Jump to content

PUM Hijack Taskmaster, Please Help


Recommended Posts

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Link to post
Share on other sites

<div>

<div>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2013</div>

<div>Ran by BOSS (administrator) on 12-06-2013 00:42:39</div>

<div>Running from D:\My Documents\Downloads</div>

<div>Microsoft Windows XP Service Pack 3, v.3264 (X86) OS Language: English(US)</div>

<div>Internet Explorer Version 6</div>

<div>Boot Mode: Normal</div>

<div> </div>

<div>==================== Processes (Whitelisted) ===================</div>

<div> </div>

<div>(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe</div>

<div>(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe</div>

<div>(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe</div>

<div>(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe</div>

<div>(Google) C:\Program Files\Google\Google Talk\googletalk.exe</div>

<div>(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</div>

<div>(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE</div>

<div>(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe</div>

<div>(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe</div>

<div>(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe</div>

<div>() C:\Program Files\DivX\DivX Update\DivXUpdate.exe</div>

<div>(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe</div>

<div>(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe</div>

<div>(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe</div>

<div>(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe</div>

<div>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe</div>

<div>(Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe</div>

<div>(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe</div>

<div>(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe</div>

<div>(Realtek Semiconductor Corp.) C:\DOCUME~1\BOSS\LOCALS~1\Temp\RtkBtMnt.exe</div>

<div>(Microsoft Corporation) C:\system32\SystemProtection.exe</div>

<div>(Microsoft Corporation) C:\WINDOWS\System32\WScript.exe</div>

<div>(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</div>

<div>(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup</div>

<div> </div>

<div>==================== Registry (Whitelisted) ==================</div>

<div> </div>

<div>HKLM\...\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)</div>

<div>HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)</div>

<div>HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]</div>

<div>HKLM\...\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe [94208 2008-07-03] (sonix)</div>

<div>HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [x]</div>

<div>HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x]</div>

<div>HKLM\...\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-18] (Realtek Semiconductor Corp.)</div>

<div>HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)</div>

<div>HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]</div>

<div>HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)</div>

<div>HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)</div>

<div>HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [x]</div>

<div>HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)</div>

<div>HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()</div>

<div>HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-30] ()</div>

<div>HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)</div>

<div>HKLM\...\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [738984 2012-11-22] (Check Point Software Technologies)</div>

<div>HKLM\...\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)</div>

<div>HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)</div>

<div>HKLM\...\Policies\Explorer\Run: [updates] "C:\system32\SystemProtection.exe" /e:VBScript.Encode "C:\kernel\r00t3r" [x]</div>

<div>HKCU\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED [802136 2013-06-10] (BitTorrent Inc.)</div>

<div>HKCU\...\Run: [tmp]  [x]</div>

<div>HKCU\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</div>

<div>HKCU\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)</div>

<div>HKCU\...\Policies\system: [disabletaskmgr] 1</div>

<div>HKCU\...\Policies\system: [DisableRegistryTools] 0</div>

<div>MountPoints2: {1888800c-fcd1-11df-a792-00262d62face} - G:\eer6ril9.exe</div>

<div>MountPoints2: {1d0bc11e-0b8d-11e0-a79b-ac06d30302b2} - G:\AutoRun.exe</div>

<div>MountPoints2: {1d0bc121-0b8d-11e0-a79b-ac06d30302b2} - G:\AutoRun.exe</div>

<div>MountPoints2: {1f2e699e-2e58-11e0-a7bd-b49e86132851} - G:\AutoRun.exe</div>

<div>MountPoints2: {287f1621-8b53-11e2-9e14-8cb1ef59c379} - I:\.\Setup.exe AUTORUN=1</div>

<div>MountPoints2: {423c849c-5940-11e0-a7e2-00262d62face} - H:\urDrive.exe</div>

<div>MountPoints2: {5676ef9d-1747-11df-b2a7-806d6172696f} - E:\setupSNK.exe</div>

<div>MountPoints2: {584c3f96-18f4-11e0-a7a6-bc2367740bb3} - G:\AutoRun.exe</div>

<div>MountPoints2: {ae5856ec-9168-11e2-9e1b-00262d62face} - H:\AutoRun.exe</div>

<div>MountPoints2: {ae5856f0-9168-11e2-9e1b-00262d62face} - H:\AutoRun.exe</div>

<div>MountPoints2: {b8bec3e8-348e-11e0-a7c0-ab0b650f2362} - G:\AutoRun.exe</div>

<div>MountPoints2: {c417d84c-0d4c-11e0-a79f-8001353a7426} - G:\AutoRun.exe</div>

<div>HKU\Administrator\...\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe [ 2010-01-07] (Symantec Corporation)</div>

<div>HKU\Default User\...\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe [ 2010-01-07] (Symantec Corporation)</div>

<div>Lsa: [Authentication Packages] msv1_0 nwprovau</div>

<div>Lsa: [Notification Packages] scecli scecli</div>

<div>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk</div>

<div>ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)</div>

<div> </div>

<div>==================== Internet (Whitelisted) ====================</div>

<div> </div>

<div>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=0f120a7f217c49ad8d074164ad8c6d69&tu=10GA0008U2B0008&sku=&tstsId=&ver=&</div>

<div>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie</div>

<div>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com</div>

<div>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home</div>

<div>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</div>

<div>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</div>

<div>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</div>

<div>HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm</div>

<div>URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.</div>

<div>SearchScopes: HKLM - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = </div>

<div>SearchScopes: HKLM - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = </div>

<div>HKCU SearchScopes: DefaultScope {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL = </div>

<div>SearchScopes: HKCU - {1333003B-93C6-4947-9C70-B9809696ED05} URL = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}</div>

<div>SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL = </div>

<div>SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={AE2D0EEC-B1FE-4429-B975-F5F0F7B156E9}&mid=&lang=en&ds=hk011&pr=sa&d=2012-09-08 22:43:31&v=12.1.0.20&sap=dsp&q={searchTerms}</div>

<div>SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468</div>

<div>SearchScopes: HKCU - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb</div>

<div>BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</div>

<div>BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)</div>

<div>BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)</div>

<div>BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File</div>

<div>BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div>

<div>BHO: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} -  No File</div>

<div>BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)</div>

<div>BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)</div>

<div>BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div>

<div>Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)</div>

<div>Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)</div>

<div>Toolbar: HKCU -No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File</div>

<div>Handler: ipp - No CLSID Value - </div>

<div>Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File</div>

<div>Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)</div>

<div>Handler: msdaipp - No CLSID Value - </div>

<div>Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File</div>

<div>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)</div>

<div>Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)</div>

<div>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</div>

<div>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</div>

<div> </div>

<div>FireFox:</div>

<div>========</div>

<div>FF ProfilePath: C:\Documents and Settings\BOSS\Application Data\Mozilla\Firefox\Profiles\5mwlzyk8.default</div>

<div>FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_75.dll ()</div>

<div>FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div>

<div>FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()</div>

<div>FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)</div>

<div>FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div>

<div>FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div>

<div>FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div>

<div>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File</div>

<div>FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>

<div>FF Extension: Iplex to ALLPlayer - C:\Documents and Settings\BOSS\Application Data\Mozilla\Firefox\Profiles\5mwlzyk8.default\Extensions\IplextoALL@ALLPlayer.org</div>

<div>FF Extension: No Name - C:\Documents and Settings\BOSS\Application Data\Mozilla\Firefox\Profiles\5mwlzyk8.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}</div>

<div>FF Extension: Спутник @Mail.Ru - C:\Documents and Settings\BOSS\Application Data\Mozilla\Firefox\Profiles\5mwlzyk8.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}(2)</div>

<div>FF Extension: uTorrentControl_v2  - C:\Documents and Settings\BOSS\Application Data\Mozilla\Firefox\Profiles\5mwlzyk8.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}</div>

<div> </div>

<div>Chrome: </div>

<div>=======</div>

<div>CHR HomePage: hxxp://www.ask.com/?l=dis&o=APN10251cr&gct=hp</div>

<div>CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.b1.org/?bsrc=hrcor", "hxxp://isearch.babylon.com/?affID=120296&babsrc=HP_ss&mntrId=7c2d7688000000000000000d60ab0828", "hxxp://websearch.helpmefindyour.info/?pid=317&r=2013/03/19&hid=3301837703&lg=EN&cc=TN", "hxxp://search.filebulldog.com/vmn/4E2C0B563A94D623A22CBE5163D45CD9", "hxxp://www.searchnu.com/406?appid=484", "hxxp://fr.msn.com/?pc=UP21&ocid=UP21DHP&dt=052313"</div>

<div>CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</div>

<div>CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</div>

<div>CHR Plugin: (Remoting Viewer) - internal-remoting-viewer</div>

<div>CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()</div>

<div>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()</div>

<div>CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File</div>

<div>CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File</div>

<div>CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)</div>

<div>CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File</div>

<div>CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File</div>

<div>CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)</div>

<div>CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File</div>

<div>CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)</div>

<div>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)</div>

<div>CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File</div>

<div>CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)</div>

<div>CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)</div>

<div>CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)</div>

<div>CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div>

<div>CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll No File</div>

<div>CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File</div>

<div>CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File</div>

<div>CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File</div>

<div>CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File</div>

<div>CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File</div>

<div>CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div>

<div>CHR Extension: (Angry Birds) - C:\Documents and Settings\BOSS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0</div>

<div>CHR Extension: (YouTube) - C:\Documents and Settings\BOSS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0</div>

<div>CHR Extension: (GeoGebra) - C:\Documents and Settings\BOSS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee\4.2.0.0_0</div>

<div>CHR Extension: (Google Search) - C:\Documents and Settings\BOSS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0</div>

<div>CHR Extension: (The Fancy Pants Adventure: World 3) - C:\Documents and Settings\BOSS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbcngjbohcohhdbfabkbmccchfflfnnn\1.5.1_0</div>

<div>CHR Extension: (Translation Bar) - C:\Documents and Settings\BOSS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\innppdgohibodgdhonllhfggjddbplgb\1.11</div>

<div>CHR Extension: (Gmail) - C:\Documents and Settings\BOSS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1</div>

<div> </div>

<div>========================== Services (Whitelisted) =================</div>

<div> </div>

<div>R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)</div>

<div>S2 gupdate1cac3e2ce595d4e; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-03-15] (Google Inc.)</div>

<div>R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-22] (Check Point Software Technologies)</div>

<div>R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2007-11-30] (Microsoft Corporation)</div>

<div>R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)</div>

<div>S2 ACS; C:\WINDOWS\system32\acs.exe [x]</div>

<div>R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]</div>

<div> </div>

<div>==================== Drivers (Whitelisted) ====================</div>

<div> </div>

<div>S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-06] (Creative)</div>

<div>R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1570240 2009-06-03] (Atheros Communications, Inc.)</div>

<div>R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)</div>

<div>R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)</div>

<div>R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)</div>

<div>R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()</div>

<div>R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)</div>

<div>R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)</div>

<div>R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)</div>

<div>R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()</div>

<div>S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2007-11-30] (Microsoft Corporation)</div>

<div>R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-10-08] (DT Soft Ltd)</div>

<div>R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider)</div>

<div>S3 hspa_zi_cdc_acm; C:\Windows\System32\DRIVERS\hspa_zi_cdc_acm.sys [67968 2012-02-14] (HSPA)</div>

<div>S3 hspa_zi_cdc_ecm; C:\Windows\System32\DRIVERS\hspa_zi_cdc_ecm.sys [32768 2012-02-14] (HSPA)</div>

<div>S3 hspa_zi_ecm_enum; C:\Windows\System32\DRIVERS\hspa_zi_ecm_enum.sys [47488 2012-02-14] (HSPA)</div>

<div>S3 hspa_zi_ecm_enum_filter; C:\Windows\System32\DRIVERS\hspa_zi_ecm_enum_filter.sys [47488 2012-02-14] (HSPA)</div>

<div>R3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [39656 2012-07-24] (AnchorFree Inc.)</div>

<div>S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [91136 2013-03-08] (Huawei Technologies Co., Ltd.)</div>

<div>R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-22] (Check Point Software Technologies)</div>

<div>R3 k57w2k; C:\Windows\System32\DRIVERS\k57xp32.sys [186880 2008-09-03] (Broadcom Corporation)</div>

<div>S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)</div>

<div>S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2007-11-30] (Microsoft Corporation)</div>

<div>S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2007-11-30] (Microsoft Corporation)</div>

<div>R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2007-11-30] (Microsoft Corporation)</div>

<div>R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)</div>

<div>R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)</div>

<div>R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2007-11-30] (Microsoft Corporation)</div>

<div>S3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [158720 2008-10-07] (Realtek Semiconductor Corp.)</div>

<div>S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2007-11-30] (Microsoft Corporation)</div>

<div>R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1754368 2008-09-11] ()</div>

<div>S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2007-11-30] (Microsoft Corporation)</div>

<div>S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-07-24] (AnchorFree Inc)</div>

<div>R1 Vsdatant; C:\Windows\System32\vsdatant.sys [527848 2013-03-27] (Check Point Software Technologies LTD)</div>

<div>S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2007-11-30] (Microsoft Corporation)</div>

<div>S4 Abiosdsk; No ImagePath</div>

<div>S4 abp480n5; No ImagePath</div>

<div>S4 adpu160m; No ImagePath</div>

<div>S4 Aha154x; No ImagePath</div>

<div>S4 aic78u2; No ImagePath</div>

<div>S4 aic78xx; No ImagePath</div>

<div>S4 AliIde; No ImagePath</div>

<div>S4 amsint; No ImagePath</div>

<div>S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [x]</div>

<div>S4 asc; No ImagePath</div>

<div>S4 asc3350p; No ImagePath</div>

<div>S4 asc3550; No ImagePath</div>

<div>S4 Atdisk; No ImagePath</div>

<div>S3 btaudio; system32\drivers\btaudio.sys [x]</div>

<div>S3 BTDriver; system32\DRIVERS\btport.sys [x]</div>

<div>S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [x]</div>

<div>S3 btwhid; system32\DRIVERS\btwhid.sys [x]</div>

<div>S3 BTWUSB; System32\Drivers\btwusb.sys [x]</div>

<div>S4 cd20xrnt; No ImagePath</div>

<div>S1 Changer; No ImagePath</div>

<div>S4 CmdIde; No ImagePath</div>

<div>S4 Cpqarray; No ImagePath</div>

<div>U4 dac2w2k; No ImagePath</div>

<div>S4 dac960nt; No ImagePath</div>

<div>S4 dpti2o; No ImagePath</div>

<div>S3 flash; \??\E:\INSTALL\BIOS_ACER_1.25_Windows_Aspire 5738\Winflash32\flash.sys [x]</div>

<div>S4 hpn; No ImagePath</div>

<div>S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]</div>

<div>S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]</div>

<div>S1 i2omgmt; No ImagePath</div>

<div>S4 i2omp; No ImagePath</div>

<div>S4 ini910u; No ImagePath</div>

<div>S4 IntelIde; No ImagePath</div>

<div>S1 lbrtfdc; No ImagePath</div>

<div>S4 mraid35x; No ImagePath</div>

<div>S1 PCIDump; No ImagePath</div>

<div>S3 PDCOMP; No ImagePath</div>

<div>S3 PDFRAME; No ImagePath</div>

<div>S3 PDRELI; No ImagePath</div>

<div>S3 PDRFRAME; No ImagePath</div>

<div>S4 perc2; No ImagePath</div>

<div>S4 perc2hib; No ImagePath</div>

<div>S4 ql1080; No ImagePath</div>

<div>S4 Ql10wnt; No ImagePath</div>

<div>S4 ql12160; No ImagePath</div>

<div>S4 ql1240; No ImagePath</div>

<div>S4 ql1280; No ImagePath</div>

<div>S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [x]</div>

<div>S4 Simbad; No ImagePath</div>

<div>S4 Sparrow; No ImagePath</div>

<div>S4 symc810; No ImagePath</div>

<div>S4 symc8xx; No ImagePath</div>

<div>S4 sym_hi; No ImagePath</div>

<div>S4 sym_u3; No ImagePath</div>

<div>S4 TosIde; No ImagePath</div>

<div>S4 ultra; No ImagePath</div>

<div>S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [x]</div>

<div>S4 ViaIde; No ImagePath</div>

<div>S3 WDICA; No ImagePath</div>

<div>U1 WS2IFSL; </div>

<div>S3 WSIMD; system32\DRIVERS\wsimd.sys [x]</div>

<div>S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]</div>

<div>S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]</div>

<div>S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]</div>

<div> </div>

<div>==================== NetSvcs (Whitelisted) ===================</div>

<div> </div>

<div> </div>

<div>==================== One Month Created Files and Folders ========</div>

<div> </div>

<div>2013-06-12 00:41 - 2013-06-12 00:41 - 00000000 ___DC C:\FRST</div>

<div>2013-06-11 17:13 - 2013-06-11 17:13 - 00033095 ____A C:\Documents and Settings\BOSS\Desktop\mbam-log-2013-01-02 (16-13-44).zip</div>

<div>2013-06-11 10:51 - 2013-06-11 19:34 - 00000000 ___RD C:\Program Files\Skype</div>

<div>2013-06-11 10:51 - 2013-06-11 10:51 - 00000000 ____D C:\Program Files\Common Files\Skype</div>

<div>2013-06-10 17:32 - 2013-06-10 17:32 - 00000716 ____A C:\Documents and Settings\BOSS\Desktop\KMPlayer.lnk</div>

<div>2013-06-10 17:18 - 2013-06-10 17:21 - 32642064 ____A C:\Documents and Settings\BOSS\Desktop\KMPlayer_3-6-0-87.exe</div>

<div>2013-06-10 13:06 - 2013-06-11 19:32 - 00000312 ___AH C:\Windows\Tasks\avast! Emergency Update.job</div>

<div>2013-06-10 13:06 - 2013-06-10 13:06 - 00001695 ____A C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk</div>

<div>2013-06-10 13:06 - 2013-06-10 13:06 - 00000000 ____D C:\Documents and Settings\BOSS\Local Settings\Application DataGoogle</div>

<div>2013-06-10 13:06 - 2013-05-09 09:59 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys</div>

<div>2013-06-10 13:06 - 2013-05-09 09:59 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys</div>

<div>2013-06-10 13:06 - 2013-05-09 09:59 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys</div>

<div>2013-06-10 13:06 - 2013-05-09 09:59 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys</div>

<div>2013-06-10 13:06 - 2013-05-09 09:59 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys</div>

<div>2013-06-10 13:06 - 2013-05-09 09:59 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys</div>

<div>2013-06-10 13:06 - 2013-05-09 09:59 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys</div>

<div>2013-06-10 13:06 - 2013-05-09 09:59 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys</div>

<div>2013-06-10 13:06 - 2013-05-09 09:58 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe</div>

<div>2013-06-10 13:05 - 2013-06-10 13:05 - 00000000 ____D C:\Program Files\AVAST Software</div>

<div>2013-06-10 13:05 - 2013-05-09 09:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr</div>

<div>2013-06-10 13:02 - 2013-06-10 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software</div>

<div>2013-06-10 12:51 - 2013-06-10 18:03 - 00417564 ____A C:\Windows\System32\vsconfig.xml</div>

<div>2013-06-10 12:51 - 2013-06-10 12:51 - 00000000 ____D C:\Documents and Settings\BOSS\Application Data\CheckPoint</div>

<div>2013-06-10 12:48 - 2013-06-10 12:48 - 00000539 ____A C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk</div>

<div>2013-06-10 12:46 - 2013-06-10 12:48 - 00000000 ____D C:\Program Files\CheckPoint</div>

<div>2013-06-10 12:46 - 2013-06-10 12:46 - 00000000 ____D C:\Program Files\Check Point Software Technologies LTD</div>

<div>2013-06-10 12:46 - 2013-06-10 12:46 - 00000000 ____D C:\Documents and Settings\BOSS\Application Data\Check Point Software Technologies LTD</div>

<div>2013-06-10 12:44 - 2013-06-10 12:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint</div>

<div>2013-05-27 13:05 - 2013-05-27 13:05 - 00000000 ____D C:\Documents and Settings\BOSS\Desktop\How to Win Friends & Influence People</div>

<div>2013-05-27 10:15 - 2007-11-30 17:24 - 00020480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\flpydisk.sys</div>

<div>2013-05-27 10:15 - 2007-11-30 17:24 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys</div>

<div>2013-05-27 10:14 - 2013-06-10 23:33 - 00000000 _SHDC C:\Kernel</div>

<div>2013-05-26 19:02 - 2013-05-31 22:43 - 00000000 ____D C:\Documents and Settings\BOSS\Desktop\Global LT</div>

<div>2013-05-16 14:10 - 2013-05-16 14:10 - 00844854 ____A C:\Windows\KMPBitmap.bmp</div>

<div> </div>

<div>==================== One Month Modified Files and Folders ========</div>

<div> </div>

<div>2013-06-12 00:44 - 2012-10-12 18:07 - 00000000 ____D C:\Documents and Settings\BOSS\Application Data\uTorrent</div>

<div>2013-06-12 00:41 - 2013-06-12 00:41 - 00000000 ___DC C:\FRST</div>

<div>2013-06-12 00:34 - 2010-02-14 19:57 - 00000000 ____D C:\Documents and Settings\BOSS\Application Data\Skype</div>

<div>2013-06-12 00:31 - 2010-03-15 03:02 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>2013-06-12 00:29 - 2012-04-29 06:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</div>

<div>2013-06-12 00:00 - 2012-09-17 17:31 - 00000346 ____A C:\Windows\Tasks\Windows Codec Update Service.job</div>

<div>2013-06-11 21:31 - 2010-02-11 19:17 - 00032630 ____A C:\Windows\SchedLgU.Txt</div>

<div>2013-06-11 19:40 - 2012-09-30 08:00 - 00000000 ____D C:\Program Files\The KMPlayer</div>

<div>2013-06-11 19:34 - 2013-06-11 10:51 - 00000000 ___RD C:\Program Files\Skype</div>

<div>2013-06-11 19:34 - 2010-02-14 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype</div>

<div>2013-06-11 19:33 - 2010-02-11 19:13 - 01841919 ____A C:\Windows\WindowsUpdate.log</div>

<div>2013-06-11 19:32 - 2013-06-10 13:06 - 00000312 ___AH C:\Windows\Tasks\avast! Emergency Update.job</div>

<div>2013-06-11 19:32 - 2010-02-11 19:12 - 00000000 ____D C:\Windows\System32\Restore</div>

<div>2013-06-11 19:31 - 2011-09-13 21:32 - 00000276 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1957994488-839522115-1003.job</div>

<div>2013-06-11 19:31 - 2010-03-15 03:02 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>2013-06-11 19:31 - 2010-02-11 21:04 - 00000159 ____A C:\Windows\wiadebug.log</div>

<div>2013-06-11 19:31 - 2010-02-11 21:04 - 00000050 ____A C:\Windows\wiaservc.log</div>

<div>2013-06-11 19:31 - 2010-02-11 19:18 - 00000062 __ASH C:\Documents and Settings\BOSS\Local Settings\desktop.ini</div>

<div>2013-06-11 19:31 - 2010-02-11 19:17 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</div>

<div>2013-06-11 19:30 - 2010-02-11 19:17 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</div>

<div>2013-06-11 19:30 - 2010-02-11 19:17 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini</div>

<div>2013-06-11 19:23 - 2010-02-11 19:18 - 00000178 ___SH C:\Documents and Settings\BOSS\ntuser.ini</div>

<div>2013-06-11 17:13 - 2013-06-11 17:13 - 00033095 ____A C:\Documents and Settings\BOSS\Desktop\mbam-log-2013-01-02 (16-13-44).zip</div>

<div>2013-06-11 10:52 - 2010-12-29 13:43 - 00000000 ____D C:\Program Files\Windows Live</div>

<div>2013-06-11 10:51 - 2013-06-11 10:51 - 00000000 ____D C:\Program Files\Common Files\Skype</div>

<div>2013-06-11 10:46 - 2010-12-29 13:44 - 00000000 ____D C:\Documents and Settings\BOSS\Tracing</div>

<div>2013-06-11 01:30 - 2010-02-11 21:01 - 01075244 ____A C:\Windows\setupapi.log</div>

<div>2013-06-10 23:33 - 2013-05-27 10:14 - 00000000 _SHDC C:\Kernel</div>

<div>2013-06-10 21:00 - 2010-02-11 21:01 - 00139648 ____A C:\Windows\System32\FNTCACHE.DAT</div>

<div>2013-06-10 19:57 - 2012-10-11 09:20 - 00000000 ____D C:\Documents and Settings\BOSS\Local Settings\Application Data\Conduit</div>

<div>2013-06-10 19:43 - 2010-02-11 21:01 - 00007243 ____A C:\Windows\setupact.log</div>

<div>2013-06-10 19:43 - 2010-02-11 19:29 - 00000000 ____D C:\Windows\System32\ReinstallBackups</div>

<div>2013-06-10 19:10 - 2011-01-05 18:52 - 00000000 ____D C:\Windows\System32\SupportAppXL</div>

<div>2013-06-10 19:09 - 2010-02-11 19:58 - 00000000 ___HD C:\Program Files\InstallShield Installation Information</div>

<div>2013-06-10 18:19 - 2010-03-15 02:56 - 00000000 ____D C:\Program Files\Google</div>

<div>2013-06-10 18:19 - 2010-03-15 02:56 - 00000000 ____D C:\Documents and Settings\BOSS\Local Settings\Application Data\Google</div>

<div>2013-06-10 18:03 - 2013-06-10 12:51 - 00417564 ____A C:\Windows\System32\vsconfig.xml</div>

<div>2013-06-10 17:39 - 2012-10-12 18:09 - 00000000 ____D C:\Program Files\uTorrent</div>

<div>2013-06-10 17:32 - 2013-06-10 17:32 - 00000716 ____A C:\Documents and Settings\BOSS\Desktop\KMPlayer.lnk</div>

<div>2013-06-10 17:21 - 2013-06-10 17:18 - 32642064 ____A C:\Documents and Settings\BOSS\Desktop\KMPlayer_3-6-0-87.exe</div>

<div>2013-06-10 13:07 - 2010-02-11 20:50 - 00000000 ____D C:\Program Files\Mozilla Thunderbird</div>

<div>2013-06-10 13:06 - 2013-06-10 13:06 - 00001695 ____A C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk</div>

<div>2013-06-10 13:06 - 2013-06-10 13:06 - 00000000 ____D C:\Documents and Settings\BOSS\Local Settings\Application DataGoogle</div>

<div>2013-06-10 13:06 - 2010-02-11 19:14 - 00002577 ____A C:\Windows\System32\CONFIG.NT</div>

<div>2013-06-10 13:05 - 2013-06-10 13:05 - 00000000 ____D C:\Program Files\AVAST Software</div>

<div>2013-06-10 13:05 - 2013-06-10 13:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software</div>

<div>2013-06-10 12:51 - 2013-06-10 12:51 - 00000000 ____D C:\Documents and Settings\BOSS\Application Data\CheckPoint</div>

<div>2013-06-10 12:48 - 2013-06-10 12:48 - 00000539 ____A C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk</div>

<div>2013-06-10 12:48 - 2013-06-10 12:46 - 00000000 ____D C:\Program Files\CheckPoint</div>

<div>2013-06-10 12:46 - 2013-06-10 12:46 - 00000000 ____D C:\Program Files\Check Point Software Technologies LTD</div>

<div>2013-06-10 12:46 - 2013-06-10 12:46 - 00000000 ____D C:\Documents and Settings\BOSS\Application Data\Check Point Software Technologies LTD</div>

<div>2013-06-10 12:44 - 2013-06-10 12:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint</div>

<div>2013-06-10 11:29 - 2012-04-29 06:18 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe</div>

<div>2013-06-10 11:29 - 2011-06-01 14:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl</div>

<div>2013-06-10 09:52 - 2004-08-04 13:00 - 00002206 ____A C:\Windows\System32\wpa.dbl</div>

<div>2013-06-01 20:00 - 2010-02-11 21:09 - 00000738 ____A C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - BOSS.job</div>

<div>2013-05-31 22:43 - 2013-05-26 19:02 - 00000000 ____D C:\Documents and Settings\BOSS\Desktop\Global LT</div>

<div>2013-05-30 01:18 - 2010-03-15 03:00 - 00000284 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1957994488-839522115-1003.job</div>

<div>2013-05-29 09:50 - 2010-05-12 17:51 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job</div>

<div>2013-05-27 13:05 - 2013-05-27 13:05 - 00000000 ____D C:\Documents and Settings\BOSS\Desktop\How to Win Friends & Influence People</div>

<div>2013-05-27 12:56 - 2010-02-11 21:02 - 00423914 ____A C:\Windows\System32\PerfStringBackup.INI</div>

<div>2013-05-27 09:32 - 2012-10-01 20:58 - 00000000 ____D C:\Documents and Settings\BOSS\Desktop\democracy</div>

<div>2013-05-24 13:40 - 2011-04-20 16:05 - 00025560 ____A C:\Documents and Settings\BOSS\Application Data\GDIPFONTCACHEV1.DAT</div>

<div>2013-05-22 23:36 - 2012-05-03 10:55 - 00000000 ____D C:\Documents and Settings\BOSS\Desktop\Various Photos and Images</div>

<div>2013-05-16 14:10 - 2013-05-16 14:10 - 00844854 ____A C:\Windows\KMPBitmap.bmp</div>

<div>2013-05-13 01:44 - 2012-11-30 22:54 - 00000000 ____D C:\Documents and Settings\BOSS\Desktop\Max and Anya</div>

<div> </div>

<div>==================== Bamital & volsnap Check =================</div>

<div> </div>

<div>C:\Windows\explorer.exe</div>

<div>[2004-08-04 13:00] - [2007-11-30 23:26] - 1033728 ____A (Microsoft Corporation) e0ee428f4777a3cd8760bad61f87abed </div>

<div> </div>

<div>C:\Windows\System32\winlogon.exe</div>

<div>[2004-08-04 13:00] - [2007-11-30 23:26] - 0507904 ____A (Microsoft Corporation) 45ffe966290b9c4ba659325561de4830 </div>

<div> </div>

<div>C:\Windows\System32\svchost.exe</div>

<div>[2004-08-04 13:00] - [2007-11-30 23:26] - 0014336 ____A (Microsoft Corporation) 0c82b0ae50bb2bc8a96a753f4edc495f </div>

<div> </div>

<div>C:\Windows\System32\services.exe</div>

<div>[2010-02-11 19:27] - [2007-11-30 23:26] - 0108544 ____A (Microsoft Corporation) 76727219614a50b2db29bd0cda4260d5 </div>

<div> </div>

<div>C:\Windows\System32\User32.dll</div>

<div>[2004-08-04 13:00] - [2007-11-30 23:26] - 0578560 ____A (Microsoft Corporation) 6c74c62ecdc3981a7f1f8f1656b27871 </div>

<div> </div>

<div>C:\Windows\System32\userinit.exe</div>

<div>[2010-02-11 19:27] - [2007-11-30 23:26] - 0026112 ____A (Microsoft Corporation) 813b2e9c4caea05fba51a442fab7a95d </div>

<div> </div>

<div>C:\Windows\System32\Drivers\volsnap.sys</div>

<div>[2010-02-11 19:27] - [2007-11-30 16:25] - 0052352 ____A (Microsoft Corporation) 2abf037f9d447424b58d73706b55b762 </div>

<div> </div>

<div> </div>

<div>==================== End Of Log ============================</div>

</div>

<div> </div>

<div> </div>

<div>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-06-2013</div>

<div>Ran by BOSS at 2013-06-12 00:45:47 Run:</div>

<div>Running from D:\My Documents\Downloads</div>

<div>Boot Mode: Normal</div>

<div>==========================================================</div>

<div> </div>

<div> </div>

<div>==================== Installed Programs =======================</div>

<div> </div>

<div>µTorrent (Version: 3.3.0.29625)</div>

<div>Adobe AIR (Version: 3.5.0.1060)</div>

<div>Adobe Flash Player 11 ActiveX (Version: 11.8.800.75)</div>

<div>Adobe Flash Player 11 Plugin (Version: 11.8.800.75)</div>

<div>Adobe Reader 9.5.4 (Version: 9.5.4)</div>

<div>Adobe Shockwave Player 11.5 (Version: 11.5.7.609)</div>

<div>Agere Systems HDA Modem</div>

<div>Apple Application Support (Version: 2.3.2)</div>

<div>Apple Software Update (Version: 2.1.3.127)</div>

<div>Atheros Client Installation Program</div>

<div>Atheros Client Installation Program (Version: 7.0)</div>

<div>Atheros Driver Installation Program (Version: 5.2)</div>

<div>avast! Free Antivirus (Version: 8.0.1489.0)</div>

<div>Broadcom Gigabit NetLink Controller (Version: 11.34.02)</div>

<div>Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)</div>

<div>DAEMON Tools Lite (Version: 4.41.3.0173)</div>

<div>DivX Setup (Version: 2.6.1.22)</div>

<div>FLV Pro Player</div>

<div>FOX News Live Stream (Version: 1.0.562)</div>

<div>FOX News Live Stream (Version: v1.0.562)</div>

<div>FreeCall (Version: 4.08 build 645)</div>

<div>Google Chrome (Version: 27.0.1453.110)</div>

<div>Google Drive (Version: 1.9.4536.8202)</div>

<div>Google Talk (remove only)</div>

<div>Google Update Helper (Version: 1.3.21.145)</div>

<div>Intel® Graphics Media Accelerator Driver</div>

<div>Internet-based TOEFL</div>

<div>Java 7 Update 15 (Version: 7.0.150)</div>

<div>Java Auto Updater (Version: 2.1.9.0)</div>

<div>K-Lite Mega Codec Pack 5.0.5 (Version: 5.0.5)</div>

<div>KooBits 4.0 (Version: 4.0.1)</div>

<div>KooBits 4.0 (Version: 4.0.1.9)</div>

<div>Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)</div>

<div>Media Player Codec Pack 4.2.2 (Version: 4.2.2)</div>

<div>Microsoft Application Error Reporting (Version: 12.0.6012.5000)</div>

<div>Microsoft Choice Guard (Version: 2.0.48.0)</div>

<div>Microsoft Kernel-Mode Driver Framework Feature Pack 1.5</div>

<div>Microsoft Kernel-Mode Driver Framework Feature Pack 1.7</div>

<div>Microsoft Kernel-Mode Driver Framework Feature Pack 1.9</div>

<div>Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)</div>

<div>Microsoft Silverlight (Version: 5.1.20125.0)</div>

<div>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)</div>

<div>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)</div>

<div>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)</div>

<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)</div>

<div>Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)</div>

<div>MPC-HC 1.6.5.6366 (Version: 1.6.5.6366)</div>

<div>MSN</div>

<div>MSVCRT (Version: 14.0.1468.721)</div>

<div>MXpie Patch for WinMX Network/WPNP 3.6.3.6 (Version: 3.6.3.6)</div>

<div>neroxml (Version: 1.0.0)</div>

<div>Octoshape add-in for Adobe Flash Player</div>

<div>Opera 11.50 (Version: 11.50.1074)</div>

<div>QuickTime (Version: 7.73.80.64)</div>

<div>Realtek High Definition Audio Driver (Version: 5.10.0.5791)</div>

<div>Rosetta Stone V3 (Version: 3.0.35)</div>

<div>Segoe UI (Version: 14.0.4327.805)</div>

<div>Skype™ 6.5 (Version: 6.5.158)</div>

<div>Synaptics Pointing Device Driver (Version: 12.1.0.0)</div>

<div>The KMPlayer (remove only) (Version: 3.6.0.87)</div>

<div>Update Service (Version: 4.1.0)</div>

<div>USB2.0 Card Reader Software (Version: 6.0.6000.74)</div>

<div>VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)</div>

<div>VCRedistSetup (Version: 1.0.0)</div>

<div>WebCam (Version: 5.8.49001.2)</div>

<div>WebFldrs XP (Version: 9.50.7523)</div>

<div>Winamp (Version: 5.572 )</div>

<div>Winamp Detector Plug-in (Version: 1.0.0.1)</div>

<div>Windows Essentials Media Codec Pack 4.0 [32-Bit] (Version: 4.0)</div>

<div>Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)</div>

<div>Windows Live Call (Version: 14.0.8117.0416)</div>

<div>Windows Live Communications Platform (Version: 14.0.8117.416)</div>

<div>Windows Live Essentials (Version: 14.0.8117.0416)</div>

<div>Windows Live Essentials (Version: 14.0.8117.416)</div>

<div>Windows Live Messenger (Version: 14.0.8117.0416)</div>

<div>Windows Live Sign-in Assistant (Version: 5.000.818.5)</div>

<div>Windows Live Upload Tool (Version: 14.0.8014.1029)</div>

<div>Windows Media Format Runtime</div>

<div>Windows Media Player Firefox Plugin (Version: 1.0.0.8)</div>

<div>Windows XP Service Pack 3 (Version: 20071130.213629)</div>

<div>WinMX</div>

<div>ZoneAlarm Firewall (Version: 11.0.000.504)</div>

<div>ZoneAlarm Free Firewall (Version: 11.0.000.504)</div>

<div>ZoneAlarm LTD Toolbar</div>

<div>ZoneAlarm Security (Version: 11.0.000.504)</div>

<div>ZoneAlarm Security Toolbar  (Version: 1.8.11.11)</div>

<div>Архиватор WinRAR</div>

<div> </div>

<div>==================== Restore Points  =========================</div>

<div> </div>

<div>11-06-2013 18:33:20 System Checkpoint</div>

<div>Could not list Restore Points.</div>

<div> </div>

<div> </div>

<div>==================== Hosts content: ==========================</div>

<div> </div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>www.winmx.com err.winmx.com</div>

<div>205.238.40.54<span class="Apple-tab-span" style="white-space:pre"> </span>www.winmx.com err.winmx.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>cache0.winmx.com test3201.winmx.com test3206.winmx.com</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>cache1.winmx.com test3202.winmx.com test3207.winmx.com</div>

<div>82.43.229.238<span class="Apple-tab-span" style="white-space:pre"> </span>cache2.winmx.com test3203.winmx.com test3208.winmx.com</div>

<div>205.238.40.1<span class="Apple-tab-span" style="white-space:pre"> </span>cache3.winmx.com test3204.winmx.com</div>

<div>205.238.40.2<span class="Apple-tab-span" style="white-space:pre"> </span>cache4.winmx.com test3205.winmx.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com</div>

<div>82.43.229.238<span class="Apple-tab-span" style="white-space:pre"> </span>c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com</div>

<div>82.43.229.238<span class="Apple-tab-span" style="white-space:pre"> </span>c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com</div>

<div>205.238.40.1<span class="Apple-tab-span" style="white-space:pre"> </span>c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com</div>

<div>205.238.40.2<span class="Apple-tab-span" style="white-space:pre"> </span>c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com</div>

<div>82.43.229.238<span class="Apple-tab-span" style="white-space:pre"> </span>c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com</div>

<div>82.43.229.238<span class="Apple-tab-span" style="white-space:pre"> </span>c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com</div>

<div>205.238.40.1<span class="Apple-tab-span" style="white-space:pre"> </span>c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com</div>

<div>205.238.40.2<span class="Apple-tab-span" style="white-space:pre"> </span>c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com</div>

<div>205.238.40.54<span class="Apple-tab-span" style="white-space:pre"> </span>winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>test0.winmxgroup.net test5.winmxgroup.net</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>test1.winmxgroup.net test6.winmxgroup.net</div>

<div>82.43.229.238<span class="Apple-tab-span" style="white-space:pre"> </span>test2.winmxgroup.net</div>

<div>205.238.40.1<span class="Apple-tab-span" style="white-space:pre"> </span>test3.winmxgroup.net</div>

<div>205.238.40.2<span class="Apple-tab-span" style="white-space:pre"> </span>test4.winmxgroup.net</div>

<div>65.75.216.6<span class="Apple-tab-span" style="white-space:pre"> </span>cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net</div>

<div>65.75.216.7<span class="Apple-tab-span" style="white-space:pre"> </span>cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net</div>

<div>82.43.229.238<span class="Apple-tab-span" style="white-space:pre"> </span>cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net</div>

<div>205.238.40.1<span class="Apple-tab-span" style="white-space:pre"> </span>cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net</div>

<div>205.238.40.2<span class="Apple-tab-span" style="white-space:pre"> </span>cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net</div>

<div> </div>

<div>127.0.0.1       localhost</div>

<div> </div>

<div> </div>

<div>==================== Faulty Device Manager Devices =============</div>

<div> </div>

<div>Name: avast! Firewall NDIS Filter Miniport</div>

<div>Description: avast! Firewall NDIS Filter Miniport</div>

<div>Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}</div>

<div>Manufacturer: ALWIL Software</div>

<div>Service: aswNdis</div>

<div>Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)</div>

<div>Resolution: A registry problem was detected.</div>

<div> This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:</div>

<div>On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.</div>

<div>Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.</div>

<div> </div>

<div> </div>

<div>==================== Event log errors: =========================</div>

<div> </div>

<div>Application errors:</div>

<div>==================</div>

<div>Error: (06/10/2013 05:50:08 PM) (Source: Application Error) (User: )</div>

<div>Description: Faulting application skype.exe, version 6.3.0.107, faulting module urlmon.dll, version 6.0.2900.3264, fault address 0x0003b5ce.</div>

<div>Processing media-specific event for [skype.exe!ws!]</div>

<div> </div>

<div>Error: (06/03/2013 09:36:54 AM) (Source: PandoraService.exe) (User: )</div>

<div>Description: Socket Error # 11001</div>

<div>Host not found.</div>

<div> </div>

<div>Error: (05/31/2013 09:48:23 PM) (Source: Bonjour Service) (User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledSPRetry 2047</div>

<div> </div>

<div>Error: (05/31/2013 09:48:23 PM) (Source: Bonjour Service) (User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledEvent 2047</div>

<div> </div>

<div>Error: (05/31/2013 09:48:23 PM) (Source: Bonjour Service) (User: )</div>

<div>Description: Task Scheduling Error: Continuously busy for more than a second</div>

<div> </div>

<div>Error: (05/30/2013 09:13:02 AM) (Source: Bonjour Service) (User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledSPRetry 6234</div>

<div> </div>

<div>Error: (05/30/2013 09:13:02 AM) (Source: Bonjour Service) (User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledEvent 6234</div>

<div> </div>

<div>Error: (05/30/2013 09:13:02 AM) (Source: Bonjour Service) (User: )</div>

<div>Description: Task Scheduling Error: Continuously busy for more than a second</div>

<div> </div>

<div>Error: (05/30/2013 09:13:00 AM) (Source: Bonjour Service) (User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledSPRetry 4219</div>

<div> </div>

<div>Error: (05/30/2013 09:13:00 AM) (Source: Bonjour Service) (User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledEvent 4219</div>

<div> </div>

<div> </div>

<div>System errors:</div>

<div>=============</div>

<div>Error: (06/11/2013 07:31:51 PM) (Source: DCOM) (User: NT AUTHORITY)</div>

<div>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID </div>

<div>{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}</div>

<div> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.</div>

<div> </div>

<div>Error: (06/11/2013 07:31:03 PM) (Source: DCOM) (User: NT AUTHORITY)</div>

<div>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID </div>

<div>{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}</div>

<div> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.</div>

<div> </div>

<div>Error: (06/11/2013 07:30:59 PM) (Source: DCOM) (User: NT AUTHORITY)</div>

<div>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID </div>

<div>{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}</div>

<div> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.</div>

<div> </div>

<div>Error: (06/11/2013 10:40:22 AM) (Source: DCOM) (User: NT AUTHORITY)</div>

<div>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID </div>

<div>{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}</div>

<div> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.</div>

<div> </div>

<div>Error: (06/11/2013 10:40:01 AM) (Source: DCOM) (User: NT AUTHORITY)</div>

<div>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID </div>

<div>{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}</div>

<div> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.</div>

<div> </div>

<div>Error: (06/11/2013 10:39:58 AM) (Source: DCOM) (User: NT AUTHORITY)</div>

<div>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID </div>

<div>{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}</div>

<div> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.</div>

<div> </div>

<div>Error: (06/10/2013 10:03:02 PM) (Source: 0) (User: )</div>

<div>Description: \Device\Harddisk0\D</div>

<div> </div>

<div>Error: (06/10/2013 10:02:59 PM) (Source: 0) (User: )</div>

<div>Description: \Device\Harddisk0\D</div>

<div> </div>

<div>Error: (06/10/2013 10:02:56 PM) (Source: 0) (User: )</div>

<div>Description: \Device\Harddisk0\D</div>

<div> </div>

<div>Error: (06/10/2013 10:02:53 PM) (Source: 0) (User: )</div>

<div>Description: \Device\Harddisk0\D</div>

<div> </div>

<div> </div>

<div>Microsoft Office Sessions:</div>

<div>=========================</div>

<div>Error: (06/10/2013 05:50:08 PM) (Source: Application Error)(User: )</div>

<div>Description: skype.exe6.3.0.107urlmon.dll6.0.2900.32640003b5ce</div>

<div> </div>

<div>Error: (06/03/2013 09:36:54 AM) (Source: PandoraService.exe)(User: )</div>

<div>Description: Socket Error # 11001</div>

<div>Host not found.</div>

<div> </div>

<div>Error: (05/31/2013 09:48:23 PM) (Source: Bonjour Service)(User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledSPRetry 2047</div>

<div> </div>

<div>Error: (05/31/2013 09:48:23 PM) (Source: Bonjour Service)(User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledEvent 2047</div>

<div> </div>

<div>Error: (05/31/2013 09:48:23 PM) (Source: Bonjour Service)(User: )</div>

<div>Description: Task Scheduling Error: Continuously busy for more than a second</div>

<div> </div>

<div>Error: (05/30/2013 09:13:02 AM) (Source: Bonjour Service)(User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledSPRetry 6234</div>

<div> </div>

<div>Error: (05/30/2013 09:13:02 AM) (Source: Bonjour Service)(User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledEvent 6234</div>

<div> </div>

<div>Error: (05/30/2013 09:13:02 AM) (Source: Bonjour Service)(User: )</div>

<div>Description: Task Scheduling Error: Continuously busy for more than a second</div>

<div> </div>

<div>Error: (05/30/2013 09:13:00 AM) (Source: Bonjour Service)(User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledSPRetry 4219</div>

<div> </div>

<div>Error: (05/30/2013 09:13:00 AM) (Source: Bonjour Service)(User: )</div>

<div>Description: Task Scheduling Error: m->NextScheduledEvent 4219</div>

<div> </div>

<div> </div>

<div>==================== Memory info =========================== </div>

<div> </div>

<div>Percentage of memory in use: 48%</div>

<div>Total physical RAM: 3000.85 MB</div>

<div>Available physical RAM: 1536.99 MB</div>

<div>Total Pagefile: 4887.08 MB</div>

<div>Available Pagefile: 3237.88 MB</div>

<div>Total Virtual: 2047.88 MB</div>

<div>Available Virtual: 1949.51 MB</div>

<div> </div>

<div>==================== Drives ================================</div>

<div> </div>

<div>Drive c: (SYSTEM) (Fixed) (Total:29.29 GB) (Free:6.29 GB) NTFS ==>[Drive with boot components (Windows XP)]</div>

<div>Drive d: (DATA) (Fixed) (Total:146.49 GB) (Free:10.4 GB) NTFS</div>

<div>Drive e: (other) (Fixed) (Total:122.31 GB) (Free:38.64 GB) NTFS</div>

<div> </div>

<div>==================== MBR & Partition Table ==================</div>

<div> </div>

<div>========================================================</div>

<div>Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 17D217D1)</div>

<div>Partition 1: (Active) - (Size=29 GB) - (Type=07 NTFS)</div>

<div>Partition 2: (Not Active) - (Size=269 GB) - (Type=OF Extended)</div>

<div> </div>

<div>==================== End Of Log ============================</div>

Link to post
Share on other sites

<div>00:45:55.0859 4100  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42</div>

<div>00:45:56.0859 4100  ============================================================</div>

<div>00:45:56.0859 4100  Current date / time: 2013/06/12 00:45:56.0859</div>

<div>00:45:56.0859 4100  SystemInfo:</div>

<div>00:45:56.0859 4100  </div>

<div>00:45:56.0859 4100  OS Version: 5.1.2600 ServicePack: 3.0</div>

<div>00:45:56.0859 4100  Product type: Workstation</div>

<div>00:45:56.0859 4100  ComputerName: COMPANY-D80ED77</div>

<div>00:45:56.0859 4100  UserName: BOSS</div>

<div>00:45:56.0859 4100  Windows directory: C:\WINDOWS</div>

<div>00:45:56.0859 4100  System windows directory: C:\WINDOWS</div>

<div>00:45:56.0859 4100  Processor architecture: Intel x86</div>

<div>00:45:56.0859 4100  Number of processors: 2</div>

<div>00:45:56.0859 4100  Page size: 0x1000</div>

<div>00:45:56.0859 4100  Boot type: Normal boot</div>

<div>00:45:56.0859 4100  ============================================================</div>

<div>00:46:04.0375 4100  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054</div>

<div>00:46:04.0796 4100  ============================================================</div>

<div>00:46:04.0796 4100  \Device\Harddisk0\DR0:</div>

<div>00:46:04.0828 4100  MBR partitions:</div>

<div>00:46:04.0828 4100  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1</div>

<div>00:46:04.0828 4100  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x124FAAB4</div>

<div>00:46:04.0843 4100  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x15F90E22, BlocksNum 0xF49C89F</div>

<div>00:46:04.0843 4100  ============================================================</div>

<div>00:46:05.0375 4100  C: <-> \Device\Harddisk0\DR0\Partition1</div>

<div>00:46:05.0375 4100  D: <-> \Device\Harddisk0\DR0\Partition2</div>

<div>00:46:05.0421 4100  E: <-> \Device\Harddisk0\DR0\Partition3</div>

<div>00:46:05.0421 4100  ============================================================</div>

<div>00:46:05.0421 4100  Initialize success</div>

<div>00:46:05.0421 4100  ============================================================</div>

<div>00:46:12.0609 3108  ============================================================</div>

<div>00:46:12.0609 3108  Scan started</div>

<div>00:46:12.0609 3108  Mode: Manual; </div>

<div>00:46:12.0609 3108  ============================================================</div>

<div>00:46:23.0234 3108  ================ Scan system memory ========================</div>

<div>00:46:23.0234 3108  System memory - ok</div>

<div>00:46:23.0234 3108  ================ Scan services =============================</div>

<div>00:46:23.0343 3108  Abiosdsk - ok</div>

<div>00:46:23.0343 3108  abp480n5 - ok</div>

<div>00:46:23.0406 3108  [ 15634A4D4371423AD438B93EE0519CB8 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys</div>

<div>00:46:23.0406 3108  ACPI - ok</div>

<div>00:46:23.0421 3108  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys</div>

<div>00:46:23.0437 3108  ACPIEC - ok</div>

<div>00:46:23.0437 3108  ACS - ok</div>

<div>00:46:23.0500 3108  [ A914F0BB768EECA5759E9B63F02264F9 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe</div>

<div>00:46:23.0500 3108  AdobeFlashPlayerUpdateSvc - ok</div>

<div>00:46:23.0515 3108  adpu160m - ok</div>

<div>00:46:23.0562 3108  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys</div>

<div>00:46:23.0562 3108  aec - ok</div>

<div>00:46:23.0578 3108  [ E5D9213212ED08DC5F985049F7C68C09 ] AFD             C:\WINDOWS\System32\drivers\afd.sys</div>

<div>00:46:23.0593 3108  AFD - ok</div>

<div>00:46:23.0609 3108  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe</div>

<div>00:46:23.0625 3108  AgereModemAudio - ok</div>

<div>00:46:23.0656 3108  [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys</div>

<div>00:46:23.0687 3108  AgereSoftModem - ok</div>

<div>00:46:23.0703 3108  Aha154x - ok</div>

<div>00:46:23.0703 3108  aic78u2 - ok</div>

<div>00:46:23.0718 3108  aic78xx - ok</div>

<div>00:46:23.0796 3108  [ EBE1CBD58B24F9385649F1D0304E9E3B ] Alerter         C:\WINDOWS\system32\alrsvc.dll</div>

<div>00:46:23.0796 3108  Alerter - ok</div>

<div>00:46:23.0812 3108  [ 62C1E5937E60C8E8926E34389FFCF281 ] ALG             C:\WINDOWS\System32\alg.exe</div>

<div>00:46:23.0812 3108  ALG - ok</div>

<div>00:46:23.0828 3108  AliIde - ok</div>

<div>00:46:23.0890 3108  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys</div>

<div>00:46:23.0937 3108  Ambfilt - ok</div>

<div>00:46:23.0953 3108  amsint - ok</div>

<div>00:46:23.0984 3108  ApfiltrService - ok</div>

<div>00:46:24.0046 3108  [ 25AB105529BC14EB63013A0179823724 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll</div>

<div>00:46:24.0062 3108  AppMgmt - ok</div>

<div>00:46:24.0109 3108  [ 74AD200C4E5454A884D7C711B6A906CF ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys</div>

<div>00:46:24.0187 3108  AR5416 - ok</div>

<div>00:46:24.0187 3108  asc - ok</div>

<div>00:46:24.0203 3108  asc3350p - ok</div>

<div>00:46:24.0218 3108  asc3550 - ok</div>

<div>00:46:24.0265 3108  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys</div>

<div>00:46:24.0281 3108  aswFsBlk - ok</div>

<div>00:46:24.0296 3108  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys</div>

<div>00:46:24.0296 3108  aswMonFlt - ok</div>

<div>00:46:24.0312 3108  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys</div>

<div>00:46:24.0312 3108  AswRdr - ok</div>

<div>00:46:24.0328 3108  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys</div>

<div>00:46:24.0343 3108  aswRvrt - ok</div>

<div>00:46:24.0375 3108  [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys</div>

<div>00:46:24.0390 3108  aswSnx - ok</div>

<div>00:46:24.0421 3108  [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys</div>

<div>00:46:24.0421 3108  aswSP - ok</div>

<div>00:46:24.0453 3108  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys</div>

<div>00:46:24.0453 3108  aswTdi - ok</div>

<div>00:46:24.0468 3108  [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys</div>

<div>00:46:24.0484 3108  aswVmm - ok</div>

<div>00:46:24.0515 3108  [ 0D4681F78A20B50D691A4F3C9F75EB41 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys</div>

<div>00:46:24.0515 3108  AsyncMac - ok</div>

<div>00:46:24.0531 3108  [ 335BB30ED68CF3DC0EE2BDDB438B6A9B ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys</div>

<div>00:46:24.0531 3108  atapi - ok</div>

<div>00:46:24.0546 3108  Atdisk - ok</div>

<div>00:46:24.0562 3108  [ ECF89E5BD58E3A3CC2E7DB0F0D9F6C6C ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys</div>

<div>00:46:24.0562 3108  Atmarpc - ok</div>

<div>00:46:24.0609 3108  [ 1BB95E55B5A8B0D02156D77D95AD4ED8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll</div>

<div>00:46:24.0609 3108  AudioSrv - ok</div>

<div>00:46:24.0625 3108  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys</div>

<div>00:46:24.0625 3108  audstub - ok</div>

<div>00:46:24.0687 3108  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe</div>

<div>00:46:24.0687 3108  avast! Antivirus - ok</div>

<div>00:46:24.0734 3108  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys</div>

<div>00:46:24.0734 3108  Beep - ok</div>

<div>00:46:24.0765 3108  [ 60EEA64022CE15CB3A81CE666D74913F ] BITS            C:\WINDOWS\system32\qmgr.dll</div>

<div>00:46:24.0781 3108  BITS - ok</div>

<div>00:46:24.0828 3108  [ 8CD6C9AE12D3EA8930AC1C9D7A5D985E ] Browser         C:\WINDOWS\System32\browser.dll</div>

<div>00:46:24.0828 3108  Browser - ok</div>

<div>00:46:24.0828 3108  btaudio - ok</div>

<div>00:46:24.0843 3108  BTDriver - ok</div>

<div>00:46:24.0859 3108  BTWDNDIS - ok</div>

<div>00:46:24.0859 3108  btwhid - ok</div>

<div>00:46:24.0875 3108  BTWUSB - ok</div>

<div>00:46:24.0937 3108  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys</div>

<div>00:46:24.0937 3108  cbidf2k - ok</div>

<div>00:46:24.0968 3108  [ 6BD9CEFA0AAC17EE93F277E5B9BEF716 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys</div>

<div>00:46:24.0968 3108  CCDECODE - ok</div>

<div>00:46:24.0968 3108  cd20xrnt - ok</div>

<div>00:46:25.0000 3108  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys</div>

<div>00:46:25.0000 3108  Cdaudio - ok</div>

<div>00:46:25.0031 3108  [ B7B2EFD695BB6E937EB3E5B5465B6F47 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys</div>

<div>00:46:25.0031 3108  Cdfs - ok</div>

<div>00:46:25.0046 3108  [ 1F29616B1FC4D66A988CF97531BCF729 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys</div>

<div>00:46:25.0046 3108  Cdrom - ok</div>

<div>00:46:25.0046 3108  Changer - ok</div>

<div>00:46:25.0125 3108  [ CA9FC4595227ECAA22CF29911A218A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe</div>

<div>00:46:25.0140 3108  CiSvc - ok</div>

<div>00:46:25.0156 3108  [ B3D97F1D9725A949B9EB190D8A699D24 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe</div>

<div>00:46:25.0156 3108  ClipSrv - ok</div>

<div>00:46:25.0187 3108  [ 36EF0B68CFBBD997045EC5C8CBD78710 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys</div>

<div>00:46:25.0187 3108  CmBatt - ok</div>

<div>00:46:25.0187 3108  CmdIde - ok</div>

<div>00:46:25.0203 3108  [ 04DAD72F2CA2DCDBC4AF1EDE202331CE ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys</div>

<div>00:46:25.0203 3108  Compbatt - ok</div>

<div>00:46:25.0218 3108  COMSysApp - ok</div>

<div>00:46:25.0250 3108  Cpqarray - ok</div>

<div>00:46:25.0328 3108  [ B81BA41FE68A70C0FC429BBEFC547739 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll</div>

<div>00:46:25.0328 3108  CryptSvc - ok</div>

<div>00:46:25.0328 3108  dac2w2k - ok</div>

<div>00:46:25.0343 3108  dac960nt - ok</div>

<div>00:46:25.0421 3108  [ 70ABA737C26F576BD04F108E22FE8A8A ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll</div>

<div>00:46:25.0437 3108  DcomLaunch - ok</div>

<div>00:46:25.0468 3108  [ 1CCE370E4208B753586C0A1D88DAC6B6 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll</div>

<div>00:46:25.0484 3108  Dhcp - ok</div>

<div>00:46:25.0484 3108  [ 023712144C69E60FCB662CDA2715BF16 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys</div>

<div>00:46:25.0484 3108  Disk - ok</div>

<div>00:46:25.0500 3108  dmadmin - ok</div>

<div>00:46:25.0546 3108  [ 1E5C89A65465F6D9674898EB4989CB86 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys</div>

<div>00:46:25.0562 3108  dmboot - ok</div>

<div>00:46:25.0578 3108  [ 6CF151F832EC417FFAF68F20ED7D39FB ] dmio            C:\WINDOWS\system32\drivers\dmio.sys</div>

<div>00:46:25.0578 3108  dmio - ok</div>

<div>00:46:25.0640 3108  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys</div>

<div>00:46:25.0640 3108  dmload - ok</div>

<div>00:46:25.0656 3108  [ 8446808AA975A12F1D76B1C03A0B0F13 ] dmserver        C:\WINDOWS\System32\dmserver.dll</div>

<div>00:46:25.0656 3108  dmserver - ok</div>

<div>00:46:25.0703 3108  [ C561840C22148F5AFFB659D547EFDBB0 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys</div>

<div>00:46:25.0703 3108  DMusic - ok</div>

<div>00:46:25.0734 3108  [ F0AB10362C34E0FDC03FB8E029D07984 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll</div>

<div>00:46:25.0734 3108  Dnscache - ok</div>

<div>00:46:25.0796 3108  [ 2AFB6DA63E0DB5B0952E57DDD7832A0C ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll</div>

<div>00:46:25.0796 3108  Dot3svc - ok</div>

<div>00:46:25.0812 3108  dpti2o - ok</div>

<div>00:46:25.0843 3108  [ C13EE685AA1A8950146F7F968EB090BD ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys</div>

<div>00:46:25.0843 3108  drmkaud - ok</div>

<div>00:46:25.0890 3108  [ C0C7CECCB6C85994C2BC92D58E52D3F2 ] dtsoftbus01     C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys</div>

<div>00:46:25.0890 3108  dtsoftbus01 - ok</div>

<div>00:46:25.0906 3108  [ EA946F418A8B152E068991A5ED68CF32 ] EapHost         C:\WINDOWS\System32\eapsvc.dll</div>

<div>00:46:25.0921 3108  EapHost - ok</div>

<div>00:46:25.0953 3108  [ D3C4835319F9E6E589F335BCFD261AF4 ] ERSvc           C:\WINDOWS\System32\ersvc.dll</div>

<div>00:46:25.0953 3108  ERSvc - ok</div>

<div>00:46:25.0984 3108  [ 76727219614A50B2DB29BD0CDA4260D5 ] Eventlog        C:\WINDOWS\system32\services.exe</div>

<div>00:46:26.0000 3108  Eventlog - ok</div>

<div>00:46:26.0015 3108  [ 56F40DEC4F1A4595BE3B092E38B07C07 ] EventSystem     C:\WINDOWS\system32\es.dll</div>

<div>00:46:26.0031 3108  EventSystem - ok</div>

<div>00:46:26.0062 3108  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys</div>

<div>00:46:26.0062 3108  ew_hwusbdev - ok</div>

<div>00:46:26.0093 3108  [ F696CF49C72F50EA0C1038C2DAA98A00 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys</div>

<div>00:46:26.0109 3108  Fastfat - ok</div>

<div>00:46:26.0109 3108  [ BB897A6E8434984742173BD13CD67CE5 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll</div>

<div>00:46:26.0125 3108  FastUserSwitchingCompatibility - ok</div>

<div>00:46:26.0140 3108  [ 650FA0D37498F9E2B201A09DBCA0B85B ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys</div>

<div>00:46:26.0156 3108  Fdc - ok</div>

<div>00:46:26.0156 3108  [ 74947FD2D6A9151C0BB9C72BDAF0E894 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys</div>

<div>00:46:26.0156 3108  Fips - ok</div>

<div>00:46:26.0171 3108  flash - ok</div>

<div>00:46:26.0281 3108  [ D778107D7C2A19D7E7A884A9F0D79581 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe</div>

<div>00:46:26.0296 3108  FLEXnet Licensing Service - ok</div>

<div>00:46:26.0328 3108  [ 3B8607A2BF5AEC3DAB18CF3612C07C1D ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys</div>

<div>00:46:26.0328 3108  Flpydisk - ok</div>

<div>00:46:26.0359 3108  [ 87EC219A7AE5553144E2086D2D7DAA8A ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys</div>

<div>00:46:26.0359 3108  FltMgr - ok</div>

<div>00:46:26.0359 3108  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys</div>

<div>00:46:26.0375 3108  Fs_Rec - ok</div>

<div>00:46:26.0390 3108  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys</div>

<div>00:46:26.0406 3108  Ftdisk - ok</div>

<div>00:46:26.0453 3108  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys</div>

<div>00:46:26.0453 3108  GEARAspiWDM - ok</div>

<div>00:46:26.0484 3108  [ 9479C26A5691CCEA495E2438EF11C948 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys</div>

<div>00:46:26.0484 3108  Gpc - ok</div>

<div>00:46:26.0515 3108  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cac3e2ce595d4e C:\Program Files\Google\Update\GoogleUpdate.exe</div>

<div>00:46:26.0515 3108  gupdate1cac3e2ce595d4e - ok</div>

<div>00:46:26.0531 3108  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe</div>

<div>00:46:26.0531 3108  gupdatem - ok</div>

<div>00:46:26.0546 3108  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys</div>

<div>00:46:26.0562 3108  HDAudBus - ok</div>

<div>00:46:26.0609 3108  [ 546BCC75CCBFEF49802C9DEF61DE981E ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll</div>

<div>00:46:26.0609 3108  helpsvc - ok</div>

<div>00:46:26.0640 3108  [ E87896EF45AC2E75053A9AFAC343AAFC ] HidServ         C:\WINDOWS\System32\hidserv.dll</div>

<div>00:46:26.0640 3108  HidServ - ok</div>

<div>00:46:26.0671 3108  [ 5F845228561E9545EDC6F9EBFA15D338 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys</div>

<div>00:46:26.0671 3108  hidusb - ok</div>

<div>00:46:26.0703 3108  [ 2E417CA3C2693F7355492B5EDFD0F0AE ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll</div>

<div>00:46:26.0703 3108  hkmsvc - ok</div>

<div>00:46:26.0718 3108  hpn - ok</div>

<div>00:46:26.0812 3108  [ A9D737D909F5309C66B4C71506C05A87 ] hspa_zi_cdc_acm C:\WINDOWS\system32\DRIVERS\hspa_zi_cdc_acm.sys</div>

<div>00:46:26.0812 3108  hspa_zi_cdc_acm - ok</div>

<div>00:46:26.0843 3108  [ DA4C212B079B2E574B79B61105BFFB27 ] hspa_zi_cdc_ecm C:\WINDOWS\system32\DRIVERS\hspa_zi_cdc_ecm.sys</div>

<div>00:46:26.0843 3108  hspa_zi_cdc_ecm - ok</div>

<div>00:46:26.0875 3108  [ E9BC7D5E6DB5407408194633D35590BD ] hspa_zi_ecm_enum C:\WINDOWS\system32\DRIVERS\hspa_zi_ecm_enum.sys</div>

<div>00:46:26.0875 3108  hspa_zi_ecm_enum - ok</div>

<div>00:46:26.0906 3108  [ E9BC7D5E6DB5407408194633D35590BD ] hspa_zi_ecm_enum_filter C:\WINDOWS\system32\DRIVERS\hspa_zi_ecm_enum_filter.sys</div>

<div>00:46:26.0906 3108  hspa_zi_ecm_enum_filter - ok</div>

<div>00:46:26.0937 3108  [ 6361F419C1DFD5141702A90D93DBF569 ] HssDrv          C:\WINDOWS\system32\DRIVERS\HssDrv.sys</div>

<div>00:46:26.0937 3108  HssDrv - ok</div>

<div>00:46:26.0968 3108  [ 681AFD0F5D6A12BE948181B11A7F80A6 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys</div>

<div>00:46:26.0968 3108  HTTP - ok</div>

<div>00:46:27.0015 3108  [ 1E01E83A8B0FACE497DCA0D99624501B ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll</div>

<div>00:46:27.0015 3108  HTTPFilter - ok</div>

<div>00:46:27.0046 3108  [ 018B56F099B35E2335B962A68BDF7260 ] huawei_cdcacm   C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys</div>

<div>00:46:27.0046 3108  huawei_cdcacm - ok</div>

<div>00:46:27.0078 3108  [ C2212C930D7A6CC21972B9882683D271 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys</div>

<div>00:46:27.0078 3108  huawei_enumerator - ok</div>

<div>00:46:27.0093 3108  hwdatacard - ok</div>

<div>00:46:27.0109 3108  hwusbfake - ok</div>

<div>00:46:27.0109 3108  i2omgmt - ok</div>

<div>00:46:27.0125 3108  i2omp - ok</div>

<div>00:46:27.0218 3108  [ 30ABE7000DF369D8B1C4174429260AAD ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys</div>

<div>00:46:27.0218 3108  i8042prt - ok</div>

<div>00:46:27.0375 3108  [ 66A685B05066683621920BC14A45CFE8 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys</div>

<div>00:46:27.0578 3108  ialm - ok</div>

<div>00:46:27.0578 3108  [ E32BF30D20B5C162775F9A3451E87B67 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys</div>

<div>00:46:27.0593 3108  Imapi - ok</div>

<div>00:46:27.0703 3108  [ B6028C0C3102A132A7421102B6C2015E ] ImapiService    C:\WINDOWS\system32\imapi.exe</div>

<div>00:46:27.0718 3108  ImapiService - ok</div>

<div>00:46:27.0734 3108  ini910u - ok</div>

<div>00:46:27.0906 3108  [ 816A4F17DFFDEEB01896FE05991838E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys</div>

<div>00:46:28.0062 3108  IntcAzAudAddService - ok</div>

<div>00:46:28.0062 3108  IntelIde - ok</div>

<div>00:46:28.0093 3108  [ B3731CA1BDB32F83C817263646C31C15 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys</div>

<div>00:46:28.0093 3108  intelppm - ok</div>

<div>00:46:28.0140 3108  [ EF9BB587E33C2C245B5B83E882501FF6 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys</div>

<div>00:46:28.0140 3108  Ip6Fw - ok</div>

<div>00:46:28.0187 3108  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys</div>

<div>00:46:28.0187 3108  IpFilterDriver - ok</div>

<div>00:46:28.0203 3108  [ 30ABA7A3F81E4B76C963CD6CAA23CB49 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys</div>

<div>00:46:28.0203 3108  IpInIp - ok</div>

<div>00:46:28.0218 3108  [ EEB5787BD1445C8DC592F40691781774 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys</div>

<div>00:46:28.0218 3108  IpNat - ok</div>

<div>00:46:28.0250 3108  [ BFEA19DAFF955239A16A80C3CDF64FBE ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys</div>

<div>00:46:28.0250 3108  IPSec - ok</div>

<div>00:46:28.0265 3108  [ 64E28D94089CFF1C3C77F02F99FFAC3F ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys</div>

<div>00:46:28.0265 3108  IRENUM - ok</div>

<div>00:46:28.0296 3108  [ 81A40A1118265DFC09C036F7776EBCC0 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys</div>

<div>00:46:28.0296 3108  isapnp - ok</div>

<div>00:46:28.0343 3108  [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys</div>

<div>00:46:28.0343 3108  ISWKL - ok</div>

<div>00:46:28.0375 3108  [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe</div>

<div>00:46:28.0390 3108  IswSvc - ok</div>

<div>00:46:28.0500 3108  [ 1758AF653723679E3746FC7DDD93C69B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe</div>

<div>00:46:28.0515 3108  JavaQuickStarterService - ok</div>

<div>00:46:28.0562 3108  [ 8949E67E557527046E2E232D6E128717 ] k57w2k          C:\WINDOWS\system32\DRIVERS\k57xp32.sys</div>

<div>00:46:28.0562 3108  k57w2k - ok</div>

<div>00:46:28.0593 3108  [ 4FF969B48F320F6CE0B07247069C4C22 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys</div>

<div>00:46:28.0593 3108  Kbdclass - ok</div>

<div>00:46:28.0609 3108  [ 55E8D7039254728E9F071118184FF53B ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys</div>

<div>00:46:28.0625 3108  kmixer - ok</div>

<div>00:46:28.0640 3108  [ 23EA4C1A4CA28FD766ED2D3A5BEAEE3F ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys</div>

<div>00:46:28.0656 3108  KSecDD - ok</div>

<div>00:46:28.0671 3108  [ D0546E97612635358B6428008A9C5A6E ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll</div>

<div>00:46:28.0671 3108  lanmanserver - ok</div>

<div>00:46:28.0687 3108  [ 7FC4C7D670CA8B61F500F4A09E5A2EB1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll</div>

<div>00:46:28.0703 3108  lanmanworkstation - ok</div>

<div>00:46:28.0703 3108  lbrtfdc - ok</div>

<div>00:46:28.0828 3108  [ 8173854F8474C3DDAE5562113E99D14E ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll</div>

<div>00:46:28.0828 3108  LmHosts - ok</div>

<div>00:46:28.0890 3108  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe</div>

<div>00:46:28.0890 3108  MDM - ok</div>

<div>00:46:28.0921 3108  [ CDA1A5CAC8C9D090079B93B8A1EC3F2C ] Messenger       C:\WINDOWS\System32\msgsvc.dll</div>

<div>00:46:28.0921 3108  Messenger - ok</div>

<div>00:46:28.0953 3108  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys</div>

<div>00:46:28.0953 3108  mnmdd - ok</div>

<div>00:46:28.0984 3108  [ 9DA90C3AEA0D4467C2193A5FA7F2B111 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe</div>

<div>00:46:28.0984 3108  mnmsrvc - ok</div>

<div>00:46:29.0000 3108  [ ADD0BB36498E4DA9B1B6A3E201B60A18 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys</div>

<div>00:46:29.0000 3108  Modem - ok</div>

<div>00:46:29.0093 3108  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys</div>

<div>00:46:29.0125 3108  Monfilt - ok</div>

<div>00:46:29.0140 3108  [ E70558B84CB0CB9C739CC48EAD2A4323 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys</div>

<div>00:46:29.0140 3108  Mouclass - ok</div>

<div>00:46:29.0156 3108  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys</div>

<div>00:46:29.0156 3108  mouhid - ok</div>

<div>00:46:29.0171 3108  [ 07BE8CAFD246A7DFB7FD4A387E936E92 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys</div>

<div>00:46:29.0171 3108  MountMgr - ok</div>

<div>00:46:29.0187 3108  mraid35x - ok</div>

<div>00:46:29.0187 3108  [ AC816EFF53BCA79369F0B8643165368C ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys</div>

<div>00:46:29.0203 3108  MRxDAV - ok</div>

<div>00:46:29.0218 3108  [ 73484C0377FEFA76A4DDD48112EC93A3 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys</div>

<div>00:46:29.0234 3108  MRxSmb - ok</div>

<div>00:46:29.0328 3108  [ 508CCBA132DE09156DAABD5DF141923E ] MSDTC           C:\WINDOWS\system32\msdtc.exe</div>

<div>00:46:29.0328 3108  MSDTC - ok</div>

<div>00:46:29.0328 3108  [ 4D563545581E72C477AB00741B119853 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys</div>

<div>00:46:29.0343 3108  Msfs - ok</div>

<div>00:46:29.0343 3108  MSIServer - ok</div>

<div>00:46:29.0468 3108  [ B16206732E541C04C1860D84447EF5BF ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys</div>

<div>00:46:29.0468 3108  MSKSSRV - ok</div>

<div>00:46:29.0484 3108  [ BD33CFA58C156CBD5419A87C3A4CD0B2 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys</div>

<div>00:46:29.0484 3108  MSPCLOCK - ok</div>

<div>00:46:29.0515 3108  [ A7EC2F88FAE0F03252A60950660CC3E1 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys</div>

<div>00:46:29.0515 3108  MSPQM - ok</div>

<div>00:46:29.0546 3108  [ F41814FD8811B2BA2A43A79AA8CCE82A ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys</div>

<div>00:46:29.0546 3108  mssmbios - ok</div>

<div>00:46:29.0562 3108  [ 330D6D5DD6A02B8DE42E3E80646B0BF5 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys</div>

<div>00:46:29.0562 3108  MSTEE - ok</div>

<div>00:46:29.0578 3108  [ 2BB00D68CC9FBDA1EE3D9BAB9E4FD620 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys</div>

<div>00:46:29.0578 3108  Mup - ok</div>

<div>00:46:29.0593 3108  [ DA2FC70D610C065325612735E7356756 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys</div>

<div>00:46:29.0609 3108  NABTSFEC - ok</div>

<div>00:46:29.0656 3108  [ 1CEC9008BC720274F6BCDD800D934642 ] napagent        C:\WINDOWS\System32\qagentrt.dll</div>

<div>00:46:29.0656 3108  napagent - ok</div>

<div>00:46:29.0687 3108  [ D1B364F049EB84A883C8A45D3B92FF3B ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys</div>

<div>00:46:29.0687 3108  NDIS - ok</div>

<div>00:46:29.0703 3108  [ D4C3610766DA2367E0D219969A1BCAEE ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys</div>

<div>00:46:29.0703 3108  NdisIP - ok</div>

<div>00:46:29.0718 3108  [ 7D0D0F2BF199C2DF0A9D1B01406168AC ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys</div>

<div>00:46:29.0718 3108  NdisTapi - ok</div>

<div>00:46:29.0734 3108  [ E8969046DC350ECD1E9209DFE341C170 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys</div>

<div>00:46:29.0734 3108  Ndisuio - ok</div>

<div>00:46:29.0765 3108  [ 266FDED9836490FF227AD13E677BA4FB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys</div>

<div>00:46:29.0765 3108  NdisWan - ok</div>

<div>00:46:29.0796 3108  [ 5AA58D218431C79E36A4878F18414637 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys</div>

<div>00:46:29.0796 3108  NDProxy - ok</div>

<div>00:46:29.0812 3108  [ C70B403D8158E11BF0D43D5B153CBE6B ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys</div>

<div>00:46:29.0812 3108  NetBIOS - ok</div>

<div>00:46:29.0828 3108  [ C181E1F7A2A251B7AF6352DCBD8457F3 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys</div>

<div>00:46:29.0828 3108  NetBT - ok</div>

<div>00:46:29.0859 3108  [ B7FBB08BB1328BB977DDCC533C9F2938 ] NetDDE          C:\WINDOWS\system32\netdde.exe</div>

<div>00:46:29.0859 3108  NetDDE - ok</div>

<div>00:46:29.0875 3108  [ B7FBB08BB1328BB977DDCC533C9F2938 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe</div>

<div>00:46:29.0875 3108  NetDDEdsdm - ok</div>

<div>00:46:29.0890 3108  [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] Netlogon        C:\WINDOWS\system32\lsass.exe</div>

<div>00:46:29.0890 3108  Netlogon - ok</div>

<div>00:46:29.0906 3108  [ 926F0847887C38D0C6F8C1AEF4E45E98 ] Netman          C:\WINDOWS\System32\netman.dll</div>

<div>00:46:29.0921 3108  Netman - ok</div>

<div>00:46:29.0937 3108  [ B826B6672072189E002A27C72C1BDCAC ] Nla             C:\WINDOWS\System32\mswsock.dll</div>

<div>00:46:29.0937 3108  Nla - ok</div>

<div>00:46:29.0968 3108  [ B5EFDDCD8A686C4999AFD1D7EC29FA12 ] nlsX86cc        C:\WINDOWS\system32\nlssrv32.exe</div>

<div>00:46:29.0984 3108  nlsX86cc - ok</div>

<div>00:46:30.0015 3108  [ 20C123AFC574ABF76BA35D39C26AE6DF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys</div>

<div>00:46:30.0015 3108  Npfs - ok</div>

<div>00:46:30.0031 3108  [ 34A993D7E519364F5D548B5726917753 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys</div>

<div>00:46:30.0046 3108  Ntfs - ok</div>

<div>00:46:30.0062 3108  [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] NtLmSsp         C:\WINDOWS\system32\lsass.exe</div>

<div>00:46:30.0062 3108  NtLmSsp - ok</div>

<div>00:46:30.0093 3108  [ 4E1F925E4CBFFC853A96C2D88D0A88E3 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll</div>

<div>00:46:30.0109 3108  NtmsSvc - ok</div>

<div>00:46:30.0125 3108  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys</div>

<div>00:46:30.0125 3108  Null - ok</div>

<div>00:46:30.0156 3108  [ DAD1910A3A43C9D5865E7628E81D5EB5 ] NWCWorkstation  C:\WINDOWS\System32\nwwks.dll</div>

<div>00:46:30.0156 3108  NWCWorkstation - ok</div>

<div>00:46:30.0203 3108  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys</div>

<div>00:46:30.0203 3108  NwlnkFlt - ok</div>

<div>00:46:30.0203 3108  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys</div>

<div>00:46:30.0218 3108  NwlnkFwd - ok</div>

<div>00:46:30.0250 3108  [ 6FD296F9A891C2CA812C0F90015EF55B ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys</div>

<div>00:46:30.0265 3108  NwlnkIpx - ok</div>

<div>00:46:30.0265 3108  [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys</div>

<div>00:46:30.0281 3108  NwlnkNb - ok</div>

<div>00:46:30.0296 3108  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys</div>

<div>00:46:30.0296 3108  NwlnkSpx - ok</div>

<div>00:46:30.0328 3108  [ 6662B694F1B38273127B3640BC40A460 ] NWRDR           C:\WINDOWS\system32\DRIVERS\nwrdr.sys</div>

<div>00:46:30.0328 3108  NWRDR - ok</div>

<div>00:46:30.0343 3108  [ 10572A94D8978619CE4845FE8595C9A5 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys</div>

<div>00:46:30.0359 3108  Parport - ok</div>

<div>00:46:30.0375 3108  [ 67075DA61516ADEDD710A9DA6C6C8ACB ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys</div>

<div>00:46:30.0375 3108  PartMgr - ok</div>

<div>00:46:30.0406 3108  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys</div>

<div>00:46:30.0406 3108  ParVdm - ok</div>

<div>00:46:30.0437 3108  [ F3CEBED46DC3A7F1758745C1D1FA5FCF ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys</div>

<div>00:46:30.0453 3108  PCI - ok</div>

<div>00:46:30.0468 3108  PCIDump - ok</div>

<div>00:46:30.0500 3108  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys</div>

<div>00:46:30.0500 3108  PCIIde - ok</div>

<div>00:46:30.0515 3108  [ 1EC157CB90D06455D67C007ADA4973AC ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys</div>

<div>00:46:30.0515 3108  Pcmcia - ok</div>

<div>00:46:30.0531 3108  PDCOMP - ok</div>

<div>00:46:30.0546 3108  PDFRAME - ok</div>

<div>00:46:30.0546 3108  PDRELI - ok</div>

<div>00:46:30.0562 3108  PDRFRAME - ok</div>

<div>00:46:30.0578 3108  perc2 - ok</div>

<div>00:46:30.0593 3108  perc2hib - ok</div>

<div>00:46:30.0656 3108  [ 76727219614A50B2DB29BD0CDA4260D5 ] PlugPlay        C:\WINDOWS\system32\services.exe</div>

<div>00:46:30.0656 3108  PlugPlay - ok</div>

<div>00:46:30.0687 3108  [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] PolicyAgent     C:\WINDOWS\system32\lsass.exe</div>

<div>00:46:30.0687 3108  PolicyAgent - ok</div>

<div>00:46:30.0718 3108  [ 87D6A848DC367056778168D40A6F1A70 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys</div>

<div>00:46:30.0718 3108  PptpMiniport - ok</div>

<div>00:46:30.0734 3108  [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] ProtectedStorage C:\WINDOWS\system32\lsass.exe</div>

<div>00:46:30.0734 3108  ProtectedStorage - ok</div>

<div>00:46:30.0750 3108  [ 8DC29E493CCE832784A60BF7C120F132 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys</div>

<div>00:46:30.0750 3108  PSched - ok</div>

<div>00:46:30.0781 3108  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys</div>

<div>00:46:30.0781 3108  Ptilink - ok</div>

<div>00:46:30.0812 3108  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys</div>

<div>00:46:30.0812 3108  PxHelp20 - ok</div>

<div>00:46:30.0828 3108  ql1080 - ok</div>

<div>00:46:30.0843 3108  Ql10wnt - ok</div>

<div>00:46:30.0843 3108  ql12160 - ok</div>

<div>00:46:30.0859 3108  ql1240 - ok</div>

<div>00:46:30.0875 3108  ql1280 - ok</div>

<div>00:46:30.0890 3108  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys</div>

<div>00:46:30.0890 3108  RasAcd - ok</div>

<div>00:46:30.0937 3108  [ F251AA303981CDB9C0DB1D3B4E10AADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll</div>

<div>00:46:30.0953 3108  RasAuto - ok</div>

<div>00:46:31.0062 3108  [ DBC6AEDA3111EDAF60948FC063565006 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys</div>

<div>00:46:31.0078 3108  Rasl2tp - ok</div>

<div>00:46:31.0109 3108  [ 5790FB0CA1E1478172AA00FA365B9AB3 ] RasMan          C:\WINDOWS\System32\rasmans.dll</div>

<div>00:46:31.0140 3108  RasMan - ok</div>

<div>00:46:31.0156 3108  [ 96467FC3E135F0B174B8978BD8CE69F9 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys</div>

<div>00:46:31.0156 3108  RasPppoe - ok</div>

<div>00:46:31.0156 3108  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys</div>

<div>00:46:31.0171 3108  Raspti - ok</div>

<div>00:46:31.0218 3108  [ 1116A775BFA71F2C13F3D420DA455FF2 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys</div>

<div>00:46:31.0218 3108  Rdbss - ok</div>

<div>00:46:31.0218 3108  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys</div>

<div>00:46:31.0234 3108  RDPCDD - ok</div>

<div>00:46:31.0250 3108  [ 9B7B9221177C83C7CBFD20B4B67F23DC ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys</div>

<div>00:46:31.0250 3108  rdpdr - ok</div>

<div>00:46:31.0265 3108  [ 0CD1BDA7F6848E4DE4EED3D36874FFB5 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys</div>

<div>00:46:31.0281 3108  RDPWD - ok</div>

<div>00:46:31.0296 3108  [ A06AC4784C970B14631997181E6DADC2 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe</div>

<div>00:46:31.0296 3108  RDSessMgr - ok</div>

<div>00:46:31.0328 3108  [ 11540F52CBC8A4C97467579BBF7FFAE2 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys</div>

<div>00:46:31.0328 3108  redbook - ok</div>

<div>00:46:31.0375 3108  [ 07CEB5F794F9D58DE068E4B50280E993 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll</div>

<div>00:46:31.0375 3108  RemoteAccess - ok</div>

<div>00:46:31.0406 3108  [ 13DA5B9187E209B26D8758B398DFC89A ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll</div>

<div>00:46:31.0406 3108  RemoteRegistry - ok</div>

<div>00:46:31.0453 3108  [ AB1E7F4BF9E0AA25281C8B3EF049257D ] RpcLocator      C:\WINDOWS\system32\locator.exe</div>

<div>00:46:31.0453 3108  RpcLocator - ok</div>

<div>00:46:31.0484 3108  [ 70ABA737C26F576BD04F108E22FE8A8A ] RpcSs           C:\WINDOWS\system32\rpcss.dll</div>

<div>00:46:31.0484 3108  RpcSs - ok</div>

<div>00:46:31.0515 3108  [ A7557CAA7253DE02B40996EF9A478FAB ] RSUSBSTOR       C:\WINDOWS\system32\Drivers\RTS5121.sys</div>

<div>00:46:31.0531 3108  RSUSBSTOR - ok</div>

<div>00:46:31.0562 3108  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe</div>

<div>00:46:31.0562 3108  RSVP - ok</div>

<div>00:46:31.0578 3108  Rts516xIR - ok</div>

<div>00:46:31.0953 3108  [ 4DD0637AE896EB8E00DF331D1CCCFC5C ] SamSs           C:\WINDOWS\system32\lsass.exe</div>

<div>00:46:31.0953 3108  SamSs - ok</div>

<div>00:46:32.0234 3108  [ B63D9939AB3247FB668C1115AC5B3A25 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe</div>

<div>00:46:32.0250 3108  SCardSvr - ok</div>

<div>00:46:32.0375 3108  [ D79E3CD9BCD39BB2D611F0401418D714 ] Schedule        C:\WINDOWS\system32\schedsvc.dll</div>

<div>00:46:32.0781 3108  Schedule - ok</div>

<div>00:46:32.0843 3108  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys</div>

<div>00:46:32.0843 3108  Secdrv - ok</div>

<div>00:46:32.0890 3108  [ 47B0B17D193B9317F2F47AD8EB884098 ] seclogon        C:\WINDOWS\System32\seclogon.dll</div>

<div>00:46:32.0906 3108  seclogon - ok</div>

<div>00:46:32.0921 3108  [ F67206DFD3610FECB83AA65E77431192 ] SENS            C:\WINDOWS\system32\sens.dll</div>

<div>00:46:32.0937 3108  SENS - ok</div>

<div>00:46:32.0953 3108  [ 471168D4B9ADFD1F9E692F8779455188 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys</div>

<div>00:46:32.0953 3108  Serial - ok</div>

<div>00:46:32.0984 3108  [ DC495A349DFD94FBFE4CF0689ED647B2 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys</div>

<div>00:46:32.0984 3108  Sfloppy - ok</div>

<div>00:46:33.0031 3108  [ DA9222DF50B74641658BE5B23B649016 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll</div>

<div>00:46:33.0046 3108  SharedAccess - ok</div>

<div>00:46:33.0062 3108  [ BB897A6E8434984742173BD13CD67CE5 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll</div>

<div>00:46:33.0078 3108  ShellHWDetection - ok</div>

<div>00:46:33.0093 3108  Simbad - ok</div>

<div>00:46:33.0140 3108  [ E0211E7E0D9CF5672174014BC6524E79 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe</div>

<div>00:46:33.0140 3108  SkypeUpdate - ok</div>

<div>00:46:33.0171 3108  [ 70B574953C6062F28C3DCF2394C7DDDE ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys</div>

<div>00:46:33.0171 3108  SLIP - ok</div>

<div>00:46:33.0250 3108  [ 9425C8E33FF31194F61D751C24A1AB5B ] SNP2UVC         C:\WINDOWS\system32\DRIVERS\snp2uvc.sys</div>

<div>00:46:33.0296 3108  SNP2UVC - ok</div>

<div>00:46:33.0312 3108  Sparrow - ok</div>

<div>00:46:33.0343 3108  [ E477A633EA2D387788879A30666E5998 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys</div>

<div>00:46:33.0343 3108  splitter - ok</div>

<div>00:46:33.0390 3108  [ 0DD64932B9A6394B53222B7FD294D12A ] Spooler         C:\WINDOWS\system32\spoolsv.exe</div>

<div>00:46:33.0406 3108  Spooler - ok</div>

<div>00:46:33.0437 3108  [ 8EC0EC1508D5C0DC9F0A46B264B41BFF ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys</div>

<div>00:46:33.0453 3108  sr - ok</div>

<div>00:46:33.0562 3108  [ 70BF530F3B28242FD6B2E558219316EB ] srservice       C:\WINDOWS\system32\srsvc.dll</div>

<div>00:46:33.0578 3108  srservice - ok</div>

<div>00:46:33.0593 3108  [ 388A576B405FD4C8A4886AA872E8E0F1 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys</div>

<div>00:46:33.0609 3108  Srv - ok</div>

<div>00:46:33.0687 3108  [ AC1BC4FC0F1D0AA39DD487A277F90BC8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll</div>

<div>00:46:33.0703 3108  SSDPSRV - ok</div>

<div>00:46:33.0812 3108  [ 12B5747B7B6B951075EE277400828E89 ] stisvc          C:\WINDOWS\system32\wiaservc.dll</div>

<div>00:46:33.0843 3108  stisvc - ok</div>

<div>00:46:33.0890 3108  [ FC2870338F6A08A562D6BEF72E66F478 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys</div>

<div>00:46:33.0890 3108  streamip - ok</div>

<div>00:46:33.0906 3108  [ A5491F57E70167A10ED40E19D36EDD13 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys</div>

<div>00:46:33.0906 3108  swenum - ok</div>

<div>00:46:33.0953 3108  [ 5F8AB2829C52609E03560725EAF167F9 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys</div>

<div>00:46:33.0953 3108  swmidi - ok</div>

<div>00:46:33.0968 3108  SwPrv - ok</div>

<div>00:46:33.0984 3108  symc810 - ok</div>

<div>00:46:34.0015 3108  symc8xx - ok</div>

<div>00:46:34.0031 3108  sym_hi - ok</div>

<div>00:46:34.0046 3108  sym_u3 - ok</div>

<div>00:46:34.0109 3108  [ AEE6E411A915F50101895BA8DC5C15D4 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys</div>

<div>00:46:34.0109 3108  SynTP - ok</div>

<div>00:46:34.0140 3108  [ FEAEE2DF25F435C153756707321BBF46 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys</div>

<div>00:46:34.0140 3108  sysaudio - ok</div>

<div>00:46:34.0171 3108  [ 0213F33C12AD17FCD77AF5F1E854C92C ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe</div>

<div>00:46:34.0187 3108  SysmonLog - ok</div>

<div>00:46:34.0218 3108  [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys</div>

<div>00:46:34.0218 3108  taphss - ok</div>

<div>00:46:34.0265 3108  [ FF86C8AF96C3FFEEF236C9433401FEC3 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll</div>

<div>00:46:34.0281 3108  TapiSrv - ok</div>

<div>00:46:34.0328 3108  [ 19EBDA988DA80F133DC9E28A50F606E8 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys</div>

<div>00:46:34.0343 3108  Tcpip - ok</div>

<div>00:46:34.0359 3108  [ 76AFDFEA26D4CB16E81FA32A22C34376 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys</div>

<div>00:46:34.0375 3108  TDPIPE - ok</div>

<div>00:46:34.0390 3108  [ 2FC82251C9E895AA48624EBE05E5774E ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys</div>

<div>00:46:34.0390 3108  TDTCP - ok</div>

<div>00:46:34.0406 3108  [ 4E55B6F75AD92F13D6ABBF8D767CBCEC ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys</div>

<div>00:46:34.0421 3108  TermDD - ok</div>

<div>00:46:34.0453 3108  [ 03178DA1A2B7C9B918E5062B2080D732 ] TermService     C:\WINDOWS\System32\termsrv.dll</div>

<div>00:46:34.0484 3108  TermService - ok</div>

<div>00:46:34.0500 3108  [ BB897A6E8434984742173BD13CD67CE5 ] Themes          C:\WINDOWS\System32\shsvcs.dll</div>

<div>00:46:34.0515 3108  Themes - ok</div>

<div>00:46:34.0546 3108  [ 4C678B7DC9B005A1B12FEDCB3A44E35F ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe</div>

<div>00:46:34.0562 3108  TlntSvr - ok</div>

<div>00:46:34.0578 3108  TosIde - ok</div>

<div>00:46:34.0656 3108  [ 65206F5582D60DB2234A4900F280BDB0 ] TrkWks          C:\WINDOWS\system32\trkwks.dll</div>

<div>00:46:34.0656 3108  TrkWks - ok</div>

<div>00:46:34.0734 3108  [ 90374E55F93F2883377902CB9CBFC6DB ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys</div>

<div>00:46:34.0734 3108  Udfs - ok</div>

<div>00:46:34.0750 3108  ultra - ok</div>

<div>00:46:34.0890 3108  [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe</div>

<div>00:46:34.0906 3108  UMWdf - ok</div>

<div>00:46:34.0953 3108  [ 415C2A770F4B6932308F9DE7B19B3139 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys</div>

<div>00:46:34.0968 3108  Update - ok</div>

<div>00:46:34.0984 3108  [ 0EE265DBFD98DB023716C50CFE1521F0 ] upnphost        C:\WINDOWS\System32\upnphost.dll</div>

<div>00:46:35.0015 3108  upnphost - ok</div>

<div>00:46:35.0031 3108  [ 547DB36696544C3401563AA3772D6376 ] UPS             C:\WINDOWS\System32\ups.exe</div>

<div>00:46:35.0046 3108  UPS - ok</div>

<div>00:46:35.0078 3108  [ B24CFF43DEB7AC8F2AC0F2FB8A4CE16D ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys</div>

<div>00:46:35.0078 3108  usbaudio - ok</div>

<div>00:46:35.0109 3108  [ 9A0A8BE756BD7A9BAD4A3D0E9FA7BD79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys</div>

<div>00:46:35.0109 3108  usbccgp - ok</div>

<div>00:46:35.0125 3108  USBCCID - ok</div>

<div>00:46:35.0140 3108  [ D37FEE874B49D951F68E788D40D8C196 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys</div>

<div>00:46:35.0140 3108  usbehci - ok</div>

<div>00:46:35.0171 3108  [ 8167383FE00199108F63269C2B8A99E1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys</div>

<div>00:46:35.0171 3108  usbhub - ok</div>

<div>00:46:35.0203 3108  [ 5BE9C3F196C607AAA072ED660F9C0423 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys</div>

<div>00:46:35.0218 3108  usbscan - ok</div>

<div>00:46:35.0218 3108  [ E3EEF7AE5105A9F99B1807031EDB4171 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS</div>

<div>00:46:35.0234 3108  USBSTOR - ok</div>

<div>00:46:35.0296 3108  [ B02ADDB9A345CBAE360A29B2865C36A1 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys</div>

<div>00:46:35.0296 3108  usbuhci - ok</div>

<div>00:46:35.0312 3108  [ EC8D4524FB0D96B4E9AB5AB0A49CAA31 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys</div>

<div>00:46:35.0328 3108  usbvideo - ok</div>

<div>00:46:35.0343 3108  [ CC1F0DD100F577E9B029547FEE285813 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys</div>

<div>00:46:35.0343 3108  VgaSave - ok</div>

<div>00:46:35.0359 3108  ViaIde - ok</div>

<div>00:46:35.0375 3108  [ 2ABF037F9D447424B58D73706B55B762 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys</div>

<div>00:46:35.0375 3108  VolSnap - ok</div>

<div>00:46:35.0421 3108  [ B96ECAE46A68F57862BACF59EEC24FEF ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys</div>

<div>00:46:35.0453 3108  Vsdatant - ok</div>

<div>00:46:35.0484 3108  vsmon - ok</div>

<div>00:46:35.0531 3108  [ 8901DA47BC3B7AA2EFE49A6FC265B0F8 ] VSS             C:\WINDOWS\System32\vssvc.exe</div>

<div>00:46:35.0562 3108  VSS - ok</div>

<div>00:46:35.0578 3108  [ 64D724F8DD696AE17DC545D9A22C06DC ] W32Time         C:\WINDOWS\system32\w32time.dll</div>

<div>00:46:35.0593 3108  W32Time - ok</div>

<div>00:46:35.0656 3108  [ 8794191476E6B93161BAAA136E309454 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys</div>

<div>00:46:35.0671 3108  Wanarp - ok</div>

<div>00:46:35.0703 3108  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys</div>

<div>00:46:35.0718 3108  Wdf01000 - ok</div>

<div>00:46:35.0734 3108  WDICA - ok</div>

<div>00:46:35.0796 3108  [ CF66393A0B2E361503BF381AC013B34A ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys</div>

<div>00:46:35.0796 3108  wdmaud - ok</div>

<div>00:46:35.0796 3108  [ 2695100EF6D97E11443EBCED0057F3F1 ] WebClient       C:\WINDOWS\System32\webclnt.dll</div>

<div>00:46:35.0812 3108  WebClient - ok</div>

<div>00:46:35.0921 3108  [ C509666623D32AC4CDA3199CE4EB1925 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll</div>

<div>00:46:35.0937 3108  winmgmt - ok</div>

<div>00:46:36.0015 3108  [ B9F63F85E14517B5551D55456F7C9D9C ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll</div>

<div>00:46:36.0031 3108  WmdmPmSN - ok</div>

<div>00:46:36.0062 3108  [ B024B2E27C45FCC267B12AFA9DD04822 ] Wmi             C:\WINDOWS\System32\advapi32.dll</div>

<div>00:46:36.0093 3108  Wmi - ok</div>

<div>00:46:36.0109 3108  [ A8A632D5802DEC0BBCA2AC750FD34BBD ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys</div>

<div>00:46:36.0109 3108  WmiAcpi - ok</div>

<div>00:46:36.0156 3108  [ 34CD451F120F5E8D8F430184F4E50E7A ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe</div>

<div>00:46:36.0156 3108  WmiApSrv - ok</div>

<div>00:46:36.0250 3108  [ E750CD80918C221F7249802A3048A287 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll</div>

<div>00:46:36.0281 3108  wscsvc - ok</div>

<div>00:46:36.0281 3108  WSIMD - ok</div>

<div>00:46:36.0375 3108  [ 330029931EB8E3384CBC4C10880D5B14 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS</div>

<div>00:46:36.0375 3108  WSTCODEC - ok</div>

<div>00:46:36.0390 3108  [ A05055C8FAD494885E39A57DC350C4DD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll</div>

<div>00:46:36.0406 3108  wuauserv - ok</div>

<div>00:46:36.0468 3108  [ A2FC878AB3DAEA806C1E5D1F83EF6E57 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll</div>

<div>00:46:36.0500 3108  WZCSVC - ok</div>

<div>00:46:36.0531 3108  [ 5031DA760DB4864FAE386DDFC1428607 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll</div>

<div>00:46:36.0546 3108  xmlprov - ok</div>

<div>00:46:36.0562 3108  ZTEusbmdm6k - ok</div>

<div>00:46:36.0578 3108  ZTEusbnmea - ok</div>

<div>00:46:36.0593 3108  ZTEusbser6k - ok</div>

<div>00:46:36.0625 3108  ================ Scan global ===============================</div>

<div>00:46:36.0687 3108  [ E2C65A667921DDC7B81815836C1DB25D ] C:\WINDOWS\system32\basesrv.dll</div>

<div>00:46:36.0703 3108  [ DEA079254CAAB877ED3FD4A5BE80DE98 ] C:\WINDOWS\system32\winsrv.dll</div>

<div>00:46:36.0734 3108  [ DEA079254CAAB877ED3FD4A5BE80DE98 ] C:\WINDOWS\system32\winsrv.dll</div>

<div>00:46:36.0812 3108  [ 76727219614A50B2DB29BD0CDA4260D5 ] C:\WINDOWS\system32\services.exe</div>

<div>00:46:36.0828 3108  [Global] - ok</div>

<div>00:46:36.0828 3108  ================ Scan MBR ==================================</div>

<div>00:46:36.0875 3108  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0</div>

<div>00:46:37.0421 3108  \Device\Harddisk0\DR0 - ok</div>

<div>00:46:37.0421 3108  ================ Scan VBR ==================================</div>

<div>00:46:37.0437 3108  [ 144DBED5D621FBFD4E86CA7412BF90BC ] \Device\Harddisk0\DR0\Partition1</div>

<div>00:46:37.0437 3108  \Device\Harddisk0\DR0\Partition1 - ok</div>

<div>00:46:37.0562 3108  [ 99A6F6CFF02EF55FA87434AA934F0BA4 ] \Device\Harddisk0\DR0\Partition2</div>

<div>00:46:37.0578 3108  \Device\Harddisk0\DR0\Partition2 - ok</div>

<div>00:46:37.0609 3108  [ 91331DAB24599BE5CCB4625048905185 ] \Device\Harddisk0\DR0\Partition3</div>

<div>00:46:37.0609 3108  \Device\Harddisk0\DR0\Partition3 - ok</div>

<div>00:46:37.0609 3108  ============================================================</div>

<div>00:46:37.0609 3108  Scan finished</div>

<div>00:46:37.0609 3108  ============================================================</div>

<div>00:46:37.0625 4084  Detected object count: 0</div>

<div>00:46:37.0625 4084  Actual detected object count: 0</div>

<div> </div>

Link to post
Share on other sites

It's always like this. But in less than 5 minutes the virus is back. I'm running avast anti-virus and zone alarm firewall.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.12.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.3264

BOSS :: COMPANY-D80ED77 [administrator]

6/12/2013 8:05:22 AM

mbam-log-2013-06-12 (08-05-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 232273

Time elapsed: 54 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|disabletaskmgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

<div>

<div>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2013</div>

<div>Ran by BOSS (administrator) on 12-06-2013 00:42:39</div>

<div>Running from D:\My Documents\Downloads</div>

<div>Microsoft Windows XP Service Pack 3, v.3264 (X86) OS Language: English(US)</div>

<div>Internet Explorer Version 6</div>

<div>Boot Mode: Normal</div>

I mean those tags I marked bold. Are they within your logfile or were they added by the forum?

Please attach the log files to your topic.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This may be interesting:

-I updated the virus database and then turned off the internet before doing a MBAM scan. The scan found the virus as usual and said that it was removed   successfully.

-Then, without turning on the internet, I did the scan again. The virus was not found. 

-Still without turning on the internet, I restarted the computer, did another scan and found the virus.

 

The virus came back with the restart of the computer, without internet.

 

-I removed the virus again, turned on the internet, and scanned again. The virus was found.

 

So, it also come back with internet without restaring.

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ComboFix 13-06-27.01 - BOSS 06/27/2013  14:52:34.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1251.7.1033.18.3001.1660 [GMT 1:00]

Running from: c:\documents and settings\BOSS\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\AUTORUN.INF

c:\documents and settings\BOSS\Application Data\Mozilla\Firefox\Profiles\5mwlzyk8.default\searchplugins\SearchquWebSearch.xml

c:\documents and settings\BOSS\Application Data\VAP

c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

c:\windows\system32\B052B792CC.dll

c:\windows\system32\drivers\etc\hosts.ics

d:\my documents\~WRL0214.tmp

d:\my documents\~WRL3518.tmp

.

.

(((((((((((((((((((((((((   Files Created from 2013-05-27 to 2013-06-27  )))))))))))))))))))))))))))))))

.

.

2013-06-27 06:11 . 2013-06-27 06:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-06-20 18:08 . 2013-06-20 18:08 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google

2013-06-11 23:41 . 2013-06-11 23:41 -------- dc----w- C:\FRST

2013-06-11 09:51 . 2013-06-11 09:51 -------- d-----w- c:\program files\Common Files\Skype

2013-06-11 09:51 . 2013-06-11 18:34 -------- d-----r- c:\program files\Skype

2013-06-10 12:06 . 2013-06-27 06:09 369456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-06-10 12:06 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-06-10 12:06 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-06-10 12:06 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-06-10 12:06 . 2013-06-27 06:09 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-10 12:06 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-06-10 12:06 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-10 12:06 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-06-10 12:06 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-06-10 12:05 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

2013-06-10 12:05 . 2013-06-10 12:05 -------- d-----w- c:\program files\AVAST Software

2013-06-10 12:02 . 2013-06-10 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2013-06-10 11:51 . 2013-06-10 11:51 -------- d-----w- c:\documents and settings\BOSS\Application Data\CheckPoint

2013-06-10 11:46 . 2013-06-10 11:46 -------- d-----w- c:\program files\Check Point Software Technologies LTD

2013-06-10 11:46 . 2013-06-12 06:50 -------- d-----w- c:\documents and settings\BOSS\Application Data\Check Point Software Technologies LTD

2013-06-10 11:46 . 2013-06-10 11:48 -------- d-----w- c:\program files\CheckPoint

2013-06-10 11:44 . 2013-06-10 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-24 11:30 . 2012-04-29 05:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-24 11:30 . 2011-06-01 13:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-04 13:50 . 2010-05-19 05:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-08 07:16 . 2011-07-22 10:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2008-06-30 11:44 . 2010-02-11 20:39 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-06 22:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-06 22:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-06 22:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-06 22:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-06 22:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-06 22:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-03 19604072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864]

"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-18 150040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]

"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-18 53248]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"disabletaskmgr"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ   msv1_0 nwprovau

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Nero BackItUp Scheduler 3"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Opera 10.50 Beta\\opera.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Documents and Settings\\BOSS\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\WinMX\\WinMX.exe"=

"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"<NO NAME>"= 

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [6/10/2013 1:06 PM 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [6/10/2013 1:06 PM 174664]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/10/2013 1:06 PM 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/10/2013 1:06 PM 369456]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10/8/2011 11:47 PM 232512]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/10/2013 1:06 PM 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/10/2013 1:06 PM 66336]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/22/2012 3:33 PM 27056]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/22/2012 3:33 PM 497320]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [6/7/2009 1:20 PM 61440]

R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2/11/2010 9:23 PM 186880]

S2 gupdate1cac3e2ce595d4e;Google Update Service (gupdate1cac3e2ce595d4e);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 2:57 AM 133104]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/3/2013 4:34 PM 162408]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/12/2010 2:14 PM 1684736]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [3/12/2013 9:36 PM 117248]

S3 flash;flash;\??\e:\install\BIOS_ACER_1.25_Windows_Aspire 5738\Winflash32\flash.sys --> e:\install\BIOS_ACER_1.25_Windows_Aspire 5738\Winflash32\flash.sys [?]

S3 hspa_zi_cdc_acm;HSPA Mobile Connect CDC-ACM driver;c:\windows\system32\drivers\hspa_zi_cdc_acm.sys [3/20/2013 3:16 PM 67968]

S3 hspa_zi_cdc_ecm;hspa_zi_cdc_ecm;c:\windows\system32\drivers\hspa_zi_cdc_ecm.sys [3/20/2013 3:16 PM 32768]

S3 hspa_zi_ecm_enum;HSPA Mobile Connect DC Enumerator;c:\windows\system32\drivers\hspa_zi_ecm_enum.sys [3/20/2013 3:16 PM 47488]

S3 hspa_zi_ecm_enum_filter;hspa_zi_ecm_enum_filter;c:\windows\system32\drivers\hspa_zi_ecm_enum_filter.sys [3/20/2013 3:16 PM 47488]

S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [3/12/2013 9:36 PM 91136]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [3/12/2013 9:36 PM 85504]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/27/2013 7:11 AM 40776]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2/11/2010 10:26 PM 158720]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-21 06:31 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 11:30]

.

2013-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]

.

2013-06-27 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-06-10 08:58]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 01:56]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 01:56]

.

.

------- Supplementary Scan -------

.





IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.43.1

FF - ProfilePath - c:\documents and settings\BOSS\Application Data\Mozilla\Firefox\Profiles\5mwlzyk8.default\

FF - user.js: extensions.funmoods.hmpg - true


FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true



FF - user.js: extensions.funmoods.id - 904CE5077CDB14B9

FF - user.js: extensions.funmoods.instlDay - 15600

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:27

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - ironpub

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - ironpub

FF - user.js: extensions.funmoods.dfltLng - 

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

HKCU-Run-tmp - (no file)

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

HKLM-Run-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

HKLM-Run-ACU - c:\program files\Atheros\ACU.exe

HKLM-Run-ISW - (no file)

AddRemove-Windows Essentials Media Codec Pack - c:\program files\Essentials Codec Pack\uninst.exe

AddRemove-{28006915-2739-4EBE-B5E8-49B25D32EB33} - c:\program files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-06-27 15:04

Windows 5.1.2600 Service Pack 3, v.3264 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_88_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_88_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1276)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'lsass.exe'(1332)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

Completion time: 2013-06-27  15:06:46

ComboFix-quarantined-files.txt  2013-06-27 14:06

.

Pre-Run: 6,550,022,144 bytes free

Post-Run: 8,671,672,320 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 33ACECD9B6B0DB1A3B1B3D3B51286D2E

8F558EB6672622401DA993E1E865C861
Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.