore, combo-fix on its blue dialog box said that was what it was trying to do, to set a new restore point. It has installed recovery because that now shows at each logon. After that it seems to stall, the clock in the bottom right stops working. I left the first scan for 50 mins, I will try tomorrow for longer.I am getting concerned about the data that might be being removed and would like your advice on immediate precautions. Would changing passwords now work or would the new password be stolen as its changed.And would it be appropriate to use a previous Acronis backup from before the infection to get rid of any problem. The problem then is that I would never know what had hit me and what I might have lost.Your advice please. Link to post Share on other sites More sharing options...
gumdrop Posted December 18, 2012 Author ID:624475 Share Posted December 18, 2012 I ran 2 scans over night. The first started as described above and the windows clock stopped 1 min after combo-fix said it was scanning. Left it for 2 hours with no result. PC frozen. At 07.16 this morning I deleted combo-fix and downloaded it again and changed its name before it downloaded. Turned off avira and left ZA running. Again combo tried to make a new restore point and told me it was scanning. I allowed all ZA alerts and the scan continued for 95mins before the monitor shutdown kicked in and froze the PC. Up to that time windows clock was running. I will try again leaving more time before the monitor turns itself off. In the blue combo screen nothing was added after the note that saying heavily infected computers took a long time to scan. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 18, 2012 ID:624505 Share Posted December 18, 2012 As to changing of passwords, ONLY do that for online passwords but using another but clean system.In other words, if you do change passwords, you must do it using a clean system !.As to restoration by using Acronis, you may consider that.... IF you have a full system image from a known good backup.Let me know what you decide.Please stop trying to run any more Combofix. If needed, we could run other tools.BTWCombofix will at the start, try to save a system restore point IF Windows System restore service is available.And on XP systems, it will attempt to install the XP Recovery Console at the beginning.Also that last "note" you mentioned is just general information, and not necessarily something specific to your system.Other notes:IF this system is a notebook system (or laptop) it is a good practice to have it powered directly to a UPS system or to wall-electric power.And as to ZoneAlarm, I personnaly would have disabled ZA & just turned on the Windows firewall service.ZA adds more complications in these situations. Link to post Share on other sites More sharing options...
gumdrop Posted December 18, 2012 Author ID:624510 Share Posted December 18, 2012 Thanks for the response. If we can check the problem that would be good as it might indicate any data that has been taken. I have started changing passwords on a separate netbook. I have tried getting combo to run all day, the last time it asked ZA to allow Catchme and then mbr.3XE. The windows clock froze at that time, The cursor is still alive in the blue combo box but nothing is happening. As much as possible I am keeping the infected machine disabled from the internet. Please let me know what we can try next. I all fails I do have a clean acronis image but it will be a couple of months old. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 18, 2012 ID:624521 Share Posted December 18, 2012 IF Combofix has been "running" and it has been more than an hour.....try CTRL+ALT+DEL to stop and reboot the system.run the Microsoft Windows Defender Offline. This is an "offline" tool that you boot the pc with and scan your system for malware.To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and then download and run the tool—the tool will help you create the removable media.The basic sequence of steps area) Download and SAVE the tool to a unique folder/location on your pc b) Create the CD/DVD/USB-flash drive with toolc) Set pc to boot from the offline mediad) Place media in & restart systeme) Run the tool. Have infinite patience & have it scan the entire system. Remove any malware that is found.Download & info link http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offlineThe frequently asked questions for this tool http://windows.microsoft.com/en-US/windows/windows-defender-offline-faqAnother How-to article on WDO http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html Link to post Share on other sites More sharing options...
gumdrop Posted December 18, 2012 Author ID:624544 Share Posted December 18, 2012 Thanks again but still not a lot of luck. I created media on a usb flash drive and defender was happy with the creation. Set the PC running and a black screen with a blue windows logo came up, the usb flashing away. After 5 mins an error message came up 0x0000005D telling me to hold down the power button as the system needed to re-start. I decided to re install the tool but instead of re-formatting defender just added 68mb of data and again said it was happy. Again after 5 mins the same error message to restart. I thought of trying it via DVD but that requires yet more software to be used. What would you advise. I will not have time untill early tomorrow to try again...Thanks Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 18, 2012 ID:624555 Share Posted December 18, 2012 Are you sure you set the pc's BIOS boot sequence to boot 1st from USB?and then put the USB flash in the drive?and then powered up the pc, fresh? Link to post Share on other sites More sharing options...
gumdrop Posted December 18, 2012 Author ID:624589 Share Posted December 18, 2012 No I was using F12. Boot sequence does not have flash drive, just diskette, hdd, cdrom, integrated NIC.F12 does have flash drive, I guess I will need to download software and use cdrom ? Link to post Share on other sites More sharing options...
gumdrop Posted December 19, 2012 Author ID:624835 Share Posted December 19, 2012 Created DVD successfully and changed startup to cd-rom. Booted up, asked to hit any key to boot from CD-rom, ok, black screen blue logo, 5 mins and error code as before, push button to power down PC. Windows is password protected, do I need to change that ? Link to post Share on other sites More sharing options...
gumdrop Posted December 19, 2012 Author ID:624867 Share Posted December 19, 2012 Hi.................As the infected PC is not being used for anything at present and is disconnected from the internet I have un-installed both Antivir & Zonealarm. Booting from Defenders media as you set out is still not working, 5mins and its asking for a restart. Link to post Share on other sites More sharing options...
Recommended Posts