Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My anti AVG anti virus is picking up a virus


  • This topic is locked This topic is locked
31 replies to this topic

#1 statesmen

statesmen

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 September 2012 - 05:02 PM

Hello,
My AVG picked up a virus
File name:
c:\Windows\System32\services.exe

Threat name: Trojan horse Patched_c.LYT


I am also getting errors for system registry- but AVG says this is white listed. My computer often shuts off after about an hour without prompt, and the screen says something that looks like spanish "sin sendal" I belive. The computer has been extremley slow since this started as well, and used to be an extremly fast machine. I am also unable to enable my firewall or windows security in the control panel. When I do it says the windows security center cannot be started. Here is my original post:



http://www.bleepingcomputer.com/forums/topic466540.html/page__p__2819724__fromsearch__1#entry2819724

Here is my dds log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2008 8:03:50 PM
System Uptime: 8/29/2012 7:46:42 PM (1 hours ago)
.
Motherboard: Intel | | Bearlake
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 128.291 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_31051565&REV_02\3&2411E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_31051565&REV_02\3&2411E6FE&0&FB
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVG 2012
AVG PC Tuneup
Becker's CPA Exam Review and PassMaster - 2011 Edition
Becker CPA Review CD-ROM Course and PassMaster - 2009 Edition
BitTorrent
BlackBerry Desktop Software 6.1
Bonjour
BufferChm
C4400
C4400_Help
Call of Duty
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Driver Detective
eSupportQFolder
Free Window Registry Repair
Google Chrome
Google Earth
Google Update Helper
GPBaseService
GTOneCare
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java™ 6 Update 29
K-Lite Mega Codec Pack 4.4.2
LimeWire 5.2.13
Logitech QuickCam Driver Package
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Live Add-in 1.3
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
Move Media Player
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
NETGEAR WG111v3 wireless USB 2.0 adapter
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickConnect
QuickTime
Safari
Scan
Security Update for CAPICOM (KB931906)
Shop for HP Supplies
Skins
Skype Toolbars
Skype™ 4.2
SmartWebPrintingOC
SolutionCenter
Status
STK016_V2.01
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USBCAM
uTorrentControl2 Toolbar
VideoToolkit01
VLC media player 0.9.8a
vShare Plugin
Webcam 1200
WebReg
WhiteSmoke Updater Service
Windows Live installer
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/29/2012 7:51:15 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The XTrapD12 service terminated with the following error: XTrapD12 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The WSIMD service terminated with the following error: WSIMD is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Wg4n service terminated with the following error: Wg4n is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The VX1000 service terminated with the following error: VX1000 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The TdmService service terminated with the following error: TdmService is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Symproxysvc service terminated with the following error: Symproxysvc is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Sr_service service terminated with the following error: Sr_service is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The SMCB000 service terminated with the following error: SMCB000 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The S125mdfl service terminated with the following error: S125mdfl is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Roxliveshare service terminated with the following error: Roxliveshare is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Rasirda service terminated with the following error: Rasirda is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Radiosvr service terminated with the following error: Radiosvr is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Psimsvc service terminated with the following error: Psimsvc is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The ProcObsrv service terminated with the following error: ProcObsrv is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Prismxl service terminated with the following error: Prismxl is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Pnkbstrk service terminated with the following error: Pnkbstrk is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Picturetaker service terminated with the following error: Picturetaker is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Penclass service terminated with the following error: Penclass is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Pavprsrv service terminated with the following error: Pavprsrv is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Patrol_scheduler service terminated with the following error: Patrol_scheduler is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The NTSIM service terminated with the following error: NTSIM is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Ntiopnp service terminated with the following error: Ntiopnp is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: Ntgrip is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The NEOFLTR_600_13319 service terminated with the following error: NEOFLTR_600_13319 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The NEC USB3.0 Service service terminated with the following error: The specified module could not be found.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Msvad_simple service terminated with the following error: Msvad_simple is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The MRESP50 service terminated with the following error: MRESP50 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The LMouKE service terminated with the following error: LMouKE is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The L6POD service terminated with the following error: L6POD is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Kpf4 service terminated with the following error: Kpf4 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Kbfiltr service terminated with the following error: Kbfiltr is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Iastor service terminated with the following error: The specified module could not be found.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The HPFECP20 service terminated with the following error: HPFECP20 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Hclinetd service terminated with the following error: Hclinetd is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Giveio service terminated with the following error: Giveio is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Framework service terminated with the following error: Framework is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The ELacpi service terminated with the following error: ELacpi is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Ehsched service terminated with the following error: The specified module could not be found.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Cvspydr2 service terminated with the following error: The specified module could not be found.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Compaq_rba service terminated with the following error: Compaq_rba is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The CoachVc service terminated with the following error: CoachVc is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Clr_optimization_v2.0.50215_32 service terminated with the following error: Clr_optimization_v2.0.50215_32 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The BVRPMPR5 service terminated with the following error: BVRPMPR5 is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Bdfsdrv service terminated with the following error: Bdfsdrv is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The AsDsm service terminated with the following error: AsDsm is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Aiclient service terminated with the following error: Aiclient is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The Aic116x service terminated with the following error: Aic116x is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7023] - The {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} service terminated with the following error: {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} is not a valid Win32 application.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/29/2012 7:48:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/25/2012 10:53:33 AM, Error: EventLog [6008] - The previous system shutdown at 10:51:15 AM on 8/25/2012 was unexpected.
8/25/2012 10:40:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
8/25/2012 10:23:31 AM, Error: EventLog [6008] - The previous system shutdown at 10:48:44 PM on 8/23/2012 was unexpected.
8/23/2012 8:40:12 PM, Error: EventLog [6008] - The previous system shutdown at 8:14:11 PM on 8/23/2012 was unexpected.
8/23/2012 7:31:24 PM, Error: EventLog [6008] - The previous system shutdown at 10:46:54 PM on 8/22/2012 was unexpected.
8/22/2012 9:14:12 PM, Error: EventLog [6008] - The previous system shutdown at 9:09:58 PM on 8/22/2012 was unexpected.
8/22/2012 7:54:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/22/2012 7:53:55 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/22/2012 7:53:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/22/2012 7:53:55 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2012 7:53:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/22/2012 7:52:59 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
8/22/2012 7:51:13 PM, Error: EventLog [6008] - The previous system shutdown at 10:37:15 PM on 8/21/2012 was unexpected.
.
==== End Of File ===========================



Here is the GMER log. I was unable to get through a full scan on the GMER because the virus would shut the computer down, but I got about 30 minutes worth of scanning done and copied the log.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-02 21:33:54
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3250410AS rev.3.AAC
Running: gmer.exe; Driver: C:\Users\Matt\AppData\Local\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x9E2CD004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x9E2CD0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9E2CCD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9E2CCE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9E2CCEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9E2CCF56]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3BD 81EFCB00 8 Bytes [04, D0, 2C, 9E, D4, D0, 2C, ...] {ADD AL, 0xd0; SUB AL, 0x9e; AAM 0xd0; SUB AL, 0x9e}
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EFCB34 4 Bytes [76, CD, 2C, 9E] {JBE 0xffffffffffffffcf; SUB AL, 0x9e}
.text ntkrnlpa.exe!KeSetEvent + 621 81EFCD64 8 Bytes [1E, CE, 2C, 9E, BA, CE, 2C, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 81EFCDC4 4 Bytes [56, CF, 2C, 9E] {PUSH ESI; IRET ; SUB AL, 0x9e}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8CA08000, 0x250DAC, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\Windows\system32\services.exe[892] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: mswsock.dllunknown module: MSWSOCK.dll
.text C:\Windows\System32\svchost.exe[5860] ntdll.dll!NtWriteFile 76E85644 5 Bytes JMP 00013CB4
.text C:\Windows\System32\svchost.exe[5860] kernel32.dll!SetUnhandledExceptionFilter 757FA84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\System32\svchost.exe[5860] USER32.dll!WindowFromPoint 75BC884F 5 Bytes JMP 000144B8
.text C:\Windows\System32\svchost.exe[5860] USER32.dll!GetForegroundWindow 75BD32C4 5 Bytes JMP 00014528
.text C:\Windows\System32\svchost.exe[5860] USER32.dll!IsWindowVisible 75BD878A 5 Bytes JMP 0001455B
.text C:\Windows\System32\svchost.exe[5860] USER32.dll!GetCursorPos 75BE0B88 5 Bytes JMP 00014457
.text C:\Windows\System32\svchost.exe[5860] USER32.dll!MessageBoxIndirectW 75C1D5D3 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\Windows\System32\svchost.exe[5860] WS2_32.dll!GetAddrInfoW 758B3D12 5 Bytes JMP 000143B9
.text C:\Windows\System32\svchost.exe[5860] ole32.dll!CoGetClassObject 7623FABC 5 Bytes JMP 00014697
.text C:\Windows\System32\svchost.exe[5860] ole32.dll!CoCreateInstance 76259EA6 5 Bytes JMP 000146C1

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 AM

Posted 03 September 2012 - 11:31 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 statesmen

statesmen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 04 September 2012 - 08:39 PM

Hello!
I was able to temporarily disable AVG 2012 anti virus.
I ran the combo fix a total of 3 times. Each time the computer crashed and went to a blue screen, and I was Unable to create a log.

I was able to run the security check you told me to.

See below:




Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



My avg is still picking up trojans and system 32 registry errors.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 AM

Posted 04 September 2012 - 09:18 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 statesmen

statesmen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 05 September 2012 - 09:12 PM

I Gringo, unfortunately, I ran the Rogue Killer 3 times and it crashed to a blue screen after scanning for about 20 seconds each time.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 AM

Posted 06 September 2012 - 01:11 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 AM

Posted 06 September 2012 - 01:11 AM

double post - see post above please



gringo

Edited by gringo_pr, 06 September 2012 - 01:12 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 statesmen

statesmen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 08 September 2012 - 01:30 PM

13:19:41.0355 5028 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:19:41.0823 5028 ============================================================
13:19:41.0823 5028 Current date / time: 2012/09/08 13:19:41.0823
13:19:41.0823 5028 SystemInfo:
13:19:41.0823 5028
13:19:41.0823 5028 OS Version: 6.0.6002 ServicePack: 2.0
13:19:41.0823 5028 Product type: Workstation
13:19:41.0823 5028 ComputerName: MATT-PC
13:19:41.0823 5028 UserName: Matt
13:19:41.0823 5028 Windows directory: C:\Windows
13:19:41.0823 5028 System windows directory: C:\Windows
13:19:41.0823 5028 Processor architecture: Intel x86
13:19:41.0823 5028 Number of processors: 2
13:19:41.0823 5028 Page size: 0x1000
13:19:41.0823 5028 Boot type: Normal boot
13:19:41.0823 5028 ============================================================
13:19:43.0180 5028 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:19:43.0180 5028 ============================================================
13:19:43.0180 5028 \Device\Harddisk0\DR0:
13:19:43.0180 5028 MBR partitions:
13:19:43.0180 5028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
13:19:43.0180 5028 ============================================================
13:19:43.0196 5028 C: <-> \Device\Harddisk0\DR0\Partition1
13:19:43.0196 5028 ============================================================
13:19:43.0196 5028 Initialize success
13:19:43.0196 5028 ============================================================
13:19:46.0675 5004 ============================================================
13:19:46.0675 5004 Scan started
13:19:46.0675 5004 Mode: Manual;
13:19:46.0675 5004 ============================================================
13:19:50.0637 5004 ================ Scan system memory ========================
13:19:50.0637 5004 System memory - ok
13:19:50.0637 5004 ================ Scan services =============================
13:19:51.0495 5004 A88xXBar - ok
13:19:51.0760 5004 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:19:51.0885 5004 ACPI - ok
13:19:52.0119 5004 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:19:52.0119 5004 AdobeFlashPlayerUpdateSvc - ok
13:19:52.0213 5004 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:19:52.0228 5004 adp94xx - ok
13:19:52.0275 5004 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:19:52.0306 5004 adpahci - ok
13:19:52.0322 5004 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:19:52.0337 5004 adpu160m - ok
13:19:52.0369 5004 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:19:52.0384 5004 adpu320 - ok
13:19:52.0462 5004 advservice - ok
13:19:52.0478 5004 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:19:52.0478 5004 AeLookupSvc - ok
13:19:52.0634 5004 [ A201207363AA900ABF1A388468688570 ] AFD C:\Windows\system32\drivers\afd.sys
13:19:52.0681 5004 AFD - ok
13:19:52.0727 5004 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:19:52.0727 5004 agp440 - ok
13:19:52.0759 5004 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:19:52.0821 5004 aic78xx - ok
13:19:52.0868 5004 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:19:52.0883 5004 ALG - ok
13:19:53.0008 5004 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys
13:19:53.0055 5004 aliide - ok
13:19:53.0102 5004 alim1541 - ok
13:19:53.0383 5004 [ A3023B9767F7DD02091C725D4C0C3474 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:19:53.0383 5004 AMD External Events Utility - ok
13:19:53.0398 5004 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:19:53.0429 5004 amdagp - ok
13:19:53.0445 5004 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys
13:19:53.0461 5004 amdide - ok
13:19:53.0492 5004 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:19:53.0507 5004 AmdK7 - ok
13:19:53.0523 5004 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:19:53.0539 5004 AmdK8 - ok
13:19:53.0570 5004 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:19:53.0585 5004 Appinfo - ok
13:19:53.0975 5004 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:53.0991 5004 Apple Mobile Device - ok
13:19:54.0163 5004 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
13:19:54.0194 5004 AppMgmt - ok
13:19:54.0209 5004 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
13:19:54.0241 5004 arc - ok
13:19:54.0365 5004 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:19:54.0381 5004 arcsas - ok
13:19:54.0412 5004 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:54.0412 5004 AsyncMac - ok
13:19:54.0490 5004 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:19:54.0490 5004 atapi - ok
13:19:54.0724 5004 [ CD90739CB064F5A234A41D190F25A822 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys
13:19:55.0036 5004 athrusb - ok
13:19:55.0099 5004 [ B15EC8F81076A3947542C42360E125F7 ] ATIAVAIW C:\Windows\system32\DRIVERS\atinavt2.sys
13:19:55.0099 5004 ATIAVAIW - ok
13:19:55.0551 5004 [ A2051FC55D230F6099ECC27303492EDA ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:19:56.0581 5004 atikmdag - ok
13:19:56.0721 5004 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:19:56.0768 5004 AudioEndpointBuilder - ok
13:19:56.0783 5004 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:19:56.0783 5004 Audiosrv - ok
13:19:57.0953 5004 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
13:20:00.0278 5004 AVGIDSAgent - ok
13:20:00.0465 5004 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
13:20:00.0621 5004 AVGIDSDriver - ok
13:20:00.0668 5004 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
13:20:00.0715 5004 AVGIDSFilter - ok
13:20:00.0746 5004 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
13:20:00.0746 5004 AVGIDSHX - ok
13:20:00.0777 5004 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
13:20:00.0793 5004 AVGIDSShim - ok
13:20:00.0902 5004 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
13:20:00.0933 5004 Avgldx86 - ok
13:20:01.0027 5004 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
13:20:01.0058 5004 Avgmfx86 - ok
13:20:01.0151 5004 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
13:20:01.0183 5004 Avgrkx86 - ok
13:20:01.0292 5004 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
13:20:01.0370 5004 Avgtdix - ok
13:20:01.0619 5004 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
13:20:01.0619 5004 avgtp - ok
13:20:01.0744 5004 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:20:01.0900 5004 avgwd - ok
13:20:02.0041 5004 awservice - ok
13:20:02.0353 5004 bc_tdi_f - ok
13:20:02.0462 5004 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:20:02.0477 5004 Beep - ok
13:20:02.0930 5004 bgsvcgen - ok
13:20:02.0961 5004 bh611 - ok
13:20:02.0977 5004 blbdrive - ok
13:20:03.0211 5004 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:20:03.0382 5004 Bonjour Service - ok
13:20:03.0460 5004 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:20:03.0460 5004 bowser - ok
13:20:03.0554 5004 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:20:03.0585 5004 BrFiltLo - ok
13:20:03.0632 5004 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:20:03.0663 5004 BrFiltUp - ok
13:20:03.0741 5004 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:20:03.0819 5004 Browser - ok
13:20:03.0897 5004 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:20:03.0959 5004 Brserid - ok
13:20:04.0037 5004 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:20:04.0069 5004 BrSerWdm - ok
13:20:04.0084 5004 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:20:04.0100 5004 BrUsbMdm - ok
13:20:04.0115 5004 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:20:04.0115 5004 BrUsbSer - ok
13:20:04.0240 5004 [ 9FBA4CA01983CA906300C6F49FE403EC ] BS_I2cIo C:\Windows\system32\drivers\BS_I2cIo.sys
13:20:04.0271 5004 BS_I2cIo - ok
13:20:04.0396 5004 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:20:04.0412 5004 BTHMODEM - ok
13:20:04.0459 5004 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:20:04.0505 5004 cdfs - ok
13:20:04.0537 5004 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:20:04.0599 5004 cdrom - ok
13:20:04.0817 5004 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:20:04.0849 5004 CertPropSvc - ok
13:20:05.0020 5004 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
13:20:05.0036 5004 circlass - ok
13:20:05.0129 5004 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:20:05.0192 5004 CLFS - ok
13:20:05.0816 5004 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:20:05.0847 5004 clr_optimization_v2.0.50727_32 - ok
13:20:06.0315 5004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:20:06.0377 5004 clr_optimization_v4.0.30319_32 - ok
13:20:06.0487 5004 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:20:06.0533 5004 cmdide - ok
13:20:06.0580 5004 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:20:06.0643 5004 Compbatt - ok
13:20:06.0689 5004 COMSysApp - ok
13:20:06.0736 5004 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:20:06.0767 5004 crcdisk - ok
13:20:06.0845 5004 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:20:06.0861 5004 Crusoe - ok
13:20:07.0001 5004 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:20:07.0033 5004 CryptSvc - ok
13:20:07.0189 5004 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
13:20:07.0501 5004 CSC - ok
13:20:07.0641 5004 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
13:20:07.0891 5004 CscService - ok
13:20:08.0296 5004 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:20:08.0702 5004 DcomLaunch - ok
13:20:09.0357 5004 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:20:09.0965 5004 DFSR - ok
13:20:10.0168 5004 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:20:10.0293 5004 Dhcp - ok
13:20:10.0387 5004 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:20:10.0449 5004 disk - ok
13:20:10.0496 5004 [ 30A08728740E71947AE1E073B5CE69B4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:20:10.0543 5004 Dnscache - ok
13:20:10.0652 5004 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:20:10.0714 5004 dot3svc - ok
13:20:10.0933 5004 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:20:11.0026 5004 Dot4 - ok
13:20:11.0104 5004 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:20:11.0120 5004 Dot4Print - ok
13:20:11.0135 5004 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:20:11.0151 5004 dot4usb - ok
13:20:11.0198 5004 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:20:11.0260 5004 DPS - ok
13:20:11.0354 5004 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:20:11.0369 5004 drmkaud - ok
13:20:11.0603 5004 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:20:11.0791 5004 DXGKrnl - ok
13:20:11.0884 5004 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:20:11.0915 5004 E1G60 - ok
13:20:11.0947 5004 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:20:11.0993 5004 EapHost - ok
13:20:12.0196 5004 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:20:12.0227 5004 Ecache - ok
13:20:12.0321 5004 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:20:12.0430 5004 elxstor - ok
13:20:12.0539 5004 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:20:12.0805 5004 EMDMgmt - ok
13:20:12.0867 5004 esgiguard - ok
13:20:13.0007 5004 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:20:13.0085 5004 EventSystem - ok
13:20:13.0195 5004 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:20:13.0226 5004 exfat - ok
13:20:13.0288 5004 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:20:13.0366 5004 fastfat - ok
13:20:13.0460 5004 fasttrackinstallerservice - ok
13:20:13.0522 5004 FastUserSwitchingCompatibility - ok
13:20:13.0569 5004 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
13:20:13.0600 5004 Fax - ok
13:20:13.0631 5004 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:20:13.0631 5004 fdc - ok
13:20:13.0647 5004 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:20:13.0663 5004 fdPHost - ok
13:20:13.0678 5004 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:20:13.0678 5004 FDResPub - ok
13:20:13.0725 5004 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:20:13.0725 5004 FileInfo - ok
13:20:13.0741 5004 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:20:13.0756 5004 Filetrace - ok
13:20:13.0787 5004 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:20:13.0787 5004 flpydisk - ok
13:20:13.0819 5004 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:20:13.0834 5004 FltMgr - ok
13:20:13.0943 5004 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
13:20:14.0084 5004 FontCache - ok
13:20:14.0193 5004 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:20:14.0209 5004 FontCache3.0.0.0 - ok
13:20:14.0240 5004 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:20:14.0255 5004 Fs_Rec - ok
13:20:14.0302 5004 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:20:14.0302 5004 gagp30kx - ok
13:20:14.0692 5004 gdihook5 - ok
13:20:14.0708 5004 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:20:14.0708 5004 GEARAspiWDM - ok
13:20:14.0755 5004 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:20:14.0755 5004 gpsvc - ok
13:20:14.0833 5004 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:20:14.0911 5004 gupdate - ok
13:20:14.0973 5004 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:20:14.0989 5004 gupdatem - ok
13:20:15.0067 5004 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:20:15.0082 5004 HdAudAddService - ok
13:20:15.0160 5004 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:20:15.0191 5004 HDAudBus - ok
13:20:15.0238 5004 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:20:15.0238 5004 HidBth - ok
13:20:15.0254 5004 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:20:15.0269 5004 HidIr - ok
13:20:15.0332 5004 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
13:20:15.0347 5004 hidserv - ok
13:20:15.0379 5004 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:20:15.0394 5004 HidUsb - ok
13:20:15.0425 5004 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:20:15.0441 5004 hkmsvc - ok
13:20:15.0457 5004 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:20:15.0472 5004 HpCISSs - ok
13:20:15.0784 5004 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:20:15.0800 5004 hpqcxs08 - ok
13:20:15.0831 5004 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:20:15.0831 5004 hpqddsvc - ok
13:20:15.0893 5004 [ 4D6EB87DCABFD66221822F49CFD79077 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:20:15.0909 5004 HTTP - ok
13:20:15.0925 5004 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:20:15.0925 5004 i2omp - ok
13:20:15.0971 5004 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:20:15.0987 5004 i8042prt - ok
13:20:16.0018 5004 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:20:16.0034 5004 iaStorV - ok
13:20:16.0471 5004 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:20:16.0658 5004 idsvc - ok
13:20:16.0689 5004 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:20:16.0705 5004 iirsp - ok
13:20:16.0861 5004 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:20:16.0892 5004 IKEEXT - ok
13:20:16.0923 5004 [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide C:\Windows\system32\drivers\intelide.sys
13:20:16.0923 5004 intelide - ok
13:20:16.0985 5004 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:20:17.0001 5004 intelppm - ok
13:20:17.0048 5004 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:20:17.0063 5004 IPBusEnum - ok
13:20:17.0173 5004 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:20:17.0204 5004 IpFilterDriver - ok
13:20:17.0204 5004 IpInIp - ok
13:20:17.0313 5004 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:20:17.0329 5004 IPMIDRV - ok
13:20:17.0422 5004 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:20:17.0453 5004 IPNAT - ok
13:20:17.0921 5004 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:20:18.0218 5004 iPod Service - ok
13:20:18.0296 5004 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:20:18.0327 5004 IRENUM - ok
13:20:18.0358 5004 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:20:18.0374 5004 isapnp - ok
13:20:18.0436 5004 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:20:18.0452 5004 iScsiPrt - ok
13:20:18.0499 5004 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:20:18.0499 5004 iteatapi - ok
13:20:18.0545 5004 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:20:18.0545 5004 iteraid - ok
13:20:18.0608 5004 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:20:18.0639 5004 kbdclass - ok
13:20:18.0686 5004 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:20:18.0686 5004 kbdhid - ok
13:20:18.0733 5004 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
13:20:18.0733 5004 KeyIso - ok
13:20:18.0842 5004 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:20:19.0029 5004 KSecDD - ok
13:20:19.0325 5004 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:20:19.0372 5004 KtmRm - ok
13:20:19.0435 5004 [ 43446F197C74EF2030F84B3A4F39D570 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:20:19.0466 5004 LanmanServer - ok
13:20:19.0606 5004 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:20:19.0653 5004 LanmanWorkstation - ok
13:20:19.0747 5004 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:20:19.0762 5004 lltdio - ok
13:20:19.0856 5004 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:20:19.0887 5004 lltdsvc - ok
13:20:19.0981 5004 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:20:19.0996 5004 lmhosts - ok
13:20:20.0137 5004 lmimaint - ok
13:20:20.0215 5004 lp6nds35 - ok
13:20:20.0324 5004 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:20:20.0355 5004 LSI_FC - ok
13:20:20.0402 5004 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:20:20.0449 5004 LSI_SAS - ok
13:20:20.0527 5004 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:20:20.0620 5004 LSI_SCSI - ok
13:20:20.0745 5004 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:20:20.0807 5004 luafv - ok
13:20:21.0229 5004 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:20:21.0229 5004 MBAMProtector - ok
13:20:21.0494 5004 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:20:22.0024 5004 MBAMService - ok
13:20:22.0102 5004 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
13:20:22.0118 5004 MBAMSwissArmy - ok
13:20:22.0196 5004 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
13:20:22.0211 5004 megasas - ok
13:20:22.0258 5004 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:20:22.0289 5004 MMCSS - ok
13:20:22.0321 5004 MobilePreInstallerService - ok
13:20:22.0414 5004 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:20:22.0477 5004 Modem - ok
13:20:22.0617 5004 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:20:22.0633 5004 monitor - ok
13:20:22.0695 5004 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:20:22.0711 5004 mouclass - ok
13:20:22.0789 5004 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:20:22.0835 5004 mouhid - ok
13:20:22.0867 5004 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:20:22.0882 5004 MountMgr - ok
13:20:23.0007 5004 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:20:23.0038 5004 MozillaMaintenance - ok
13:20:23.0069 5004 mozybackup - ok
13:20:23.0116 5004 mpfp - ok
13:20:23.0194 5004 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
13:20:23.0272 5004 mpio - ok
13:20:23.0350 5004 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:20:23.0350 5004 mpsdrv - ok
13:20:23.0397 5004 mqdmbus - ok
13:20:23.0459 5004 mqdmmdfl - ok
13:20:23.0553 5004 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:20:23.0569 5004 Mraid35x - ok
13:20:23.0662 5004 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:20:23.0693 5004 MRxDAV - ok
13:20:23.0756 5004 [ 317EB668973951BAD512EE8BEBF9ED25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:20:23.0818 5004 mrxsmb - ok
13:20:23.0865 5004 [ 05716F0203B5C774A87384A1FF7B968F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:20:23.0927 5004 mrxsmb10 - ok
13:20:23.0943 5004 [ C70C50D101B92B45C42BA11EA9FE6CD1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:20:23.0959 5004 mrxsmb20 - ok
13:20:23.0990 5004 [ F0EC3A4E0693A34B148723B4DA31668C ] msahci C:\Windows\system32\drivers\msahci.sys
13:20:23.0990 5004 msahci - ok
13:20:24.0005 5004 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:20:24.0021 5004 msdsm - ok
13:20:24.0037 5004 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:20:24.0052 5004 MSDTC - ok
13:20:24.0068 5004 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:20:24.0083 5004 Msfs - ok
13:20:24.0115 5004 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:20:24.0115 5004 msisadrv - ok
13:20:24.0161 5004 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:20:24.0177 5004 MSiSCSI - ok
13:20:24.0177 5004 msiserver - ok
13:20:24.0255 5004 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:20:24.0286 5004 MSKSSRV - ok
13:20:24.0333 5004 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:20:24.0333 5004 MSPCLOCK - ok
13:20:24.0442 5004 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:20:24.0458 5004 MSPQM - ok
13:20:24.0536 5004 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:20:24.0629 5004 MsRPC - ok
13:20:24.0676 5004 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:20:24.0692 5004 mssmbios - ok
13:20:24.0723 5004 MSSQL$AUTODESKVAULT - ok
13:20:24.0770 5004 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:20:24.0785 5004 MSTEE - ok
13:20:24.0832 5004 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:20:24.0848 5004 Mup - ok
13:20:24.0895 5004 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:20:24.0957 5004 napagent - ok
13:20:25.0082 5004 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:20:25.0113 5004 NativeWifiP - ok
13:20:25.0175 5004 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:20:25.0300 5004 NDIS - ok
13:20:25.0394 5004 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:20:25.0425 5004 NdisTapi - ok
13:20:25.0487 5004 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:20:25.0487 5004 Ndisuio - ok
13:20:25.0565 5004 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:20:25.0612 5004 NdisWan - ok
13:20:25.0706 5004 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:20:25.0753 5004 NDProxy - ok
13:20:25.0784 5004 NEC Usb3.0 - ok
13:20:25.0955 5004 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:20:26.0002 5004 Net Driver HPZ12 - ok
13:20:26.0049 5004 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:20:26.0065 5004 NetBIOS - ok
13:20:26.0127 5004 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:20:26.0205 5004 netbt - ok
13:20:26.0252 5004 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
13:20:26.0252 5004 Netlogon - ok
13:20:26.0330 5004 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:20:26.0439 5004 Netman - ok
13:20:26.0439 5004 netmdsb - ok
13:20:26.0579 5004 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:20:26.0611 5004 netprofm - ok
13:20:26.0666 5004 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:26.0716 5004 NetTcpPortSharing - ok
13:20:26.0766 5004 NETw4v32 - ok
13:20:26.0836 5004 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:20:26.0856 5004 nfrd960 - ok
13:20:26.0926 5004 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:20:26.0986 5004 NlaSvc - ok
13:20:27.0376 5004 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:20:27.0376 5004 Npfs - ok
13:20:27.0586 5004 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:20:27.0616 5004 nsi - ok
13:20:27.0646 5004 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:20:27.0646 5004 nsiproxy - ok
13:20:28.0046 5004 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:20:28.0306 5004 Ntfs - ok
13:20:28.0416 5004 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:20:28.0416 5004 ntrigdigi - ok
13:20:28.0436 5004 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:20:28.0436 5004 Null - ok
13:20:28.0486 5004 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:20:28.0516 5004 nvraid - ok
13:20:28.0546 5004 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:20:28.0586 5004 nvstor - ok
13:20:28.0626 5004 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:20:28.0666 5004 nv_agp - ok
13:20:28.0666 5004 NwlnkFlt - ok
13:20:28.0676 5004 NwlnkFwd - ok
13:20:28.0706 5004 ofcservice - ok
13:20:28.0796 5004 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:20:28.0796 5004 ohci1394 - ok
13:20:28.0836 5004 oracle_load_balancer_60_server-forms6ip9 - ok
13:20:29.0016 5004 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:29.0046 5004 ose - ok
13:20:29.0196 5004 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:20:29.0466 5004 p2pimsvc - ok
13:20:29.0556 5004 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:20:29.0566 5004 p2psvc - ok
13:20:30.0009 5004 [ 509039B85C95E6E85CB7A8E3465FB702 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
13:20:30.0041 5004 PAC207 - ok
13:20:30.0160 5004 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:20:30.0174 5004 Parport - ok
13:20:30.0222 5004 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:20:30.0249 5004 partmgr - ok
13:20:30.0271 5004 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:20:30.0286 5004 Parvdm - ok
13:20:30.0359 5004 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:20:30.0369 5004 PcaSvc - ok
13:20:30.0550 5004 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:20:30.0563 5004 pci - ok
13:20:30.0867 5004 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
13:20:30.0870 5004 pciide - ok
13:20:30.0981 5004 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:20:31.0096 5004 pcmcia - ok
13:20:31.0103 5004 PCTINDIS5 - ok
13:20:31.0175 5004 pdlnafac - ok
13:20:31.0569 5004 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:20:31.0885 5004 PEAUTH - ok
13:20:31.0941 5004 pfmodnt - ok
13:20:32.0003 5004 pid_0928 - ok
13:20:32.0345 5004 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:20:32.0907 5004 pla - ok
13:20:33.0006 5004 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:20:33.0060 5004 PlugPlay - ok
13:20:33.0114 5004 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:20:33.0116 5004 Pml Driver HPZ12 - ok
13:20:33.0340 5004 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
13:20:33.0388 5004 PnkBstrA - ok
13:20:33.0804 5004 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:20:33.0963 5004 PNRPAutoReg - ok
13:20:34.0034 5004 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:20:34.0040 5004 PNRPsvc - ok
13:20:34.0109 5004 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:20:34.0159 5004 PolicyAgent - ok
13:20:34.0220 5004 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:20:34.0229 5004 PptpMiniport - ok
13:20:34.0260 5004 prism_a02 - ok
13:20:34.0326 5004 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
13:20:34.0329 5004 Processor - ok
13:20:34.0360 5004 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:20:34.0368 5004 ProfSvc - ok
13:20:34.0389 5004 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
13:20:34.0400 5004 ProtectedStorage - ok
13:20:34.0451 5004 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:20:34.0479 5004 PSched - ok
13:20:34.0520 5004 pxfhmdm - ok
13:20:34.0663 5004 [ B1AD87B4C97B6B59FCD075001E76865F ] QCDonner C:\Windows\system32\DRIVERS\LVCD.sys
13:20:34.0722 5004 QCDonner - ok
13:20:34.0822 5004 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:20:34.0897 5004 ql2300 - ok
13:20:34.0921 5004 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:20:34.0934 5004 ql40xx - ok
13:20:34.0987 5004 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:20:35.0003 5004 QWAVE - ok
13:20:35.0027 5004 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:20:35.0036 5004 QWAVEdrv - ok
13:20:35.0068 5004 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:20:35.0070 5004 RasAcd - ok
13:20:35.0093 5004 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:20:35.0107 5004 RasAuto - ok
13:20:35.0129 5004 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:20:35.0140 5004 Rasl2tp - ok
13:20:35.0162 5004 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:20:35.0186 5004 RasMan - ok
13:20:35.0303 5004 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:20:35.0314 5004 RasPppoe - ok
13:20:35.0386 5004 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:20:35.0477 5004 RasSstp - ok
13:20:35.0622 5004 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:20:35.0638 5004 rdbss - ok
13:20:35.0664 5004 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:20:35.0665 5004 RDPCDD - ok
13:20:35.0701 5004 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
13:20:35.0715 5004 rdpdr - ok
13:20:35.0739 5004 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:20:35.0748 5004 RDPENCDD - ok
13:20:35.0773 5004 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:20:35.0791 5004 RDPWD - ok
13:20:35.0824 5004 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:20:35.0829 5004 RemoteAccess - ok
13:20:35.0869 5004 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:20:35.0875 5004 RemoteRegistry - ok
13:20:35.0922 5004 retroexplauncher - ok
13:20:35.0963 5004 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
13:20:35.0966 5004 RimUsb - ok
13:20:36.0001 5004 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
13:20:36.0002 5004 RimVSerPort - ok
13:20:36.0025 5004 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:20:36.0028 5004 ROOTMODEM - ok
13:20:36.0063 5004 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:20:36.0066 5004 RpcLocator - ok
13:20:36.0163 5004 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:20:36.0168 5004 RpcSs - ok
13:20:36.0204 5004 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:20:36.0272 5004 rspndr - ok
13:20:36.0589 5004 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:20:36.0690 5004 RTL8169 - ok
13:20:36.0778 5004 [ D5D2E9F785FDA3C1E021FDE9F218C7F5 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
13:20:36.0833 5004 RTL8187B - ok
13:20:36.0862 5004 rtl8187Se - ok
13:20:36.0900 5004 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
13:20:36.0903 5004 RtlProt - ok
13:20:36.0938 5004 SaiClass - ok
13:20:36.0973 5004 SaiU040B - ok
13:20:36.0979 5004 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
13:20:36.0982 5004 SamSs - ok
13:20:37.0006 5004 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:20:37.0016 5004 sbp2port - ok
13:20:37.0043 5004 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:20:37.0048 5004 SCardSvr - ok
13:20:37.0120 5004 [ 323AE0BDFD2EB15B668DDA50CC597329 ] Schedule C:\Windows\system32\schedsvc.dll
13:20:37.0170 5004 Schedule - ok
13:20:37.0188 5004 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:20:37.0189 5004 SCPolicySvc - ok
13:20:37.0288 5004 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:20:37.0429 5004 SDRSVC - ok
13:20:37.0655 5004 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:20:37.0657 5004 secdrv - ok
13:20:37.0693 5004 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:20:37.0696 5004 seclogon - ok
13:20:37.0723 5004 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
13:20:37.0726 5004 SENS - ok
13:20:37.0747 5004 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:20:37.0758 5004 Serenum - ok
13:20:37.0783 5004 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:20:37.0793 5004 Serial - ok
13:20:37.0807 5004 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:20:37.0808 5004 sermouse - ok
13:20:37.0845 5004 service - ok
13:20:37.0886 5004 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:20:37.0900 5004 SessionEnv - ok
13:20:37.0918 5004 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:20:37.0919 5004 sffdisk - ok
13:20:37.0950 5004 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:20:37.0952 5004 sffp_mmc - ok
13:20:37.0976 5004 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:20:37.0977 5004 sffp_sd - ok
13:20:37.0998 5004 sfilter - ok
13:20:38.0009 5004 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:20:38.0015 5004 sfloppy - ok
13:20:38.0051 5004 SGIR - ok
13:20:38.0088 5004 [ C818C44C201898399BF999BB6B35D4E3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:20:38.0134 5004 ShellHWDetection - ok
13:20:38.0510 5004 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:20:38.0522 5004 sisagp - ok
13:20:38.0534 5004 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:20:38.0538 5004 SiSRaid2 - ok
13:20:38.0769 5004 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:20:38.0771 5004 SiSRaid4 - ok
13:20:38.0807 5004 sit_prt - ok
13:20:39.0550 5004 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:20:39.0941 5004 slsvc - ok
13:20:39.0981 5004 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:20:39.0984 5004 SLUINotify - ok
13:20:40.0010 5004 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:20:40.0023 5004 Smb - ok
13:20:40.0054 5004 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:20:40.0064 5004 SNMPTRAP - ok
13:20:40.0085 5004 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:20:40.0086 5004 spldr - ok
13:20:40.0106 5004 [ 524BFBEA40E6E404737CCBC754647A2E ] Spooler C:\Windows\System32\spoolsv.exe
13:20:40.0116 5004 Spooler - ok
13:20:40.0147 5004 [ BAA6018A27857B5FF0C03CE756B4A7A2 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:20:40.0159 5004 srv - ok
13:20:40.0200 5004 [ 6B6F3658E0A58C6C50C5F7FBDF3DF633 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:20:40.0225 5004 srv2 - ok
13:20:40.0251 5004 [ 2D10DE9022822772ADAA120B15A9BD03 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:20:40.0268 5004 srvnet - ok
13:20:40.0330 5004 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:20:40.0344 5004 SSDPSRV - ok
13:20:40.0381 5004 ssoftservice - ok
13:20:40.0437 5004 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:20:40.0449 5004 SstpSvc - ok
13:20:40.0469 5004 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:20:40.0478 5004 stisvc - ok
13:20:40.0495 5004 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:20:40.0496 5004 swenum - ok
13:20:40.0525 5004 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:20:40.0546 5004 swprv - ok
13:20:40.0577 5004 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:20:40.0578 5004 Symc8xx - ok
13:20:40.0604 5004 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:20:40.0605 5004 Sym_hi - ok
13:20:40.0629 5004 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:20:40.0630 5004 Sym_u3 - ok
13:20:40.0697 5004 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:20:40.0789 5004 SysMain - ok
13:20:40.0808 5004 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:20:40.0812 5004 TabletInputService - ok
13:20:40.0846 5004 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:20:40.0861 5004 TapiSrv - ok
13:20:40.0895 5004 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:20:40.0898 5004 TBS - ok
13:20:41.0034 5004 [ 65877AA1B6A7CB797488E831698973E9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:20:41.0183 5004 Tcpip - ok
13:20:41.0327 5004 [ 65877AA1B6A7CB797488E831698973E9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:20:41.0333 5004 Tcpip6 - ok
13:20:41.0364 5004 [ 4B8F496292D40192ACB052E030C023A7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:20:41.0383 5004 tcpipreg - ok
13:20:41.0412 5004 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:20:41.0437 5004 TDPIPE - ok
13:20:41.0466 5004 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:20:41.0495 5004 TDTCP - ok
13:20:41.0535 5004 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:20:41.0567 5004 tdx - ok
13:20:41.0676 5004 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:20:41.0697 5004 TermDD - ok
13:20:41.0848 5004 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:20:41.0972 5004 TermService - ok
13:20:42.0055 5004 tfsndres - ok
13:20:42.0103 5004 [ C818C44C201898399BF999BB6B35D4E3 ] Themes C:\Windows\system32\shsvcs.dll
13:20:42.0106 5004 Themes - ok
13:20:42.0154 5004 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:20:42.0155 5004 THREADORDER - ok
13:20:42.0197 5004 tosrfusb - ok
13:20:42.0294 5004 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:20:42.0334 5004 TrkWks - ok
13:20:42.0503 5004 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
13:20:42.0520 5004 TrueSight - ok
13:20:42.0649 5004 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:20:42.0673 5004 TrustedInstaller - ok
13:20:42.0754 5004 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:20:42.0772 5004 tssecsrv - ok
13:20:42.0869 5004 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:20:42.0870 5004 tunmp - ok
13:20:42.0948 5004 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:20:42.0949 5004 tunnel - ok
13:20:43.0007 5004 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:20:43.0026 5004 uagp35 - ok
13:20:43.0066 5004 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:20:43.0161 5004 udfs - ok
13:20:43.0211 5004 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:20:43.0221 5004 UI0Detect - ok
13:20:43.0256 5004 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:20:43.0266 5004 uliagpkx - ok
13:20:43.0311 5004 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:20:43.0356 5004 uliahci - ok
13:20:43.0396 5004 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:20:43.0426 5004 UlSata - ok
13:20:43.0466 5004 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:20:43.0466 5004 ulsata2 - ok
13:20:43.0496 5004 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:20:43.0496 5004 umbus - ok
13:20:43.0531 5004 UMPass - ok
13:20:43.0561 5004 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
13:20:43.0566 5004 UmRdpService - ok
13:20:43.0641 5004 [ 6F3812807B7F4F6A72676A8D6EE95DEA ] UpdaterService C:\ProgramData\UpdaterService\wsupdsvc.exe
13:20:43.0651 5004 UpdaterService - ok
13:20:43.0731 5004 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:20:43.0756 5004 upnphost - ok
13:20:43.0786 5004 us30service - ok
13:20:43.0836 5004 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:20:43.0836 5004 USBAAPL - ok
13:20:43.0886 5004 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:20:43.0931 5004 usbccgp - ok
13:20:43.0976 5004 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:20:43.0996 5004 usbcir - ok
13:20:44.0051 5004 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:20:44.0071 5004 usbehci - ok
13:20:44.0106 5004 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:20:44.0111 5004 usbhub - ok
13:20:44.0151 5004 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:20:44.0151 5004 usbohci - ok
13:20:44.0181 5004 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:20:44.0196 5004 usbprint - ok
13:20:44.0246 5004 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:20:44.0251 5004 usbscan - ok
13:20:44.0306 5004 usbser - ok
13:20:44.0356 5004 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:20:44.0376 5004 USBSTOR - ok
13:20:44.0466 5004 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:20:44.0491 5004 usbuhci - ok
13:20:44.0546 5004 USB_RNDIS - ok
13:20:44.0961 5004 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:20:44.0966 5004 UxSms - ok
13:20:45.0106 5004 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:20:45.0131 5004 vds - ok
13:20:45.0136 5004 vetmsgnt - ok
13:20:45.0191 5004 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:20:45.0253 5004 vga - ok
13:20:45.0369 5004 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:20:45.0372 5004 VgaSave - ok
13:20:45.0391 5004 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:20:45.0393 5004 viaagp - ok
13:20:45.0405 5004 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:20:45.0406 5004 ViaC7 - ok
13:20:45.0429 5004 [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide C:\Windows\system32\drivers\viaide.sys
13:20:45.0430 5004 viaide - ok
13:20:45.0451 5004 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
13:20:45.0452 5004 Viewpoint Manager Service - ok
13:20:45.0488 5004 vmsprog - ok
13:20:45.0517 5004 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:20:45.0519 5004 volmgr - ok
13:20:45.0544 5004 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:20:45.0591 5004 volmgrx - ok
13:20:45.0665 5004 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:20:45.0670 5004 volsnap - ok
13:20:45.0694 5004 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:20:45.0696 5004 vsmraid - ok
13:20:45.0748 5004 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:20:45.0798 5004 VSS - ok
13:20:45.0942 5004 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
13:20:45.0984 5004 vToolbarUpdater12.2.6 - ok
13:20:46.0016 5004 vulfnths - ok
13:20:46.0058 5004 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:20:46.0065 5004 W32Time - ok
13:20:46.0083 5004 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:20:46.0093 5004 WacomPen - ok
13:20:46.0117 5004 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:20:46.0119 5004 Wanarp - ok
13:20:46.0123 5004 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:20:46.0124 5004 Wanarpv6 - ok
13:20:46.0164 5004 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
13:20:46.0197 5004 wbengine - ok
13:20:46.0247 5004 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:20:46.0259 5004 wcncsvc - ok
13:20:46.0302 5004 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:20:46.0313 5004 WcsPlugInService - ok
13:20:46.0339 5004 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
13:20:46.0347 5004 Wd - ok
13:20:46.0398 5004 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:20:46.0427 5004 Wdf01000 - ok
13:20:46.0454 5004 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:20:46.0459 5004 WdiServiceHost - ok
13:20:46.0787 5004 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:20:46.0789 5004 WdiSystemHost - ok
13:20:46.0833 5004 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:20:46.0838 5004 WebClient - ok
13:20:46.0875 5004 webrootadminconsole - ok
13:20:46.0921 5004 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:20:46.0926 5004 Wecsvc - ok
13:20:46.0956 5004 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:20:46.0959 5004 wercplsupport - ok
13:20:46.0977 5004 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:20:46.0981 5004 WerSvc - ok
13:20:46.0987 5004 WinHttpAutoProxySvc - ok
13:20:47.0033 5004 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:20:47.0037 5004 Winmgmt - ok
13:20:47.0077 5004 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
13:20:47.0121 5004 WinRM - ok
13:20:47.0184 5004 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:20:47.0193 5004 Wlansvc - ok
13:20:47.0273 5004 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
13:20:47.0281 5004 WLSetupSvc - ok
13:20:47.0332 5004 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:20:47.0340 5004 WmiAcpi - ok
13:20:47.0400 5004 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:20:47.0420 5004 wmiApSrv - ok
13:20:47.0506 5004 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:20:47.0557 5004 WMPNetworkSvc - ok
13:20:47.0609 5004 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:20:47.0618 5004 WPDBusEnum - ok
13:20:47.0670 5004 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:20:47.0672 5004 WpdUsb - ok
13:20:47.0795 5004 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:20:47.0819 5004 WPFFontCache_v0400 - ok
13:20:47.0847 5004 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:20:47.0850 5004 ws2ifsl - ok
13:20:47.0855 5004 WSearch - ok
13:20:47.0885 5004 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:20:47.0887 5004 WUDFRd - ok
13:20:47.0908 5004 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:20:47.0911 5004 wudfsvc - ok
13:20:47.0932 5004 Xyz777s - ok
13:20:47.0944 5004 zebrmdmc - ok
13:20:47.0972 5004 ================ Scan global ===============================
13:20:47.0994 5004 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:20:48.0026 5004 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll
13:20:48.0044 5004 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll
13:20:48.0076 5004 [ 8737764F4FD36D6808EE80578409C843 ] C:\Windows\system32\services.exe
13:20:48.0080 5004 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
13:20:48.0080 5004 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
13:20:48.0081 5004 ================ Scan MBR ==================================
13:20:48.0108 5004 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:20:48.0109 5004 Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:20:48.0159 5004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:20:48.0159 5004 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:20:48.0160 5004 ================ Scan VBR ==================================
13:20:48.0163 5004 [ DC0D3EB9CC46389A9C52D81CF4B361FC ] \Device\Harddisk0\DR0\Partition1
13:20:48.0165 5004 \Device\Harddisk0\DR0\Partition1 - ok
13:20:48.0167 5004 ============================================================
13:20:48.0167 5004 Scan finished
13:20:48.0167 5004 ============================================================
13:20:48.0178 2496 Detected object count: 2
13:20:48.0179 2496 Actual detected object count: 2
13:20:58.0817 2496 C:\Windows\system32\services.exe - copied to quarantine
13:21:01.0408 2496 C:\Windows\$NtUninstallKB58028$\4224194916\@ - copied to quarantine
13:21:01.0409 2496 C:\Windows\$NtUninstallKB58028$\4224194916\cfg.ini - copied to quarantine
13:21:01.0431 2496 C:\Windows\$NtUninstallKB58028$\4224194916\Desktop.ini - copied to quarantine
13:21:01.0447 2496 C:\Windows\$NtUninstallKB58028$\4224194916\L\00000004.@ - copied to quarantine
13:21:01.0448 2496 C:\Windows\$NtUninstallKB58028$\4224194916\L\1afb2d56 - copied to quarantine
13:21:01.0460 2496 C:\Windows\$NtUninstallKB58028$\4224194916\L\201d3dde - copied to quarantine
13:21:01.0470 2496 C:\Windows\$NtUninstallKB58028$\4224194916\L\55490ac4 - copied to quarantine
13:21:01.0478 2496 C:\Windows\$NtUninstallKB58028$\4224194916\L\vhtmwbun - copied to quarantine
13:21:01.0479 2496 C:\Windows\$NtUninstallKB58028$\4224194916\oemid - copied to quarantine
13:21:01.0571 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\00000001.@ - copied to quarantine
13:21:01.0616 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\00000002.@ - copied to quarantine
13:21:01.0628 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\00000004.@ - copied to quarantine
13:21:01.0653 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\80000000.@ - copied to quarantine
13:21:01.0670 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\80000004.@ - copied to quarantine
13:21:01.0729 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\80000032.@ - copied to quarantine
13:21:01.0746 2496 C:\Windows\$NtUninstallKB58028$\4224194916\version - copied to quarantine
13:21:01.0777 2496 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
13:21:02.0263 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\@ - copied to quarantine
13:21:02.0292 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\L\00000004.@ - copied to quarantine
13:21:02.0309 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\L\201d3dde - copied to quarantine
13:21:02.0387 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\n - copied to quarantine
13:21:02.0388 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\00000004.@ - copied to quarantine
13:21:02.0390 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\00000008.@ - copied to quarantine
13:21:02.0392 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\000000cb.@ - copied to quarantine
13:21:02.0393 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\80000000.@ - copied to quarantine
13:21:02.0395 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\80000032.@ - copied to quarantine
13:21:02.0468 2496 C:\Users\Matt\AppData\Local\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\@ - copied to quarantine
13:21:02.0544 2496 C:\Users\Matt\AppData\Local\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\000000cb.@ - copied to quarantine
13:21:02.0692 2496 C:\Users\Matt\AppData\Local\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\80000000.@ - copied to quarantine
13:21:02.0761 2496 C:\Users\Matt\AppData\Local\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\80000032.@ - copied to quarantine
13:21:38.0124 2496 Backup copy found, using it..
13:21:42.0838 2496 C:\Windows\$NtUninstallKB58028$\1259091698 - will be deleted on reboot
13:21:42.0838 2496 C:\Windows\$NtUninstallKB58028$\4224194916\@ - will be deleted on reboot
13:21:42.0838 2496 C:\Windows\$NtUninstallKB58028$\4224194916\cfg.ini - will be deleted on reboot
13:21:42.0838 2496 C:\Windows\$NtUninstallKB58028$\4224194916\Desktop.ini - will be deleted on reboot
13:21:42.0888 2496 C:\Windows\$NtUninstallKB58028$\4224194916\oemid - will be deleted on reboot
13:21:42.0928 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\00000001.@ - will be deleted on reboot
13:21:42.0928 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\00000002.@ - will be deleted on reboot
13:21:42.0928 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\00000004.@ - will be deleted on reboot
13:21:42.0928 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\80000000.@ - will be deleted on reboot
13:21:42.0928 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\80000004.@ - will be deleted on reboot
13:21:42.0928 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\80000032.$ - will be deleted on reboot
13:21:42.0928 2496 C:\Windows\$NtUninstallKB58028$\4224194916\U\80000032.@ - will be deleted on reboot
13:21:42.0928 2496 C:\Windows\$NtUninstallKB58028$\4224194916\version - will be deleted on reboot
13:21:43.0018 2496 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
13:21:44.0247 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\@ - will be deleted on reboot
13:21:44.0270 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\n - will be deleted on reboot
13:21:44.0305 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\00000004.@ - will be deleted on reboot
13:21:44.0305 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\00000008.@ - will be deleted on reboot
13:21:44.0346 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\000000cb.@ - will be deleted on reboot
13:21:44.0347 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\80000000.@ - will be deleted on reboot
13:21:44.0347 2496 C:\Windows\installer\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\80000032.@ - will be deleted on reboot
13:21:44.0399 2496 C:\Users\Matt\AppData\Local\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\@ - will be deleted on reboot
13:21:44.0400 2496 C:\Users\Matt\AppData\Local\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\000000cb.@ - will be deleted on reboot
13:21:44.0400 2496 C:\Users\Matt\AppData\Local\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\80000000.@ - will be deleted on reboot
13:21:44.0400 2496 C:\Users\Matt\AppData\Local\{f2d322c8-81cd-eac0-d2bc-7496b306af75}\U\80000032.@ - will be deleted on reboot
13:21:44.0400 2496 C:\Windows\system32\services.exe - will be cured on reboot
13:21:44.0401 2496 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
13:21:47.0685 2496 \Device\Harddisk0\DR0\# - copied to quarantine
13:21:47.0689 2496 \Device\Harddisk0\DR0 - copied to quarantine
13:21:47.0734 2496 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:21:47.0740 2496 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:21:47.0744 2496 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:21:47.0747 2496 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:21:47.0750 2496 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:21:47.0787 2496 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:21:47.0794 2496 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:21:47.0795 2496 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:21:47.0797 2496 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:21:47.0799 2496 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:21:47.0801 2496 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:21:47.0803 2496 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:21:47.0805 2496 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:21:47.0806 2496 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:21:47.0838 2496 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:21:47.0910 2496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:21:47.0911 2496 \Device\Harddisk0\DR0 - ok
13:21:47.0914 2496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:22:01.0542 5944 Deinitialize success











13:24:42.0589 0536 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:24:43.0276 0536 ============================================================
13:24:43.0276 0536 Current date / time: 2012/09/08 13:24:43.0276
13:24:43.0276 0536 SystemInfo:
13:24:43.0276 0536
13:24:43.0276 0536 OS Version: 6.0.6002 ServicePack: 2.0
13:24:43.0276 0536 Product type: Workstation
13:24:43.0276 0536 ComputerName: MATT-PC
13:24:43.0276 0536 UserName: Matt
13:24:43.0276 0536 Windows directory: C:\Windows
13:24:43.0276 0536 System windows directory: C:\Windows
13:24:43.0276 0536 Processor architecture: Intel x86
13:24:43.0276 0536 Number of processors: 2
13:24:43.0276 0536 Page size: 0x1000
13:24:43.0276 0536 Boot type: Normal boot
13:24:43.0276 0536 ============================================================
13:24:45.0900 0536 BG loaded
13:24:47.0039 0536 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:24:47.0039 0536 ============================================================
13:24:47.0039 0536 \Device\Harddisk0\DR0:
13:24:47.0039 0536 MBR partitions:
13:24:47.0039 0536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
13:24:47.0039 0536 ============================================================
13:24:47.0070 0536 C: <-> \Device\Harddisk0\DR0\Partition1
13:24:47.0070 0536 ============================================================
13:24:47.0070 0536 Initialize success
13:24:47.0070 0536 ============================================================
13:25:35.0653 1392 ============================================================
13:25:35.0653 1392 Scan started
13:25:35.0653 1392 Mode: Manual;
13:25:35.0653 1392 ============================================================
13:25:37.0447 1392 ================ Scan system memory ========================
13:25:37.0447 1392 Scan interrupted by user!
13:25:37.0447 1392 ================ Scan services =============================
13:25:37.0463 1392 Scan interrupted by user!
13:25:37.0463 1392 ================ Scan global ===============================
13:25:37.0463 1392 Scan interrupted by user!
13:25:37.0463 1392 ================ Scan MBR ==================================
13:25:37.0463 1392 Scan interrupted by user!
13:25:37.0463 1392 ================ Scan VBR ==================================
13:25:37.0463 1392 Scan interrupted by user!
13:25:37.0463 1392 ============================================================
13:25:37.0463 1392 Scan finished
13:25:37.0479 1392 ============================================================
13:25:37.0525 3928 Detected object count: 0
13:25:37.0525 3928 Actual detected object count: 0
13:26:29.0505 3696 ============================================================
13:26:29.0505 3696 Scan started
13:26:29.0505 3696 Mode: Manual;
13:26:29.0505 3696 ============================================================
13:26:30.0753 3696 ================ Scan system memory ========================
13:26:30.0753 3696 System memory - ok
13:26:30.0753 3696 ================ Scan services =============================
13:26:30.0862 3696 A88xXBar - ok
13:26:31.0096 3696 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:26:31.0127 3696 ACPI - ok
13:26:31.0174 3696 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:26:31.0174 3696 AdobeFlashPlayerUpdateSvc - ok
13:26:31.0205 3696 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:26:31.0221 3696 adp94xx - ok
13:26:31.0252 3696 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:26:31.0252 3696 adpahci - ok
13:26:31.0267 3696 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:26:31.0267 3696 adpu160m - ok
13:26:31.0299 3696 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:26:31.0299 3696 adpu320 - ok
13:26:31.0314 3696 advservice - ok
13:26:31.0330 3696 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:26:31.0330 3696 AeLookupSvc - ok
13:26:31.0377 3696 [ A201207363AA900ABF1A388468688570 ] AFD C:\Windows\system32\drivers\afd.sys
13:26:31.0377 3696 AFD - ok
13:26:31.0408 3696 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:26:31.0408 3696 agp440 - ok
13:26:31.0439 3696 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:26:31.0439 3696 aic78xx - ok
13:26:31.0455 3696 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:26:31.0455 3696 ALG - ok
13:26:31.0486 3696 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys
13:26:31.0486 3696 aliide - ok
13:26:31.0501 3696 alim1541 - ok
13:26:31.0579 3696 [ A3023B9767F7DD02091C725D4C0C3474 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:26:31.0579 3696 AMD External Events Utility - ok
13:26:31.0595 3696 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:26:31.0595 3696 amdagp - ok
13:26:31.0595 3696 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys
13:26:31.0595 3696 amdide - ok
13:26:31.0626 3696 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:26:31.0626 3696 AmdK7 - ok
13:26:31.0642 3696 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:26:31.0642 3696 AmdK8 - ok
13:26:31.0673 3696 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:26:31.0673 3696 Appinfo - ok
13:26:31.0860 3696 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:26:31.0891 3696 Apple Mobile Device - ok
13:26:31.0938 3696 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
13:26:31.0938 3696 AppMgmt - ok
13:26:31.0954 3696 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
13:26:31.0954 3696 arc - ok
13:26:31.0985 3696 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:26:31.0985 3696 arcsas - ok
13:26:32.0001 3696 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:26:32.0001 3696 AsyncMac - ok
13:26:32.0032 3696 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:26:32.0032 3696 atapi - ok
13:26:32.0063 3696 [ CD90739CB064F5A234A41D190F25A822 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys
13:26:32.0079 3696 athrusb - ok
13:26:32.0125 3696 [ B15EC8F81076A3947542C42360E125F7 ] ATIAVAIW C:\Windows\system32\DRIVERS\atinavt2.sys
13:26:32.0125 3696 ATIAVAIW - ok
13:26:33.0202 3696 [ A2051FC55D230F6099ECC27303492EDA ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:33.0217 3696 atikmdag - ok
13:26:33.0389 3696 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:26:33.0405 3696 AudioEndpointBuilder - ok
13:26:33.0436 3696 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:26:33.0436 3696 Audiosrv - ok
13:26:34.0169 3696 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
13:26:34.0200 3696 AVGIDSAgent - ok
13:26:34.0247 3696 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
13:26:34.0247 3696 AVGIDSDriver - ok
13:26:34.0263 3696 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
13:26:34.0263 3696 AVGIDSFilter - ok
13:26:34.0309 3696 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
13:26:34.0341 3696 AVGIDSHX - ok
13:26:34.0372 3696 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
13:26:34.0372 3696 AVGIDSShim - ok
13:26:34.0387 3696 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
13:26:34.0387 3696 Avgldx86 - ok
13:26:34.0419 3696 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
13:26:34.0419 3696 Avgmfx86 - ok
13:26:34.0465 3696 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
13:26:34.0465 3696 Avgrkx86 - ok
13:26:34.0481 3696 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
13:26:34.0481 3696 Avgtdix - ok
13:26:34.0528 3696 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
13:26:34.0528 3696 avgtp - ok
13:26:34.0653 3696 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:26:34.0653 3696 avgwd - ok
13:26:34.0699 3696 awservice - ok
13:26:34.0731 3696 bc_tdi_f - ok
13:26:34.0762 3696 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:26:34.0762 3696 Beep - ok
13:26:34.0793 3696 bgsvcgen - ok
13:26:34.0793 3696 bh611 - ok
13:26:34.0809 3696 blbdrive - ok
13:26:34.0933 3696 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:26:34.0933 3696 Bonjour Service - ok
13:26:34.0949 3696 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:26:34.0949 3696 bowser - ok
13:26:34.0980 3696 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:26:34.0980 3696 BrFiltLo - ok
13:26:34.0996 3696 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:26:34.0996 3696 BrFiltUp - ok
13:26:35.0011 3696 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:26:35.0011 3696 Browser - ok
13:26:35.0043 3696 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:26:35.0043 3696 Brserid - ok
13:26:35.0058 3696 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:26:35.0058 3696 BrSerWdm - ok
13:26:35.0058 3696 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:26:35.0058 3696 BrUsbMdm - ok
13:26:35.0074 3696 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:26:35.0074 3696 BrUsbSer - ok
13:26:35.0089 3696 [ 9FBA4CA01983CA906300C6F49FE403EC ] BS_I2cIo C:\Windows\system32\drivers\BS_I2cIo.sys
13:26:35.0105 3696 BS_I2cIo - ok
13:26:35.0105 3696 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:26:35.0105 3696 BTHMODEM - ok
13:26:35.0136 3696 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:26:35.0136 3696 cdfs - ok
13:26:35.0167 3696 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:26:35.0167 3696 cdrom - ok
13:26:35.0183 3696 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:26:35.0183 3696 CertPropSvc - ok
13:26:35.0199 3696 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
13:26:35.0199 3696 circlass - ok
13:26:35.0230 3696 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:26:35.0230 3696 CLFS - ok
13:26:35.0511 3696 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:35.0511 3696 clr_optimization_v2.0.50727_32 - ok
13:26:35.0589 3696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:35.0604 3696 clr_optimization_v4.0.30319_32 - ok
13:26:35.0620 3696 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:26:35.0620 3696 cmdide - ok
13:26:35.0635 3696 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:26:35.0635 3696 Compbatt - ok
13:26:35.0651 3696 COMSysApp - ok
13:26:35.0682 3696 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:26:35.0682 3696 crcdisk - ok
13:26:35.0682 3696 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:26:35.0682 3696 Crusoe - ok
13:26:35.0729 3696 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:26:35.0729 3696 CryptSvc - ok
13:26:35.0745 3696 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
13:26:35.0745 3696 CSC - ok
13:26:35.0776 3696 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
13:26:35.0791 3696 CscService - ok
13:26:35.0807 3696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:26:35.0807 3696 DcomLaunch - ok
13:26:35.0885 3696 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:26:35.0932 3696 DFSR - ok
13:26:35.0947 3696 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:26:35.0947 3696 Dhcp - ok
13:26:35.0979 3696 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:26:35.0979 3696 disk - ok
13:26:35.0979 3696 [ 30A08728740E71947AE1E073B5CE69B4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:26:35.0979 3696 Dnscache - ok
13:26:36.0010 3696 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:26:36.0010 3696 dot3svc - ok
13:26:36.0041 3696 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:26:36.0041 3696 Dot4 - ok
13:26:36.0057 3696 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:26:36.0057 3696 Dot4Print - ok
13:26:36.0072 3696 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:26:36.0072 3696 dot4usb - ok
13:26:36.0088 3696 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:26:36.0103 3696 DPS - ok
13:26:36.0119 3696 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:26:36.0119 3696 drmkaud - ok
13:26:36.0166 3696 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:26:36.0166 3696 DXGKrnl - ok
13:26:36.0213 3696 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:26:36.0213 3696 E1G60 - ok
13:26:36.0228 3696 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:26:36.0228 3696 EapHost - ok
13:26:36.0259 3696 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:26:36.0259 3696 Ecache - ok
13:26:36.0291 3696 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:26:36.0291 3696 elxstor - ok
13:26:36.0337 3696 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:26:36.0337 3696 EMDMgmt - ok
13:26:36.0415 3696 esgiguard - ok
13:26:36.0447 3696 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:26:36.0447 3696 EventSystem - ok
13:26:36.0478 3696 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:26:36.0478 3696 exfat - ok
13:26:36.0493 3696 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:26:36.0493 3696 fastfat - ok
13:26:36.0525 3696 fasttrackinstallerservice - ok
13:26:36.0571 3696 FastUserSwitchingCompatibility - ok
13:26:36.0603 3696 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
13:26:36.0603 3696 Fax - ok
13:26:36.0634 3696 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:26:36.0634 3696 fdc - ok
13:26:36.0649 3696 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:26:36.0649 3696 fdPHost - ok
13:26:36.0681 3696 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:26:36.0681 3696 FDResPub - ok
13:26:36.0712 3696 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:26:36.0712 3696 FileInfo - ok
13:26:36.0727 3696 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:26:36.0727 3696 Filetrace - ok
13:26:36.0759 3696 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:36.0759 3696 flpydisk - ok
13:26:36.0805 3696 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:26:36.0805 3696 FltMgr - ok
13:26:37.0008 3696 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
13:26:37.0008 3696 FontCache - ok
13:26:37.0086 3696 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:26:37.0086 3696 FontCache3.0.0.0 - ok
13:26:37.0117 3696 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:26:37.0117 3696 Fs_Rec - ok
13:26:37.0133 3696 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:26:37.0133 3696 gagp30kx - ok
13:26:37.0149 3696 gdihook5 - ok
13:26:37.0164 3696 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:26:37.0180 3696 GEARAspiWDM - ok
13:26:37.0211 3696 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:26:37.0227 3696 gpsvc - ok
13:26:37.0289 3696 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:26:37.0289 3696 gupdate - ok
13:26:37.0289 3696 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:26:37.0289 3696 gupdatem - ok
13:26:37.0336 3696 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:26:37.0336 3696 HdAudAddService - ok
13:26:37.0367 3696 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:26:37.0367 3696 HDAudBus - ok
13:26:37.0398 3696 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:26:37.0398 3696 HidBth - ok
13:26:37.0414 3696 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:26:37.0414 3696 HidIr - ok
13:26:37.0429 3696 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
13:26:37.0429 3696 hidserv - ok
13:26:37.0445 3696 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:26:37.0445 3696 HidUsb - ok
13:26:37.0461 3696 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:26:37.0461 3696 hkmsvc - ok
13:26:37.0492 3696 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:26:37.0492 3696 HpCISSs - ok
13:26:37.0663 3696 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:26:37.0663 3696 hpqcxs08 - ok
13:26:37.0679 3696 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:26:37.0679 3696 hpqddsvc - ok
13:26:37.0804 3696 [ 4D6EB87DCABFD66221822F49CFD79077 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:26:37.0819 3696 HTTP - ok
13:26:37.0851 3696 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:26:37.0851 3696 i2omp - ok
13:26:37.0913 3696 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:26:37.0913 3696 i8042prt - ok
13:26:37.0944 3696 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:26:38.0007 3696 iaStorV - ok
13:26:38.0272 3696 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:26:38.0709 3696 idsvc - ok
13:26:38.0740 3696 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:26:38.0740 3696 iirsp - ok
13:26:38.0818 3696 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:26:38.0818 3696 IKEEXT - ok
13:26:38.0849 3696 [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide C:\Windows\system32\drivers\intelide.sys
13:26:38.0865 3696 intelide - ok
13:26:38.0880 3696 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:26:38.0880 3696 intelppm - ok
13:26:38.0911 3696 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:26:38.0911 3696 IPBusEnum - ok
13:26:38.0943 3696 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:38.0943 3696 IpFilterDriver - ok
13:26:38.0958 3696 IpInIp - ok
13:26:38.0974 3696 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:26:38.0989 3696 IPMIDRV - ok
13:26:39.0005 3696 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:26:39.0021 3696 IPNAT - ok
13:26:39.0192 3696 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:26:39.0239 3696 iPod Service - ok
13:26:39.0270 3696 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:26:39.0270 3696 IRENUM - ok
13:26:39.0286 3696 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:26:39.0286 3696 isapnp - ok
13:26:39.0348 3696 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:26:39.0348 3696 iScsiPrt - ok
13:26:39.0364 3696 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:26:39.0364 3696 iteatapi - ok
13:26:39.0395 3696 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:26:39.0411 3696 iteraid - ok
13:26:39.0426 3696 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:26:39.0426 3696 kbdclass - ok
13:26:39.0473 3696 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:26:39.0473 3696 kbdhid - ok
13:26:39.0504 3696 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
13:26:39.0504 3696 KeyIso - ok
13:26:39.0535 3696 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:26:39.0660 3696 KSecDD - ok
13:26:39.0707 3696 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:26:39.0723 3696 KtmRm - ok
13:26:39.0754 3696 [ 43446F197C74EF2030F84B3A4F39D570 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:26:39.0754 3696 LanmanServer - ok
13:26:39.0801 3696 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:26:39.0801 3696 LanmanWorkstation - ok
13:26:39.0847 3696 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:26:39.0847 3696 lltdio - ok
13:26:39.0925 3696 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:26:40.0050 3696 lltdsvc - ok
13:26:40.0097 3696 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:26:40.0097 3696 lmhosts - ok
13:26:40.0144 3696 lmimaint - ok
13:26:40.0175 3696 lp6nds35 - ok
13:26:40.0222 3696 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:26:40.0222 3696 LSI_FC - ok
13:26:40.0237 3696 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:26:40.0237 3696 LSI_SAS - ok
13:26:40.0269 3696 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:26:40.0269 3696 LSI_SCSI - ok
13:26:40.0284 3696 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:26:40.0284 3696 luafv - ok
13:26:40.0331 3696 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:26:40.0347 3696 MBAMProtector - ok
13:26:40.0409 3696 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:26:40.0440 3696 MBAMService - ok
13:26:40.0487 3696 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
13:26:40.0487 3696 MBAMSwissArmy - ok
13:26:40.0534 3696 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
13:26:40.0534 3696 megasas - ok
13:26:40.0549 3696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:26:40.0565 3696 MMCSS - ok
13:26:40.0581 3696 MobilePreInstallerService - ok
13:26:40.0627 3696 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:26:40.0643 3696 Modem - ok
13:26:40.0690 3696 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:26:40.0690 3696 monitor - ok
13:26:40.0705 3696 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:26:40.0721 3696 mouclass - ok
13:26:40.0752 3696 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:26:40.0752 3696 mouhid - ok
13:26:40.0783 3696 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:26:40.0783 3696 MountMgr - ok
13:26:40.0830 3696 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:26:40.0830 3696 MozillaMaintenance - ok
13:26:40.0846 3696 mozybackup - ok
13:26:40.0861 3696 mpfp - ok
13:26:40.0893 3696 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
13:26:40.0893 3696 mpio - ok
13:26:40.0924 3696 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:26:40.0924 3696 mpsdrv - ok
13:26:40.0955 3696 mqdmbus - ok
13:26:40.0986 3696 mqdmmdfl - ok
13:26:41.0017 3696 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:26:41.0017 3696 Mraid35x - ok
13:26:41.0049 3696 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:26:41.0049 3696 MRxDAV - ok
13:26:41.0095 3696 [ 317EB668973951BAD512EE8BEBF9ED25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:41.0095 3696 mrxsmb - ok
13:26:41.0127 3696 [ 05716F0203B5C774A87384A1FF7B968F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:41.0127 3696 mrxsmb10 - ok
13:26:41.0127 3696 [ C70C50D101B92B45C42BA11EA9FE6CD1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:41.0127 3696 mrxsmb20 - ok
13:26:41.0142 3696 [ F0EC3A4E0693A34B148723B4DA31668C ] msahci C:\Windows\system32\drivers\msahci.sys
13:26:41.0158 3696 msahci - ok
13:26:41.0173 3696 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:26:41.0173 3696 msdsm - ok
13:26:41.0189 3696 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:26:41.0205 3696 MSDTC - ok
13:26:41.0251 3696 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:26:41.0251 3696 Msfs - ok
13:26:41.0283 3696 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:26:41.0283 3696 msisadrv - ok
13:26:41.0329 3696 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:26:41.0329 3696 MSiSCSI - ok
13:26:41.0329 3696 msiserver - ok
13:26:41.0376 3696 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:26:41.0376 3696 MSKSSRV - ok
13:26:41.0392 3696 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:41.0392 3696 MSPCLOCK - ok
13:26:41.0407 3696 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:26:41.0407 3696 MSPQM - ok
13:26:41.0423 3696 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:26:41.0439 3696 MsRPC - ok
13:26:41.0454 3696 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:26:41.0454 3696 mssmbios - ok
13:26:41.0485 3696 MSSQL$AUTODESKVAULT - ok
13:26:41.0501 3696 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:26:41.0501 3696 MSTEE - ok
13:26:41.0517 3696 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:26:41.0517 3696 Mup - ok
13:26:41.0548 3696 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:26:41.0548 3696 napagent - ok
13:26:41.0579 3696 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:26:41.0579 3696 NativeWifiP - ok
13:26:41.0610 3696 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:26:41.0641 3696 NDIS - ok
13:26:41.0657 3696 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:41.0657 3696 NdisTapi - ok
13:26:41.0673 3696 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:41.0673 3696 Ndisuio - ok
13:26:41.0704 3696 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:41.0704 3696 NdisWan - ok
13:26:41.0719 3696 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:26:41.0719 3696 NDProxy - ok
13:26:41.0735 3696 NEC Usb3.0 - ok
13:26:41.0766 3696 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:26:41.0766 3696 Net Driver HPZ12 - ok
13:26:41.0782 3696 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:26:41.0782 3696 NetBIOS - ok
13:26:41.0813 3696 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:26:41.0813 3696 netbt - ok
13:26:41.0813 3696 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
13:26:41.0813 3696 Netlogon - ok
13:26:41.0844 3696 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:26:41.0844 3696 Netman - ok
13:26:41.0844 3696 netmdsb - ok
13:26:41.0907 3696 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:26:41.0907 3696 netprofm - ok
13:26:41.0938 3696 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:26:41.0953 3696 NetTcpPortSharing - ok
13:26:41.0953 3696 NETw4v32 - ok
13:26:41.0969 3696 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:26:41.0985 3696 nfrd960 - ok
13:26:42.0000 3696 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:26:42.0016 3696 NlaSvc - ok
13:26:42.0031 3696 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:26:42.0031 3696 Npfs - ok
13:26:42.0063 3696 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:26:42.0063 3696 nsi - ok
13:26:42.0078 3696 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:26:42.0078 3696 nsiproxy - ok
13:26:42.0141 3696 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:26:42.0172 3696 Ntfs - ok
13:26:42.0172 3696 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:26:42.0172 3696 ntrigdigi - ok
13:26:42.0187 3696 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:26:42.0203 3696 Null - ok
13:26:42.0203 3696 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:26:42.0203 3696 nvraid - ok
13:26:42.0219 3696 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:26:42.0219 3696 nvstor - ok
13:26:42.0234 3696 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:26:42.0234 3696 nv_agp - ok
13:26:42.0250 3696 NwlnkFlt - ok
13:26:42.0250 3696 NwlnkFwd - ok
13:26:42.0265 3696 ofcservice - ok
13:26:42.0297 3696 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:26:42.0297 3696 ohci1394 - ok
13:26:42.0328 3696 oracle_load_balancer_60_server-forms6ip9 - ok
13:26:42.0406 3696 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:26:42.0437 3696 ose - ok
13:26:42.0562 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:26:42.0562 3696 p2pimsvc - ok
13:26:42.0655 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:26:42.0655 3696 p2psvc - ok
13:26:42.0733 3696 [ 509039B85C95E6E85CB7A8E3465FB702 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
13:26:42.0734 3696 PAC207 - ok
13:26:42.0781 3696 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:26:42.0781 3696 Parport - ok
13:26:42.0797 3696 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:26:42.0797 3696 partmgr - ok
13:26:42.0828 3696 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:26:42.0828 3696 Parvdm - ok
13:26:42.0844 3696 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:26:42.0844 3696 PcaSvc - ok
13:26:42.0875 3696 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:26:42.0875 3696 pci - ok
13:26:42.0906 3696 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
13:26:42.0922 3696 pciide - ok
13:26:42.0937 3696 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:26:42.0937 3696 pcmcia - ok
13:26:42.0953 3696 PCTINDIS5 - ok
13:26:42.0968 3696 pdlnafac - ok
13:26:43.0000 3696 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:26:43.0015 3696 PEAUTH - ok
13:26:43.0046 3696 pfmodnt - ok
13:26:43.0078 3696 pid_0928 - ok
13:26:43.0280 3696 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:26:43.0280 3696 pla - ok
13:26:43.0312 3696 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:26:43.0312 3696 PlugPlay - ok
13:26:43.0343 3696 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:26:43.0343 3696 Pml Driver HPZ12 - ok
13:26:43.0390 3696 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
13:26:43.0390 3696 PnkBstrA - ok
13:26:43.0421 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:26:43.0421 3696 PNRPAutoReg - ok
13:26:43.0436 3696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:26:43.0436 3696 PNRPsvc - ok
13:26:43.0468 3696 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:26:43.0468 3696 PolicyAgent - ok
13:26:43.0499 3696 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:26:43.0499 3696 PptpMiniport - ok
13:26:43.0530 3696 prism_a02 - ok
13:26:43.0577 3696 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
13:26:43.0592 3696 Processor - ok
13:26:43.0592 3696 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:26:43.0608 3696 ProfSvc - ok
13:26:43.0608 3696 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
13:26:43.0608 3696 ProtectedStorage - ok
13:26:43.0624 3696 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:26:43.0639 3696 PSched - ok
13:26:43.0655 3696 pxfhmdm - ok
13:26:43.0702 3696 [ B1AD87B4C97B6B59FCD075001E76865F ] QCDonner C:\Windows\system32\DRIVERS\LVCD.sys
13:26:43.0702 3696 QCDonner - ok
13:26:43.0748 3696 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:26:43.0780 3696 ql2300 - ok
13:26:43.0795 3696 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:26:43.0795 3696 ql40xx - ok
13:26:43.0826 3696 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:26:43.0826 3696 QWAVE - ok
13:26:43.0842 3696 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:26:43.0842 3696 QWAVEdrv - ok
13:26:43.0873 3696 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:26:43.0873 3696 RasAcd - ok
13:26:43.0904 3696 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:26:43.0904 3696 RasAuto - ok
13:26:43.0936 3696 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:26:43.0951 3696 Rasl2tp - ok
13:26:43.0982 3696 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:26:43.0982 3696 RasMan - ok
13:26:44.0014 3696 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:26:44.0014 3696 RasPppoe - ok
13:26:44.0045 3696 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:26:44.0045 3696 RasSstp - ok
13:26:44.0060 3696 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:26:44.0076 3696 rdbss - ok
13:26:44.0076 3696 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:26:44.0076 3696 RDPCDD - ok
13:26:44.0092 3696 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
13:26:44.0107 3696 rdpdr - ok
13:26:44.0107 3696 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:26:44.0107 3696 RDPENCDD - ok
13:26:44.0123 3696 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:26:44.0138 3696 RDPWD - ok
13:26:44.0154 3696 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:26:44.0154 3696 RemoteAccess - ok
13:26:44.0170 3696 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:26:44.0170 3696 RemoteRegistry - ok
13:26:44.0185 3696 retroexplauncher - ok
13:26:44.0216 3696 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
13:26:44.0216 3696 RimUsb - ok
13:26:44.0248 3696 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
13:26:44.0248 3696 RimVSerPort - ok
13:26:44.0248 3696 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:26:44.0248 3696 ROOTMODEM - ok
13:26:44.0263 3696 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:26:44.0263 3696 RpcLocator - ok
13:26:44.0310 3696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:26:44.0310 3696 RpcSs - ok
13:26:44.0341 3696 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:26:44.0341 3696 rspndr - ok
13:26:44.0357 3696 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:26:44.0357 3696 RTL8169 - ok
13:26:44.0419 3696 [ D5D2E9F785FDA3C1E021FDE9F218C7F5 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
13:26:44.0435 3696 RTL8187B - ok
13:26:44.0482 3696 rtl8187Se - ok
13:26:44.0513 3696 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
13:26:44.0528 3696 RtlProt - ok
13:26:44.0544 3696 SaiClass - ok
13:26:44.0575 3696 SaiU040B - ok
13:26:44.0575 3696 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
13:26:44.0575 3696 SamSs - ok
13:26:44.0606 3696 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:26:44.0622 3696 sbp2port - ok
13:26:44.0638 3696 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:26:44.0638 3696 SCardSvr - ok
13:26:44.0684 3696 [ 323AE0BDFD2EB15B668DDA50CC597329 ] Schedule C:\Windows\system32\schedsvc.dll
13:26:44.0684 3696 Schedule - ok
13:26:44.0700 3696 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:26:44.0700 3696 SCPolicySvc - ok
13:26:44.0731 3696 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:26:44.0731 3696 SDRSVC - ok
13:26:44.0747 3696 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:26:44.0747 3696 secdrv - ok
13:26:44.0778 3696 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:26:44.0778 3696 seclogon - ok
13:26:44.0809 3696 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
13:26:44.0809 3696 SENS - ok
13:26:44.0840 3696 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:26:44.0856 3696 Serenum - ok
13:26:44.0872 3696 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:26:44.0872 3696 Serial - ok
13:26:44.0887 3696 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:26:44.0887 3696 sermouse - ok
13:26:44.0903 3696 service - ok
13:26:44.0934 3696 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:26:44.0934 3696 SessionEnv - ok
13:26:44.0950 3696 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:26:44.0950 3696 sffdisk - ok
13:26:44.0965 3696 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:26:44.0965 3696 sffp_mmc - ok
13:26:44.0981 3696 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:26:44.0981 3696 sffp_sd - ok
13:26:44.0981 3696 sfilter - ok
13:26:44.0996 3696 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:26:44.0996 3696 sfloppy - ok
13:26:45.0012 3696 SGIR - ok
13:26:45.0043 3696 [ C818C44C201898399BF999BB6B35D4E3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:26:45.0043 3696 ShellHWDetection - ok
13:26:45.0059 3696 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:26:45.0059 3696 sisagp - ok
13:26:45.0074 3696 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:26:45.0074 3696 SiSRaid2 - ok
13:26:45.0090 3696 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:26:45.0090 3696 SiSRaid4 - ok
13:26:45.0106 3696 sit_prt - ok
13:26:45.0340 3696 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:26:45.0355 3696 slsvc - ok
13:26:45.0402 3696 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:26:45.0402 3696 SLUINotify - ok
13:26:45.0433 3696 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:26:45.0433 3696 Smb - ok
13:26:45.0464 3696 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:26:45.0464 3696 SNMPTRAP - ok
13:26:45.0496 3696 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:26:45.0511 3696 spldr - ok
13:26:45.0527 3696 [ 524BFBEA40E6E404737CCBC754647A2E ] Spooler C:\Windows\System32\spoolsv.exe
13:26:45.0527 3696 Spooler - ok
13:26:45.0542 3696 [ BAA6018A27857B5FF0C03CE756B4A7A2 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:26:45.0542 3696 srv - ok
13:26:45.0574 3696 [ 6B6F3658E0A58C6C50C5F7FBDF3DF633 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:26:45.0574 3696 srv2 - ok
13:26:45.0605 3696 [ 2D10DE9022822772ADAA120B15A9BD03 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:26:45.0605 3696 srvnet - ok
13:26:45.0652 3696 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:26:45.0652 3696 SSDPSRV - ok
13:26:45.0667 3696 ssoftservice - ok
13:26:45.0714 3696 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:26:45.0714 3696 SstpSvc - ok
13:26:45.0761 3696 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:26:45.0776 3696 stisvc - ok
13:26:45.0792 3696 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:26:45.0792 3696 swenum - ok
13:26:45.0823 3696 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:26:45.0823 3696 swprv - ok
13:26:45.0854 3696 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:26:45.0854 3696 Symc8xx - ok
13:26:45.0854 3696 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:26:45.0870 3696 Sym_hi - ok
13:26:45.0886 3696 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:26:45.0886 3696 Sym_u3 - ok
13:26:45.0901 3696 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:26:45.0917 3696 SysMain - ok
13:26:45.0948 3696 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:26:45.0948 3696 TabletInputService - ok
13:26:45.0964 3696 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:26:45.0979 3696 TapiSrv - ok
13:26:45.0995 3696 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:26:45.0995 3696 TBS - ok
13:26:46.0135 3696 [ 65877AA1B6A7CB797488E831698973E9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:26:46.0166 3696 Tcpip - ok
13:26:46.0213 3696 [ 65877AA1B6A7CB797488E831698973E9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:26:46.0229 3696 Tcpip6 - ok
13:26:46.0244 3696 [ 4B8F496292D40192ACB052E030C023A7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:26:46.0244 3696 tcpipreg - ok
13:26:46.0291 3696 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:26:46.0291 3696 TDPIPE - ok
13:26:46.0322 3696 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:26:46.0322 3696 TDTCP - ok
13:26:46.0354 3696 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:26:46.0354 3696 tdx - ok
13:26:46.0369 3696 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:26:46.0385 3696 TermDD - ok
13:26:46.0400 3696 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:26:46.0416 3696 TermService - ok
13:26:46.0463 3696 tfsndres - ok
13:26:46.0478 3696 [ C818C44C201898399BF999BB6B35D4E3 ] Themes C:\Windows\system32\shsvcs.dll
13:26:46.0478 3696 Themes - ok
13:26:46.0510 3696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:26:46.0510 3696 THREADORDER - ok
13:26:46.0541 3696 tosrfusb - ok
13:26:46.0588 3696 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:26:46.0588 3696 TrkWks - ok
13:26:46.0634 3696 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
13:26:46.0634 3696 TrueSight - ok
13:26:46.0681 3696 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:26:46.0681 3696 TrustedInstaller - ok
13:26:46.0712 3696 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:26:46.0728 3696 tssecsrv - ok
13:26:46.0759 3696 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:26:46.0759 3696 tunmp - ok
13:26:46.0759 3696 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:26:46.0759 3696 tunnel - ok
13:26:46.0775 3696 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:26:46.0790 3696 uagp35 - ok
13:26:46.0822 3696 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:26:46.0822 3696 udfs - ok
13:26:46.0853 3696 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:26:46.0853 3696 UI0Detect - ok
13:26:46.0853 3696 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:26:46.0868 3696 uliagpkx - ok
13:26:46.0884 3696 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:26:46.0884 3696 uliahci - ok
13:26:46.0900 3696 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:26:46.0900 3696 UlSata - ok
13:26:46.0915 3696 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:26:46.0915 3696 ulsata2 - ok
13:26:46.0931 3696 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:26:46.0946 3696 umbus - ok
13:26:46.0946 3696 UMPass - ok
13:26:46.0978 3696 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
13:26:46.0978 3696 UmRdpService - ok
13:26:47.0227 3696 [ 6F3812807B7F4F6A72676A8D6EE95DEA ] UpdaterService C:\ProgramData\UpdaterService\wsupdsvc.exe
13:26:47.0227 3696 UpdaterService - ok
13:26:47.0290 3696 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:26:47.0290 3696 upnphost - ok
13:26:47.0321 3696 us30service - ok
13:26:47.0352 3696 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:26:47.0352 3696 USBAAPL - ok
13:26:47.0414 3696 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:26:47.0414 3696 usbccgp - ok
13:26:47.0461 3696 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:26:47.0461 3696 usbcir - ok
13:26:47.0492 3696 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:26:47.0492 3696 usbehci - ok
13:26:47.0508 3696 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:26:47.0508 3696 usbhub - ok
13:26:47.0524 3696 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:26:47.0524 3696 usbohci - ok
13:26:47.0555 3696 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:26:47.0555 3696 usbprint - ok
13:26:47.0586 3696 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:26:47.0586 3696 usbscan - ok
13:26:47.0602 3696 usbser - ok
13:26:47.0633 3696 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:26:47.0633 3696 USBSTOR - ok
13:26:47.0648 3696 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:26:47.0648 3696 usbuhci - ok
13:26:47.0680 3696 USB_RNDIS - ok
13:26:47.0711 3696 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:26:47.0711 3696 UxSms - ok
13:26:47.0789 3696 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:26:47.0789 3696 vds - ok
13:26:47.0804 3696 vetmsgnt - ok
13:26:47.0836 3696 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:26:47.0836 3696 vga - ok
13:26:47.0882 3696 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:26:47.0882 3696 VgaSave - ok
13:26:47.0898 3696 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:26:47.0898 3696 viaagp - ok
13:26:47.0914 3696 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:26:47.0914 3696 ViaC7 - ok
13:26:47.0945 3696 [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide C:\Windows\system32\drivers\viaide.sys
13:26:47.0945 3696 viaide - ok
13:26:47.0960 3696 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
13:26:47.0960 3696 Viewpoint Manager Service - ok
13:26:47.0992 3696 vmsprog - ok
13:26:48.0023 3696 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:26:48.0023 3696 volmgr - ok
13:26:48.0038 3696 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:26:48.0054 3696 volmgrx - ok
13:26:48.0054 3696 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:26:48.0070 3696 volsnap - ok
13:26:48.0085 3696 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:26:48.0085 3696 vsmraid - ok
13:26:48.0116 3696 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:26:48.0132 3696 VSS - ok
13:26:48.0366 3696 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
13:26:48.0366 3696 vToolbarUpdater12.2.6 - ok
13:26:48.0397 3696 vulfnths - ok
13:26:48.0444 3696 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:26:48.0460 3696 W32Time - ok
13:26:48.0475 3696 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:26:48.0475 3696 WacomPen - ok
13:26:48.0506 3696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:26:48.0506 3696 Wanarp - ok
13:26:48.0506 3696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:26:48.0506 3696 Wanarpv6 - ok
13:26:48.0553 3696 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
13:26:48.0553 3696 wbengine - ok
13:26:48.0616 3696 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:26:48.0631 3696 wcncsvc - ok
13:26:48.0647 3696 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:26:48.0662 3696 WcsPlugInService - ok
13:26:48.0678 3696 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
13:26:48.0678 3696 Wd - ok
13:26:48.0709 3696 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:26:48.0709 3696 Wdf01000 - ok
13:26:48.0740 3696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:26:48.0740 3696 WdiServiceHost - ok
13:26:48.0740 3696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:26:48.0740 3696 WdiSystemHost - ok
13:26:48.0756 3696 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:26:48.0756 3696 WebClient - ok
13:26:48.0803 3696 webrootadminconsole - ok
13:26:48.0850 3696 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:26:48.0850 3696 Wecsvc - ok
13:26:48.0881 3696 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:26:48.0881 3696 wercplsupport - ok
13:26:48.0912 3696 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:26:48.0912 3696 WerSvc - ok
13:26:48.0912 3696 WinHttpAutoProxySvc - ok
13:26:49.0068 3696 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:26:49.0084 3696 Winmgmt - ok
13:26:49.0193 3696 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
13:26:49.0193 3696 WinRM - ok
13:26:49.0396 3696 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:26:49.0411 3696 Wlansvc - ok
13:26:49.0567 3696 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
13:26:49.0567 3696 WLSetupSvc - ok
13:26:49.0614 3696 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:26:49.0614 3696 WmiAcpi - ok
13:26:49.0630 3696 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:26:49.0630 3696 wmiApSrv - ok
13:26:50.0020 3696 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:26:50.0035 3696 WMPNetworkSvc - ok
13:26:50.0098 3696 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:26:50.0098 3696 WPDBusEnum - ok
13:26:50.0160 3696 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:26:50.0176 3696 WpdUsb - ok
13:26:50.0363 3696 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:26:50.0363 3696 WPFFontCache_v0400 - ok
13:26:50.0394 3696 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:26:50.0394 3696 ws2ifsl - ok
13:26:50.0394 3696 WSearch - ok
13:26:50.0425 3696 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:26:50.0425 3696 WUDFRd - ok
13:26:50.0441 3696 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:26:50.0441 3696 wudfsvc - ok
13:26:50.0472 3696 Xyz777s - ok
13:26:50.0488 3696 zebrmdmc - ok
13:26:50.0503 3696 ================ Scan global ===============================
13:26:50.0534 3696 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:26:50.0550 3696 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll
13:26:50.0644 3696 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll
13:26:50.0800 3696 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:26:50.0800 3696 [Global] - ok
13:26:50.0800 3696 ================ Scan MBR ==================================
13:26:50.0831 3696 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:26:51.0346 3696 \Device\Harddisk0\DR0 - ok
13:26:51.0346 3696 ================ Scan VBR ==================================
13:26:51.0377 3696 [ DC0D3EB9CC46389A9C52D81CF4B361FC ] \Device\Harddisk0\DR0\Partition1
13:26:51.0377 3696 \Device\Harddisk0\DR0\Partition1 - ok
13:26:51.0377 3696 ============================================================
13:26:51.0377 3696 Scan finished
13:26:51.0377 3696 ============================================================
13:26:51.0392 3720 Detected object count: 0
13:26:51.0392 3720 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 AM

Posted 08 September 2012 - 01:35 PM

Try and run combofix for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 statesmen

statesmen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 08 September 2012 - 05:02 PM

Hi Gringo,
I was able to run combo fix.


ComboFix 12-09-08.02 - Matt 09/08/2012 14:16:19.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2046.959 [GMT -5:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\UpdaterService
c:\programdata\UpdaterService\wsupdsvc.exe
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\windows\$NtUninstallKB58028$
c:\windows\$NtUninstallKB58028$\4224194916\L\00000004.@
c:\windows\$NtUninstallKB58028$\4224194916\L\1afb2d56
c:\windows\$NtUninstallKB58028$\4224194916\L\201d3dde
c:\windows\$NtUninstallKB58028$\4224194916\L\55490ac4
c:\windows\$NtUninstallKB58028$\4224194916\L\vhtmwbun
c:\windows\system32\3compxe.dll
c:\windows\system32\aavmker4.dll
c:\windows\system32\aksfridge.dll
c:\windows\system32\Anydlc.dll
c:\windows\system32\ATIVTUTW.dll
c:\windows\system32\Bcim.dll
c:\windows\system32\bcoreusb.dll
c:\windows\system32\bobo.dll
c:\windows\system32\certstore.dat
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dmio.dll
c:\windows\system32\e100b.dll
c:\windows\system32\firelm01.dll
c:\windows\system32\flashpnt.dll
c:\windows\system32\hkmsvc.dll
c:\windows\system32\idebusdr.dll
c:\windows\system32\incdpass.dll
c:\windows\system32\mi-raysat_3dsmax9_32.dll
c:\windows\system32\mnmdd.dll
c:\windows\system32\MTC0001_ESB.dll
c:\windows\system32\mvserver.dll
c:\windows\system32\nchssvad.dll
c:\windows\system32\nicconfigsvc.dll
c:\windows\system32\NWHOST.dll
c:\windows\system32\orbmediaservice.dll
c:\windows\system32\Packet.dll
c:\windows\system32\papycpu2.dll
c:\windows\system32\parport.dll
c:\windows\system32\pepifilter.dll
c:\windows\system32\pimsgss.dll
c:\windows\system32\RSAFAL.dll
c:\windows\system32\rtl8029.dll
c:\windows\system32\se27nd5.dll
c:\windows\system32\SE2Bmgmt.dll
c:\windows\system32\shuttleengine.dll
c:\windows\system32\SiRemFil.dll
c:\windows\system32\SQLAgent$MICROSOFTBCM.dll
c:\windows\system32\StkScan.dll
c:\windows\system32\symsecureport.dll
c:\windows\system32\tsircsrv.dll
c:\windows\system32\Udfreadr_xp.dll
c:\windows\system32\UsbDiag.dll
c:\windows\system32\VMAUDIO.dll
c:\windows\system32\w810mdfl.dll
c:\windows\system32\wg4n.dll
c:\windows\system32\yats32.dll
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_A88xXBar
-------\Service_advservice
-------\Service_alim1541
-------\Service_awservice
-------\Service_bc_tdi_f
-------\Service_bgsvcgen
-------\Service_bh611
-------\Service_fasttrackinstallerservice
-------\Service_lmimaint
-------\Service_lp6nds35
-------\Service_MobilePreInstallerService
-------\Service_mozybackup
-------\Service_mpfp
-------\Service_mqdmbus
-------\Service_mqdmmdfl
-------\Service_MSSQL$AUTODESKVAULT
-------\Service_NEC Usb3.0
-------\Service_NETw4v32
-------\Service_ofcservice
-------\Service_oracle_load_balancer_60_server-forms6ip9
-------\Service_pdlnafac
-------\Service_pfmodnt
-------\Service_pid_0928
-------\Service_prism_a02
-------\Service_pxfhmdm
-------\Service_retroexplauncher
-------\Service_rtl8187Se
-------\Service_SaiClass
-------\Service_SaiU040B
-------\Service_service
-------\Service_sfilter
-------\Service_SGIR
-------\Service_sit_prt
-------\Service_ssoftservice
-------\Service_tfsndres
-------\Service_tosrfusb
-------\Service_UMPass
-------\Service_us30service
-------\Service_USB_RNDIS
-------\Service_usbser
-------\Service_vmsprog
-------\Service_vulfnths
-------\Service_webrootadminconsole
-------\Service_Xyz777s
-------\Service_zebrmdmc
-------\Service_UpdaterService
-------\Service_UpdaterService
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 19:34 . 2012-09-08 19:52 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-09-08 19:34 . 2012-09-08 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 18:20 . 2012-09-08 18:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-05 03:56 . 2012-09-06 02:03 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-03 21:45 . 2012-09-03 21:45 -------- d-----w- c:\program files\Common Files\Java
2012-09-03 21:42 . 2012-09-03 21:41 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-03 21:40 . 2012-09-03 21:40 -------- d-----w- c:\programdata\McAfee
2012-08-19 15:48 . 2012-08-19 15:48 -------- d-----w- C:\Sun
2012-08-19 03:32 . 2012-08-23 01:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-19 03:21 . 2012-08-19 16:02 -------- d-----w- c:\program files\Free Window Registry Repair
2012-08-19 03:06 . 2012-08-19 03:06 -------- d-----w- c:\program files\WhiteSmoke_US_New
2012-08-19 03:06 . 2012-08-19 03:06 -------- d-----w- c:\program files\WhiteSmokeTranslator
2012-08-19 03:06 . 2012-08-19 03:05 537464 ----a-w- c:\program files\Uninstall Information\ib_uninst_0\uninstall.exe
2012-08-19 03:02 . 2012-08-19 03:02 -------- d-----w- c:\program files\GUM35EF.tmp
2012-08-19 03:02 . 2012-08-19 03:02 4024320 ----a-w- c:\program files\GUT35F0.tmp
2012-08-19 02:28 . 2012-08-19 16:50 -------- d-----w- c:\users\Matt\AppData\Roaming\AVG
2012-08-17 03:21 . 2012-08-17 03:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 18:24 . 2009-06-28 21:26 279552 ----a-w- c:\windows\system32\services.exe
2012-09-04 01:42 . 2012-08-07 01:35 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-03 21:41 . 2010-12-11 15:59 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-17 02:22 . 2012-05-19 16:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 02:22 . 2012-01-18 15:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2010-01-01 21:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 00:17 . 2012-07-29 23:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-04 01:41 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-04 947808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2Wire Wireless Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1166505335-2327894157-4097946306-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
NECUsb3 REG_MULTI_SZ NEC Usb3.0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
netmdsb
toscosrv
gdihook5
vetmsgnt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-09-21 00:55 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 02:22]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 23:04]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 23:04]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166505335-2327894157-4097946306-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 02:56]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166505335-2327894157-4097946306-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\fvnac7yc.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-73695586.sys
AddRemove-WhiteSmoke Updater Service - c:\programdata\UpdaterService\wsupdsvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-08 14:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-09-08 15:00:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-08 20:00
.
Pre-Run: 135,812,956,160 bytes free
Post-Run: 141,019,103,232 bytes free
.
- - End Of File - - C02CF258316C9BA20D21F97FC0593D85

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 AM

Posted 08 September 2012 - 11:45 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Free Window Registry Repair
c:\program files\WhiteSmoke_US_New
c:\program files\WhiteSmokeTranslator
c:\program files\uTorrentControl2

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 statesmen

statesmen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 09 September 2012 - 12:49 PM

1. report from combo log


ComboFix 12-09-09.02 - Matt 09/09/2012 12:16:12.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2046.1172 [GMT -5:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFscript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Free Window Registry Repair
c:\program files\Free Window Registry Repair\Backup\2012_08_18_222450.reg
c:\program files\Free Window Registry Repair\Backup\2012_08_18_222825.reg
c:\program files\Free Window Registry Repair\Backup\2012_08_19_110203.reg
c:\program files\Free Window Registry Repair\INSTALL.LOG
c:\program files\Free Window Registry Repair\MSN.ssk
c:\program files\Free Window Registry Repair\Regpair.exe
c:\program files\Free Window Registry Repair\Regpair.url
c:\program files\Free Window Registry Repair\Settings.dat
c:\program files\Free Window Registry Repair\Silver.ssk
c:\program files\Free Window Registry Repair\UNWISE.EXE
c:\program files\uTorrentControl2
c:\program files\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl2\ldrtbuTor.dll
c:\program files\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl2\prxtbuTor.dll
c:\program files\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl2\tbuTor.dll
c:\program files\uTorrentControl2\toolbar.cfg
c:\program files\uTorrentControl2\ToolbarContextMenu.xml
c:\program files\uTorrentControl2\uninstall.exe
c:\program files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
c:\program files\WhiteSmoke_US_New
c:\program files\WhiteSmoke_US_New\GottenAppsContextMenu.xml
c:\program files\WhiteSmoke_US_New\ldrtbWhit.dll
c:\program files\WhiteSmoke_US_New\OtherAppsContextMenu.xml
c:\program files\WhiteSmoke_US_New\prxtbWhit.dll
c:\program files\WhiteSmoke_US_New\SharedAppsContextMenu.xml
c:\program files\WhiteSmoke_US_New\tbWhit.dll
c:\program files\WhiteSmoke_US_New\toolbar.cfg
c:\program files\WhiteSmoke_US_New\ToolbarContextMenu.xml
c:\program files\WhiteSmoke_US_New\uninstall.exe
c:\program files\WhiteSmoke_US_New\WhiteSmoke_US_NewToolbarHelper.exe
c:\program files\WhiteSmokeTranslator
c:\program files\WhiteSmokeTranslator\CheckLockedWsDictFiles.exe
c:\program files\WhiteSmokeTranslator\Dictionary48x48.ico
c:\program files\WhiteSmokeTranslator\eng.traineddata
c:\program files\WhiteSmokeTranslator\FuncServer_WDC_x64.exe
c:\program files\WhiteSmokeTranslator\html\english\common\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\common\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\common\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\common\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\common\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\common\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\common\js\common.js
c:\program files\WhiteSmokeTranslator\html\english\common\js\pngfix.js
c:\program files\WhiteSmokeTranslator\html\english\common\js\prototype.js
c:\program files\WhiteSmokeTranslator\html\english\common\js\xmlhttp.js
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\ajax-loader.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\bottom_left_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\bottom_left_corner.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\bottom_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\down_arrow.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\drop_down_input_box.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\empty.jpg
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\input_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\left_input.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\loading_dictionary.swf
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\resize.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\result_area_top_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\result_area_top_bg_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\right_input.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\search_strip_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Background\search_strip_bg2.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\combo_left.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\combo_right.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\dictionary_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\dictionary_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\dictionary_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\dictionary_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\do_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\down_arrow.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\go_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\go_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\go_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\go_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\idioms_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\idioms_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\idioms_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\idioms_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\input_left.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\thesaurus_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\thesaurus_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\thesaurus_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\thesaurus_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\translate_normal.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\translate_pressed.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\translate_rollover.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\translation_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\translation_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\translation_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\Buttons\translation_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_close_down_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_close_over_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_close_up_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max_down_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max_over_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max_up_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max2_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max2_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_max2_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_min_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_min_down_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_min_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_min_over_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_min_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_min_up_.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_re_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_re_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_bar_re_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_strip_right_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\caption_strip_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\logo.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\captionbar\logo.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\popup\screen_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\popup\screen_bg_bottom.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\popup\screen_bg_top.png
c:\program files\WhiteSmokeTranslator\html\english\dict\img\popup\screen_captionbar_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\popup\screen_captionbar_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\img\spacer.gif
c:\program files\WhiteSmokeTranslator\html\english\dict\index.html
c:\program files\WhiteSmokeTranslator\html\english\dict\js\common.js
c:\program files\WhiteSmokeTranslator\html\english\dict\js\Contextmenu.js
c:\program files\WhiteSmokeTranslator\html\english\dict\js\dictInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dict\js\index.html
c:\program files\WhiteSmokeTranslator\html\english\dict\js\jquery-1.3.2.min.js
c:\program files\WhiteSmokeTranslator\html\english\dict\js\jquery.combobox.js
c:\program files\WhiteSmokeTranslator\html\english\dict\js\jquery.js
c:\program files\WhiteSmokeTranslator\html\english\dict\js\prototype.js
c:\program files\WhiteSmokeTranslator\html\english\dict\js\xmlhttp.js
c:\program files\WhiteSmokeTranslator\html\english\dict\style\combobox.css
c:\program files\WhiteSmokeTranslator\html\english\dict\style\Contextmenu.css
c:\program files\WhiteSmokeTranslator\html\english\dict\style\dictionary.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\ajax-loader.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\bottom_left_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\corner_bottom_left.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\corner_bottom_right.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\corner_top_left.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\corner_top_right.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\down_arrow.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\empty.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\input_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\left_input.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\loading_dictionary.swf
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\loading_window.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\resize.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\right_input.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Background\search_strip_bg3.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\dictionary_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\dictionary_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\dictionary_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\dictionary_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\down_arrow.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\go_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\go_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\go_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\go_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\idioms_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\idioms_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\idioms_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\idioms_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\thesaurus_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\thesaurus_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\thesaurus_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\thesaurus_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\translate_normal.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\translate_pressed.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\translate_rollover.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\translation_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\translation_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\translation_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons\translation_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_min_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_min_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_bar_min_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_dictionary_off.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_dictionary_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_dictionary_roll_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_strip_right_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_strip_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_translation_off.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_translation_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\caption_translation_roll_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar\logo.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\popup\screen_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\popup\screen_bg_bottom.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\popup\screen_bg_top.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\popup\screen_captionbar_press.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\popup\screen_captionbar_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\img\spacer.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\index.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\js\common.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\js\Contextmenu.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\js\dictInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\js\jquery.combobox.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\js\jquery.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\js\prototype.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\js\xmlhttp.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\style\combobox.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\style\Contextmenu.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientDic\style\dictionary.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\content\demo\demo.swf
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\faq.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\firewall.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\autocorrect.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\backtomain.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\body_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\bottom_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\cs_01.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\demo_button_over.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\demo_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\enrichmentondemand.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\everywhere.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\explore_01.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\faq_bullet.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\faq_bullet_new.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\faq_button_over.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\faq_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\grammarexp.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\guide_button_over.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\guide_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\make_changes_to_text.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\next.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\prev.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\questions_tbl.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\settings-general.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\settings-shortcut.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\spacer.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\tech_button_over.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\tech_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\us_ws_01.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\us_ws_02.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\us_ws_03.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\us_wsdict_any.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\use_wsdict_in.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\userguide_bullet.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\userguide_bullet2.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\userguide_subbullet.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\whitesmoke_templates.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\writingStyles.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\img\wsnotifierpicture.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\index.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\iframeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\objectSwap.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\style\help.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\style\user_guide.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\technical.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p1.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p11.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p12.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p13.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p14.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p2.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p3.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p4.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p5.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p6.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p7.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p8.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide-p9.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\content\userguide.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\ajax-loader.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\body_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\bottom_left_corner.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\bottom_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\bottom_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\button_f2.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\buttonf2.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\buy_button.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\expired.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\inside_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\left_column_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\loading_dictionary.swf
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\logo.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\logo_in.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\noconnection.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\pen.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\pen_h.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\result_area_top_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\scrbox_bottom.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\scrbox_left.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\scrbox_left_bottom.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\scrbox_left_top.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\scrbox_right.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\scrbox_right_bottom.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\scrbox_right_top.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\scrbox_top.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\screen_title.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\search_strip_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\title_strip_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\title_strip_left.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\title_strip_right.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background\top_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_min_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_min_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_min_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_re_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_re_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_bar_re_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\caption_strip_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar\logo.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\index.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\common.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\iframeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\index.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\js\welcomeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\style\activation.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\style\welcome.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientHelp\style\welcomescreen.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\back.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\banner.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\body_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\captionbar\logo.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\congra.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\continue_button_click.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\continue_button_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\continue_button_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\continue_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\down.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\f2.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\intro.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\loading_window.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\img\welcome.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\index.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\js\regInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientRegistration\style\registration.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\css\index.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Background\left_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Background\logo.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Background\main_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Background\right_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Background\tabcontent_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Background\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\cancel_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\cancel_down.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\cancel_over.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\cancel_up.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\save_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\save_down.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\save_over.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\save_up.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_connection_off.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_connection_on.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_content_off.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_content_on.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_general_off.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_general_on.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_info_off.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_info_on.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_shortcut_off.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_shortcut_on.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons\tab_template.psd
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\index.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\js\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\js\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\js\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\js\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientSettings\js\settingsInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\Background\attic\use_ws_bgNEW.PNG
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\Background\use_ws_bgNEW.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\Background\use_ws_bgNEW.PNG
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\buy_button.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\captionbar\arrow_white.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\captionbar\left_bot_chunk.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\captionbar\right_bot_chunk.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\captionbar\white_x_button.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\close_button.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\close_button_down.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\expired_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\expired_bg.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\expired_bg.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\expired_bg2.png
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\translator-expired.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\UserGuide_Translator.jpg
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\js\iframeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\style\welcome.css
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\welcome_all.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\content\welcome_expired.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\index.html
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\js\welcomeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\dictClientWelcome\style\welcomescreen.css
c:\program files\WhiteSmokeTranslator\html\english\floatingButton\blue-Q-rollover.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton\blue-rollover.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton\blue-X-rollover.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton\blue.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton\index.html
c:\program files\WhiteSmokeTranslator\html\english\floatingButton\red&blue.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\img\Background\howto_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\img\spacer.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\index.html
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\js\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\js\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\js\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\js\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\js\index.js
c:\program files\WhiteSmokeTranslator\html\english\floatingButton_howto\style\style.css
c:\program files\WhiteSmokeTranslator\html\english\floatingMenu\index.html
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\ajax-loader.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\base_fade_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bg_bottom.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\blue_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\blue_bg_.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\blue_bottom_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\blue_dark_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\blue_dark_bg_.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\blue_top_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\blue_top_bg_.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_grey_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_left_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_left_corner.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_left_corner_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_left_corner6.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_right_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_right_corner_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottom_right_corner6.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\bottombar_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\buttons_separator.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\buttons_tray_bottom_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\buttons_tray_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\cascade.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\collapse.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_bl2.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_br2.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_dot.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_menu_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_sub_menu_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_submenu.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_submenu_dis.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_tl2.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\context_tr2.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\Copy of notice_right_top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\corner_bottom_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\corner_bottom_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\corner_top_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\corner_top_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\down_arrow.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\dpreloader.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\dpreloader_left_bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\dpreloader_left_top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\dpreloader_right_bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\dpreloader_right_top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\drop_down_input_box.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\edit_footer_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\edit_footer_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\edit_footer_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\edit_header_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\edit_header_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\edit_header_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\edit_sidefade.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\empty.jpg
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\epreloader_left_bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\epreloader_left_top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\epreloader_right_bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\epreloader_right_top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\feather.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\input_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\inputline_fade_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\left_input.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\left_input_old.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\loading_dictionary.swf
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\main_background.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_checkbox_checked.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_checkbox_unchecked.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_close_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_close_over.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_close_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_left_bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_left_top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_right_bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\notice_right_top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\resize.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\resize_gripper.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\resize_gripper.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\result_area_top_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\result_area_top_bg_.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\right_input.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\right_input_old.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\search_strip_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\search_strip_bg2.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\sideinfoblankimage.jpg
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\spacer.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\spacer_.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\strike_blue.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\strike_green.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\strike_green2.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\strike_purple.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\strike_red.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\summaryline_left_corner.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\summaryline_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\summaryline_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\ticket.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\top_grey_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Background\wslogo.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-btn-press.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-btn-roll-over.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-btn.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-close-press.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-close-rollover.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-close.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-open-press.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-open-rollover.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\Autocorrect-open.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_arrow_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_arrow_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_arrow_roll2.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_arrow_roll3.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_arrowclose_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_disabled.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_over.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\autocorrect_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\bottombar_buynow_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\bottombar_buynow_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\bottombar_buynow_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\bottombar_tellfriend_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\bottombar_tellfriend_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\bottombar_tellfriend_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\input_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_dictionary_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_dictionary_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_dictionary_roll.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_dictionary_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_dictionary_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_dictionary_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_edit_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_edit_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_edit_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_englishlessons_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_englishlessons_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_englishlessons_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_menu_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_menu_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_menu_roll.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_menu_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_menu_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_menu_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_templates_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_templates_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_templates_roll.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_templates_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_templates_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\menuline_templates_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\new_autocorrect_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\new_autocorrect_nofocus.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\notice_userguide_press.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\notice_userguide_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\redo_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\redo_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\redo_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\redo_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\smallclosebutton.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_apply_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_apply_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_apply_roll.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_apply_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_apply_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_apply_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_check_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_check_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_check_roll.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_check_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_check_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\summaryline_check_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\undo_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\undo_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\undo_roll.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\undo_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\x.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\x.jpg
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Buttons\x_hover.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_close_down_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_close_over_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_close_up_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_max_down_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_max_over_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_max_up_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_max2_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_max2_over.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_min_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_min_over.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_min_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_re_down.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_re_down_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_re_over.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_re_over_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_re_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bar_re_up_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bottom_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_bottom_px_old.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_px_old.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_strip_right_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_strip_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_strip_right_corner_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_strip_right_corner6.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_strip_right_corner6.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\caption_strip_under_buttons.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\Copy (2) of logo.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\Copy of logo.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\executive.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\logo.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\logo.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\logo_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\logo_without 2008.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\captionbar\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\close.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\bottom_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\bottom_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\closeButton.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\fadeborder.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\load.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\title.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\top_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\dictionary\top_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\bottom_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\bottom_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\explanation.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\fadeborder.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\horizontal_border.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\qmark.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\qmark_old.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\title.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\title.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\title_synonyms.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\top_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichment\top_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\bottom_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\bottom_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\delete_btn.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\fadeborder.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\qmark.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\title.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\top_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\enrichments\top_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\bottom_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\bottom_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\explanation.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\fadeborder.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\grammarexpclosebutton.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\qmark.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\title.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\top_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\grammar\top_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Menu\help_over.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Menu\help_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Menu\menu_bottom.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Menu\settings_over.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Menu\settings_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Menu\submenu.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Menu\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\open.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\close.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\closedy2.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\content-review.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\down-content.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\li-content.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\open.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\opencq8.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\right-content.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\right-shadow.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\shdow.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\show-report.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\review-section\up-shdow.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\scale\horizontalLine.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\scale\horizontalLine_old.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\scale\scale1.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\scale\scale2.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\scale\scale3.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\scale\scale4.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\scale\scale5.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\scale\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\button_no_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\button_no_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\button_yes_down.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\button_yes_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\ico_analyze.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\ico_complete.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\ico_connection.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\ico_expired.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\loading_window.swf
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_bg_bottom.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_bg_top.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_bg_top_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_bg_top_px.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_bg_top_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_captionbar_press.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_captionbar_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_getitnow_press.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_getitnow_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_ok_press.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_ok_press.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_ok_up.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\screen_ok_up.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\screens\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spacer.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\add_to_dictionary_btn.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\bottom_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\bottom_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\fadeborder.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\qmark.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\title.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\top_bg.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\top_left.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\spelling\top_right.png
c:\program files\WhiteSmokeTranslator\html\english\gui\img\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\gui\index.html
c:\program files\WhiteSmokeTranslator\html\english\gui\js\appInterface.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\builder.pack.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\common.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\Contextmenu.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\controls.pack.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\dictionaryContextMenu.class.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\dragdrop.pack.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\effects.pack.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\enrichmentContextMenu.class.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\enrichmentsContextMenu.class.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\final.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\gmonitor.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\grammarCache.class.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\grammarContextMenu.class.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\js\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\gui\js\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\gui\js\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\gui\js\jqModal.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\jquery-1.2.6.pack.NotUSED.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\jquery-1.3.2.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\jquery-1.3.2.min.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\jquery.ba-throttle-debounce.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\jquery.jeegoocontext.min.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\monitor.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\NonPackedVersion\builder.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\NonPackedVersion\controls.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\NonPackedVersion\dragdrop.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\NonPackedVersion\effects.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\NonPackedVersion\prototype.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\NonPackedVersion\slider.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\NonPackedVersion\sound.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\prototype.pack.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\scriptaculous.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\slider.pack.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\sound.pack.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\spellingContextMenu.class.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\summary.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\supersleight.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\switchcontent.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\tooltip.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\unittest.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\ws_content_manager.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\ws_functions.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\ws_links.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\x.gif
c:\program files\WhiteSmokeTranslator\html\english\gui\js\xmlhttp.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\ypSlideOutMenus.js
c:\program files\WhiteSmokeTranslator\html\english\gui\js\ypSlideOutMenusContext.js
c:\program files\WhiteSmokeTranslator\html\english\gui\style\combobox.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\Contextmenu.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\Copy of indexnew.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\dictionary.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\enrichment.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\enrichments.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\grammar.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\indexnew.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\jeegoo.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\jqModal.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\screens.css
c:\program files\WhiteSmokeTranslator\html\english\gui\style\spelling.css
c:\program files\WhiteSmokeTranslator\html\english\help\content\content\demo\demo.swf
c:\program files\WhiteSmokeTranslator\html\english\help\content\faq.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\firewall.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\autocorrect.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\backtomain.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\body_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\bottom_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\cs_01.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\demo_button_over.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\demo_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\enrichmentondemand.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\everywhere.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\explore_01.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\faq_bullet.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\faq_bullet_new.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\faq_button_over.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\faq_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\grammarexp.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\guide_button_over.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\guide_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\make_changes_to_text.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\next.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\prev.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\questions_tbl.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\settings-general.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\settings-shortcut.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\spacer.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\tech_button_over.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\tech_button_up.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\us_ws_01.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\us_ws_02.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\us_ws_03.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\us_wsdict_any.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\use_wsdict_in.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\userguide_bullet.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\userguide_bullet2.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\userguide_subbullet.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\whitesmoke_templates.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\writingStyles.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\img\wsnotifierpicture.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\index.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\js\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\js\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\help\content\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\help\content\js\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\js\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\help\content\js\iframeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\help\content\js\objectSwap.js
c:\program files\WhiteSmokeTranslator\html\english\help\content\style\help.css
c:\program files\WhiteSmokeTranslator\html\english\help\content\style\user_guide.css
c:\program files\WhiteSmokeTranslator\html\english\help\content\technical.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p1.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p11.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p12.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p13.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p14.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p2.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p3.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p4.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p5.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p6.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p7.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p8.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide-p9.html
c:\program files\WhiteSmokeTranslator\html\english\help\content\userguide.html
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\ajax-loader.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\body_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\bottom_bg.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\bottom_border.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\bottom_left_corner.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\bottom_right_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\bottom_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\bottom_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\button_f2.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\buttonf2.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\buy_button.jpg
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\expired.jpg
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\inside_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\left_border.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\left_bottom_corner.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\left_column_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\loading_dictionary.swf
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\logo.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\logo_in.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\noconnection.jpg
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\pen.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\pen_h.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\result_area_top_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\right_border.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\right_bottom_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\right_bottom_corner.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\right_column_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\scrbox_bottom.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\scrbox_left.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\scrbox_left_bottom.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\scrbox_left_top.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\scrbox_right.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\scrbox_right_bottom.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\scrbox_right_top.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\scrbox_top.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\screen_title.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\search_strip_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\title_strip_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\title_strip_left.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\title_strip_right.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\Background\top_strip.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_min_down.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_min_over.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_min_up.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_re_down.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_re_over.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_bar_re_up.gif
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\caption_strip_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\help\img\captionbar\logo.png
c:\program files\WhiteSmokeTranslator\html\english\help\index.html
c:\program files\WhiteSmokeTranslator\html\english\help\js\common.js
c:\program files\WhiteSmokeTranslator\html\english\help\js\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\help\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\help\js\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\help\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\help\js\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\help\js\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\help\js\iframeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\help\js\index.html
c:\program files\WhiteSmokeTranslator\html\english\help\js\welcomeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\help\style\activation.css
c:\program files\WhiteSmokeTranslator\html\english\help\style\welcome.css
c:\program files\WhiteSmokeTranslator\html\english\help\style\welcomescreen.css
c:\program files\WhiteSmokeTranslator\html\english\notifier\img\close_button.png
c:\program files\WhiteSmokeTranslator\html\english\notifier\img\notifier_main_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\notifier\index.html
c:\program files\WhiteSmokeTranslator\html\english\notifier\start.html
c:\program files\WhiteSmokeTranslator\html\english\registration\img\body_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\registration\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\registration\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\registration\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\registration\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\registration\img\captionbar\logo.png
c:\program files\WhiteSmokeTranslator\html\english\registration\img\congra.png
c:\program files\WhiteSmokeTranslator\html\english\registration\img\continue_button_click.gif
c:\program files\WhiteSmokeTranslator\html\english\registration\img\continue_button_over.gif
c:\program files\WhiteSmokeTranslator\html\english\registration\img\continue_button_up.gif
c:\program files\WhiteSmokeTranslator\html\english\registration\img\intro.jpg
c:\program files\WhiteSmokeTranslator\html\english\registration\img\welcome.png
c:\program files\WhiteSmokeTranslator\html\english\registration\index.html
c:\program files\WhiteSmokeTranslator\html\english\registration\js\regInterface.js
c:\program files\WhiteSmokeTranslator\html\english\registration\style\registration.css
c:\program files\WhiteSmokeTranslator\html\english\settings\css\index.css
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Background\left_bg.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Background\logo.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Background\main_bg.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Background\right_bg.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Background\tabcontent_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Background\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\cancel_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\cancel_down.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\cancel_over.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\cancel_up.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\save_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\save_down.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\save_over.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\save_up.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_connection_off.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_connection_on.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_content_off.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_content_on.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_general_off.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_general_on.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_info_off.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_info_on.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_shortcut_off.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_shortcut_on.png
c:\program files\WhiteSmokeTranslator\html\english\settings\img\Buttons\tab_template.psd
c:\program files\WhiteSmokeTranslator\html\english\settings\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\settings\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\settings\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\settings\index.html
c:\program files\WhiteSmokeTranslator\html\english\settings\js\iepngfix\blank.gif
c:\program files\WhiteSmokeTranslator\html\english\settings\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmokeTranslator\html\english\settings\js\iepngfix\helix.gif
c:\program files\WhiteSmokeTranslator\html\english\settings\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmokeTranslator\html\english\settings\js\iepngfix\iepngfix.html
c:\program files\WhiteSmokeTranslator\html\english\settings\js\iepngfix\opacity.png
c:\program files\WhiteSmokeTranslator\html\english\settings\js\settingsInterface.js
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\bg_center_bottom.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\bg_center_up.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\bg_gray.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\bg_gray_sides.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\bottom_left.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\bottom_right.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\bottom_right_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\bottom_right_corner.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\logo.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\start_bullet.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\template_list_caption.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\template_title_logo.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Background\template_title_logo.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\apply_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\apply_down.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\apply_down.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\apply_over.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\apply_over.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\apply_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\apply_up.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\cancel_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\cancel_down.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\cancel_down.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\cancel_over.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\cancel_over.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\cancel_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\cancel_up.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\suggest_disabled.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\suggest_down.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\suggest_over.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\Buttons\suggest_up.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_min_down.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_min_over.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_min_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_re_down.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_re_over.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\caption_bar_re_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\left_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\right_corner.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\captionbar\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\button_no_down.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\button_no_up.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\button_yes_down.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\button_yes_up.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\ico_analyze.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\ico_complete.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\ico_connection.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\ico_expired.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\loading_window.swf
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_bg.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_bg_bottom.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_bg_top.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_bg_top_left.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_bg_top_px.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_bg_top_right.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_captionbar_press.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_captionbar_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_getitnow_press.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_getitnow_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_ok_press.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\screens\screen_ok_up.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\spacer.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\tree\ajax-loader.gif
c:\program files\WhiteSmokeTranslator\html\english\templates\img\tree\cascade.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\tree\collapse.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\tree\folder.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\tree\loading_dictionary.swf
c:\program files\WhiteSmokeTranslator\html\english\templates\img\tree\template.png
c:\program files\WhiteSmokeTranslator\html\english\templates\img\tree\Thumbs.db
c:\program files\WhiteSmokeTranslator\html\english\templates\index.html
c:\program files\WhiteSmokeTranslator\html\english\templates\js\Contextmenu.js
c:\program files\WhiteSmokeTranslator\html\english\templates\js\prototype.js
c:\program files\WhiteSmokeTranslator\html\english\templates\js\templatesCache.class.js
c:\program files\WhiteSmokeTranslator\html\english\templates\js\templatesInterface.js
c:\program files\WhiteSmokeTranslator\html\english\templates\js\xmlhttp.js
c:\program files\WhiteSmokeTranslator\html\english\templates\style\Contextmenu.css
c:\program files\WhiteSmokeTranslator\html\english\templates\style\index.css
c:\program files\WhiteSmokeTranslator\html\english\templates\style\screens.css
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\Background\splash.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\Background\splash.jpg
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\Background\use_ws_bgNEW.PNG
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\buy_button.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\captionbar\arrow_white.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\captionbar\caption_strip.png
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\captionbar\left_bot_chunk.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\captionbar\right_bot_chunk.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\captionbar\white_x_button.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\close_button.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\close_button_down.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\img\expired_bg.gif
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\js\iframeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\style\welcome.css
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\welcome_all.html
c:\program files\WhiteSmokeTranslator\html\english\welcome\content\welcome_expired.html
c:\program files\WhiteSmokeTranslator\html\english\welcome\index.html
c:\program files\WhiteSmokeTranslator\html\english\welcome\js\welcomeInterface.js
c:\program files\WhiteSmokeTranslator\html\english\welcome\style\welcomescreen.css
c:\program files\WhiteSmokeTranslator\Microsoft.VC80.CRT.manifest
c:\program files\WhiteSmokeTranslator\msvcp80.dll
c:\program files\WhiteSmokeTranslator\msvcr80.dll
c:\program files\WhiteSmokeTranslator\Registration.exe
c:\program files\WhiteSmokeTranslator\settings.ini
c:\program files\WhiteSmokeTranslator\TCCons.dll
c:\program files\WhiteSmokeTranslator\TCCons_x64.dll
c:\program files\WhiteSmokeTranslator\tessdll.dll
c:\program files\WhiteSmokeTranslator\tessdll_x64.dll
c:\program files\WhiteSmokeTranslator\Uninst.exe
c:\program files\WhiteSmokeTranslator\WCapture.dll
c:\program files\WhiteSmokeTranslator\WCapture_x64.dll
c:\program files\WhiteSmokeTranslator\WCaptureMoz\chrome.manifest
c:\program files\WhiteSmokeTranslator\WCaptureMoz\chrome\content\wcapturex.js
c:\program files\WhiteSmokeTranslator\WCaptureMoz\chrome\content\wcapturex.xul
c:\program files\WhiteSmokeTranslator\WCaptureMoz\chrome\content\WcxTrace.js
c:\program files\WhiteSmokeTranslator\WCaptureMoz\components\WCaptureXpcom.dll
c:\program files\WhiteSmokeTranslator\WCaptureMoz\components\WcxComm.xpt
c:\program files\WhiteSmokeTranslator\WCaptureMoz\install.rdf
c:\program files\WhiteSmokeTranslator\WCaptureMoz\plugins\npWCX.dll
c:\program files\WhiteSmokeTranslator\WCaptureX.dll
c:\program files\WhiteSmokeTranslator\WCaptureX_x64.dll
c:\program files\WhiteSmokeTranslator\WCustom.dll
c:\program files\WhiteSmokeTranslator\WCustom_x64.dll
c:\program files\WhiteSmokeTranslator\wcxChrome.crx
c:\program files\WhiteSmokeTranslator\WHook.dll
c:\program files\WhiteSmokeTranslator\WHook_x64.dll
c:\program files\WhiteSmokeTranslator\WMonitorX.dll
c:\program files\WhiteSmokeTranslator\WMonitorX_x64.dll
c:\program files\WhiteSmokeTranslator\WSTrayDictMode.exe
c:\program files\WhiteSmokeTranslator\WSTrayDictMode.exe.manifest
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 17:23 . 2012-09-09 17:25 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-09-09 17:23 . 2012-09-09 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 18:20 . 2012-09-08 18:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-05 03:56 . 2012-09-06 02:03 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-03 21:45 . 2012-09-03 21:45 -------- d-----w- c:\program files\Common Files\Java
2012-09-03 21:42 . 2012-09-03 21:41 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-03 21:40 . 2012-09-03 21:40 -------- d-----w- c:\programdata\McAfee
2012-08-19 15:48 . 2012-08-19 15:48 -------- d-----w- C:\Sun
2012-08-19 03:32 . 2012-08-23 01:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-19 03:06 . 2012-08-19 03:05 537464 ----a-w- c:\program files\Uninstall Information\ib_uninst_0\uninstall.exe
2012-08-19 03:02 . 2012-08-19 03:02 -------- d-----w- c:\program files\GUM35EF.tmp
2012-08-19 03:02 . 2012-08-19 03:02 4024320 ----a-w- c:\program files\GUT35F0.tmp
2012-08-19 02:28 . 2012-08-19 16:50 -------- d-----w- c:\users\Matt\AppData\Roaming\AVG
2012-08-17 03:21 . 2012-08-17 03:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 18:24 . 2009-06-28 21:26 279552 ----a-w- c:\windows\system32\services.exe
2012-09-03 21:41 . 2010-12-11 15:59 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-17 02:22 . 2012-05-19 16:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 02:22 . 2012-01-18 15:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2010-01-01 21:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 00:17 . 2012-07-29 23:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1166505335-2327894157-4097946306-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
NECUsb3 REG_MULTI_SZ NEC Usb3.0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
netmdsb
toscosrv
gdihook5
vetmsgnt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-09-21 00:55 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 02:22]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 23:04]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 23:04]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166505335-2327894157-4097946306-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 02:56]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166505335-2327894157-4097946306-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\fvnac7yc.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\uTorrentControl2\prxtbuTor.dll
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-Free Window Registry Repair - c:\progra~1\FREEWI~1\UNWISE.EXE
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-09 12:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-09-09 12:32:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 17:32
ComboFix2.txt 2012-09-08 20:00
.
Pre-Run: 142,539,763,712 bytes free
Post-Run: 142,421,135,360 bytes free
.
- - End Of File - - AC449F87C424941F0C1A90A58081DB72



2. I still am unable to turn on my windows firewall or do windows updates: Here is what the screen looks like, I have attached a screen shot

print screen of windows update being "null"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 AM

Posted 09 September 2012 - 12:58 PM

"Complete Internet Repair"


  • Download "Complete Internet Repair" and choose run
  • when asked to extract - extract to the desktop
  • open the "Complete Internet Repair" folder
  • double click on "CIntRep.exe"
  • OK any security responces
  • put a Checkmark in all boxes
  • Click on the "GO" button
  • restart the computer

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 statesmen

statesmen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 09 September 2012 - 01:41 PM

Hello Gringo,
I ran the complete internet repair, and now I am unable to connect to the internet ( I am currently on my laptop connected to the internet to post this). I reset my modem and also retarted the computer 3 times.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:43 AM

Posted 09 September 2012 - 02:02 PM

try system restore to before we ran that


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users