Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Virus


  • Please log in to reply
11 replies to this topic

#1 PressSoft

PressSoft

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 25 September 2012 - 04:45 PM

The viruses disabled MSE, Windows firewall, Windows updates. Reinstalling MSE was successful and it caught a numerous sirefef viruses. Please help me to totally remove the viruses, and restore Windows firewall and Windows Updates. Thanks.

Edited by hamluis, 25 September 2012 - 05:03 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:47 AM

Posted 25 September 2012 - 05:32 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 PressSoft

PressSoft
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 26 September 2012 - 04:06 AM

Hi narenxp,

Below are the logs for TDSSKiller, aswMBR, and ESET online scanner.

19:46:09.0578 4904 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:46:10.0031 4904 ============================================================
19:46:10.0031 4904 Current date / time: 2012/09/25 19:46:10.0031
19:46:10.0031 4904 SystemInfo:
19:46:10.0031 4904
19:46:10.0031 4904 OS Version: 5.1.2600 ServicePack: 3.0
19:46:10.0031 4904 Product type: Workstation
19:46:10.0031 4904 ComputerName: GX620-3
19:46:10.0031 4904 UserName: Administrator
19:46:10.0031 4904 Windows directory: C:\WINDOWS
19:46:10.0031 4904 System windows directory: C:\WINDOWS
19:46:10.0031 4904 Processor architecture: Intel x86
19:46:10.0031 4904 Number of processors: 2
19:46:10.0031 4904 Page size: 0x1000
19:46:10.0031 4904 Boot type: Normal boot
19:46:10.0031 4904 ============================================================
19:46:13.0343 4904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:46:13.0375 4904 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:46:13.0437 4904 Drive \Device\Harddisk2\DR4 - Size: 0xE8E180C000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:46:13.0437 4904 ============================================================
19:46:13.0437 4904 \Device\Harddisk0\DR0:
19:46:13.0453 4904 MBR partitions:
19:46:13.0453 4904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:46:13.0453 4904 \Device\Harddisk1\DR1:
19:46:13.0468 4904 MBR partitions:
19:46:13.0468 4904 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A3655FA
19:46:13.0468 4904 \Device\Harddisk2\DR4:
19:46:13.0500 4904 MBR partitions:
19:46:13.0500 4904 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74709843
19:46:13.0500 4904 ============================================================
19:46:13.0531 4904 C: <-> \Device\Harddisk0\DR0\Partition1
19:46:13.0562 4904 H: <-> \Device\Harddisk2\DR4\Partition1
19:46:13.0578 4904 E: <-> \Device\Harddisk1\DR1\Partition1
19:46:13.0578 4904 ============================================================
19:46:13.0578 4904 Initialize success
19:46:13.0578 4904 ============================================================
19:46:19.0296 4844 ============================================================
19:46:19.0296 4844 Scan started
19:46:19.0296 4844 Mode: Manual;
19:46:19.0296 4844 ============================================================
19:46:19.0812 4844 ================ Scan system memory ========================
19:46:19.0828 4844 System memory - ok
19:46:19.0828 4844 ================ Scan services =============================
19:46:19.0968 4844 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:46:19.0968 4844 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:46:20.0078 4844 Abiosdsk - ok
19:46:20.0093 4844 abp480n5 - ok
19:46:20.0156 4844 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:46:20.0156 4844 ACDaemon - ok
19:46:20.0218 4844 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:20.0218 4844 ACPI - ok
19:46:20.0265 4844 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:20.0265 4844 ACPIEC - ok
19:46:20.0328 4844 [ 62AFC64108BBDB8D3CA32AAD559E5AF1 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:46:20.0328 4844 ADIHdAudAddService - ok
19:46:20.0421 4844 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:20.0421 4844 AdobeFlashPlayerUpdateSvc - ok
19:46:20.0437 4844 adpu160m - ok
19:46:20.0468 4844 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:46:20.0468 4844 aec - ok
19:46:20.0531 4844 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:46:20.0531 4844 Afc - ok
19:46:20.0593 4844 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:46:20.0593 4844 AFD - ok
19:46:20.0609 4844 Aha154x - ok
19:46:20.0609 4844 aic78u2 - ok
19:46:20.0625 4844 aic78xx - ok
19:46:20.0734 4844 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:46:20.0734 4844 Alerter - ok
19:46:20.0765 4844 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:46:20.0765 4844 ALG - ok
19:46:20.0781 4844 AliIde - ok
19:46:20.0796 4844 amsint - ok
19:46:20.0843 4844 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:46:20.0859 4844 AppMgmt - ok
19:46:20.0875 4844 asc - ok
19:46:20.0875 4844 asc3350p - ok
19:46:20.0890 4844 asc3550 - ok
19:46:21.0046 4844 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:46:21.0062 4844 aspnet_state - ok
19:46:21.0093 4844 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:21.0093 4844 AsyncMac - ok
19:46:21.0125 4844 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:21.0125 4844 atapi - ok
19:46:21.0140 4844 Atdisk - ok
19:46:21.0187 4844 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:21.0187 4844 Atmarpc - ok
19:46:21.0250 4844 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:46:21.0250 4844 AudioSrv - ok
19:46:21.0312 4844 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:21.0312 4844 audstub - ok
19:46:21.0375 4844 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:46:21.0375 4844 b57w2k - ok
19:46:21.0437 4844 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:46:21.0437 4844 Beep - ok
19:46:21.0531 4844 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:46:21.0546 4844 Bonjour Service - ok
19:46:21.0593 4844 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:46:21.0593 4844 Browser - ok
19:46:21.0640 4844 [ CDD70BF480385425DBDD33A9093957C2 ] Cap7134 C:\WINDOWS\system32\DRIVERS\Cap7134.sys
19:46:21.0640 4844 Cap7134 - ok
19:46:21.0703 4844 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:21.0703 4844 cbidf2k - ok
19:46:21.0843 4844 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
19:46:21.0859 4844 CCALib8 - ok
19:46:21.0906 4844 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:46:21.0906 4844 CCDECODE - ok
19:46:21.0921 4844 cd20xrnt - ok
19:46:21.0937 4844 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:21.0937 4844 Cdaudio - ok
19:46:21.0968 4844 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:21.0984 4844 Cdfs - ok
19:46:22.0046 4844 [ 223DEA13C9D064BABC882B4727F6F905 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
19:46:22.0046 4844 Cdr4_xp - ok
19:46:22.0093 4844 [ 9E26599599D178E71AFB5599E146031A ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
19:46:22.0093 4844 Cdralw2k - ok
19:46:22.0171 4844 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:22.0171 4844 Cdrom - ok
19:46:22.0234 4844 [ 7BABEAA8B2FCE2A67A38A62A543E291A ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
19:46:22.0546 4844 cdudf_xp - ok
19:46:22.0593 4844 Changer - ok
19:46:22.0625 4844 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:46:22.0640 4844 CiSvc - ok
19:46:22.0687 4844 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:46:22.0687 4844 ClipSrv - ok
19:46:22.0718 4844 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:22.0765 4844 clr_optimization_v2.0.50727_32 - ok
19:46:22.0859 4844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:22.0859 4844 clr_optimization_v4.0.30319_32 - ok
19:46:22.0875 4844 CmdIde - ok
19:46:22.0890 4844 COMSysApp - ok
19:46:22.0906 4844 Cpqarray - ok
19:46:22.0937 4844 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:46:22.0937 4844 CryptSvc - ok
19:46:22.0937 4844 dac2w2k - ok
19:46:22.0953 4844 dac960nt - ok
19:46:23.0000 4844 [ B41CB3AA2E0AAE024B4FB316FE440BE4 ] DasBoot C:\WINDOWS\system32\drivers\DasBoot.SYS
19:46:23.0000 4844 DasBoot - ok
19:46:23.0062 4844 [ 998242A4EDE6992396A90585CC121F2C ] DasBootF C:\WINDOWS\system32\drivers\DasBootF.SYS
19:46:23.0062 4844 DasBootF - ok
19:46:23.0125 4844 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:46:23.0140 4844 DcomLaunch - ok
19:46:23.0187 4844 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:46:23.0187 4844 Dhcp - ok
19:46:23.0218 4844 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:23.0218 4844 Disk - ok
19:46:23.0234 4844 dmadmin - ok
19:46:23.0281 4844 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:46:23.0296 4844 dmboot - ok
19:46:23.0312 4844 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:46:23.0343 4844 dmio - ok
19:46:23.0375 4844 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:46:23.0375 4844 dmload - ok
19:46:23.0437 4844 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:46:23.0437 4844 dmserver - ok
19:46:23.0468 4844 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:46:23.0468 4844 DMusic - ok
19:46:23.0515 4844 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:46:23.0515 4844 Dnscache - ok
19:46:23.0578 4844 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:46:23.0578 4844 Dot3svc - ok
19:46:23.0593 4844 dpti2o - ok
19:46:23.0609 4844 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:23.0609 4844 drmkaud - ok
19:46:23.0656 4844 [ C2D7DED077E021BB2845EA2E782DBB25 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
19:46:23.0718 4844 DVDVRRdr_xp - ok
19:46:23.0765 4844 [ 361C6F74C7C2727B3B51F065444A4B30 ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
19:46:23.0812 4844 dvd_2K - ok
19:46:23.0812 4844 DWMRCS - ok
19:46:23.0859 4844 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:46:23.0859 4844 EapHost - ok
19:46:23.0906 4844 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:46:23.0906 4844 ERSvc - ok
19:46:23.0968 4844 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:46:23.0968 4844 Eventlog - ok
19:46:24.0000 4844 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:46:24.0000 4844 EventSystem - ok
19:46:24.0015 4844 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:24.0015 4844 Fastfat - ok
19:46:24.0078 4844 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:46:24.0078 4844 FastUserSwitchingCompatibility - ok
19:46:24.0109 4844 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:46:24.0109 4844 Fdc - ok
19:46:24.0156 4844 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:46:24.0156 4844 Fips - ok
19:46:24.0250 4844 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:46:24.0250 4844 FLEXnet Licensing Service - ok
19:46:24.0281 4844 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:46:24.0281 4844 Flpydisk - ok
19:46:24.0328 4844 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:46:24.0359 4844 FltMgr - ok
19:46:24.0468 4844 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:46:24.0468 4844 FontCache3.0.0.0 - ok
19:46:24.0484 4844 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:24.0484 4844 Fs_Rec - ok
19:46:24.0500 4844 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:24.0515 4844 Ftdisk - ok
19:46:24.0562 4844 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:46:24.0578 4844 GEARAspiWDM - ok
19:46:24.0640 4844 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:24.0640 4844 Gpc - ok
19:46:24.0687 4844 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
19:46:24.0687 4844 grmnusb - ok
19:46:24.0796 4844 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:46:24.0812 4844 gupdate - ok
19:46:24.0828 4844 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:46:24.0828 4844 gupdatem - ok
19:46:24.0906 4844 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:46:24.0906 4844 gusvc - ok
19:46:24.0953 4844 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:46:24.0953 4844 HDAudBus - ok
19:46:25.0046 4844 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:46:25.0156 4844 helpsvc - ok
19:46:25.0312 4844 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:46:25.0312 4844 HidServ - ok
19:46:25.0375 4844 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:46:25.0375 4844 hidusb - ok
19:46:25.0421 4844 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:46:25.0437 4844 hkmsvc - ok
19:46:25.0453 4844 hpn - ok
19:46:25.0515 4844 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:25.0531 4844 HTTP - ok
19:46:25.0578 4844 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:46:25.0593 4844 HTTPFilter - ok
19:46:25.0609 4844 i2omgmt - ok
19:46:25.0625 4844 i2omp - ok
19:46:25.0656 4844 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
19:46:25.0656 4844 i8042prt - ok
19:46:25.0765 4844 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:46:25.0765 4844 ialm - ok
19:46:25.0828 4844 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:46:25.0828 4844 IDriverT - ok
19:46:25.0937 4844 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:46:25.0984 4844 idsvc - ok
19:46:26.0078 4844 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
19:46:26.0078 4844 IISADMIN - ok
19:46:26.0125 4844 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:26.0125 4844 Imapi - ok
19:46:26.0234 4844 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:46:26.0250 4844 ImapiService - ok
19:46:26.0281 4844 ini910u - ok
19:46:26.0312 4844 IntelIde - ok
19:46:26.0390 4844 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:26.0390 4844 intelppm - ok
19:46:26.0421 4844 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:46:26.0437 4844 Ip6Fw - ok
19:46:26.0515 4844 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:46:26.0515 4844 IpFilterDriver - ok
19:46:26.0546 4844 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:26.0546 4844 IpInIp - ok
19:46:26.0593 4844 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:26.0609 4844 IpNat - ok
19:46:26.0625 4844 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:26.0625 4844 IPSec - ok
19:46:26.0671 4844 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:26.0671 4844 IRENUM - ok
19:46:26.0718 4844 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:26.0718 4844 isapnp - ok
19:46:26.0906 4844 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:46:26.0906 4844 JavaQuickStarterService - ok
19:46:26.0968 4844 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:26.0968 4844 Kbdclass - ok
19:46:26.0984 4844 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:46:26.0984 4844 kbdhid - ok
19:46:27.0015 4844 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:46:27.0015 4844 kmixer - ok
19:46:27.0062 4844 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:27.0062 4844 KSecDD - ok
19:46:27.0140 4844 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:46:27.0140 4844 lanmanserver - ok
19:46:27.0203 4844 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:46:27.0218 4844 lanmanworkstation - ok
19:46:27.0234 4844 lbrtfdc - ok
19:46:27.0312 4844 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:46:27.0312 4844 LmHosts - ok
19:46:27.0390 4844 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:46:27.0390 4844 MDM - ok
19:46:27.0515 4844 [ 10B012345F08D4D82A8EC41736E3D5BA ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
19:46:27.0515 4844 MemeoBackgroundService - ok
19:46:27.0562 4844 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:46:27.0562 4844 Messenger - ok
19:46:27.0593 4844 [ 1E545F69C97DD1B817E5D572A181CA90 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
19:46:27.0640 4844 mmc_2K - ok
19:46:27.0687 4844 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:27.0687 4844 mnmdd - ok
19:46:27.0734 4844 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:46:27.0750 4844 mnmsrvc - ok
19:46:27.0765 4844 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:46:27.0781 4844 Modem - ok
19:46:27.0812 4844 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:27.0812 4844 Mouclass - ok
19:46:27.0843 4844 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:46:27.0843 4844 mouhid - ok
19:46:27.0875 4844 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:27.0875 4844 MountMgr - ok
19:46:27.0937 4844 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:46:27.0937 4844 MpFilter - ok
19:46:28.0109 4844 [ A69630D039C38018689190234F866D77 ] MpKsl3363b7ea C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E26E782A-2891-42CF-8D26-2FD4DD0C8C97}\MpKsl3363b7ea.sys
19:46:28.0109 4844 MpKsl3363b7ea - ok
19:46:28.0125 4844 mraid35x - ok
19:46:28.0140 4844 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:28.0140 4844 MRxDAV - ok
19:46:28.0218 4844 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:28.0234 4844 MRxSmb - ok
19:46:28.0359 4844 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:46:28.0359 4844 MSCamSvc - ok
19:46:28.0421 4844 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:46:28.0421 4844 MSDTC - ok
19:46:28.0468 4844 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:46:28.0468 4844 Msfs - ok
19:46:28.0484 4844 MSIServer - ok
19:46:28.0515 4844 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:28.0515 4844 MSKSSRV - ok
19:46:28.0578 4844 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:46:28.0593 4844 MsMpSvc - ok
19:46:28.0625 4844 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:28.0625 4844 MSPCLOCK - ok
19:46:28.0656 4844 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:28.0656 4844 MSPQM - ok
19:46:28.0687 4844 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:28.0687 4844 mssmbios - ok
19:46:28.0734 4844 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:46:28.0734 4844 MSTEE - ok
19:46:28.0781 4844 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:46:28.0781 4844 Mup - ok
19:46:28.0828 4844 [ 81DC12BEC16BB5BDE55ACAB9F6E61E55 ] mv2 C:\WINDOWS\system32\DRIVERS\mv2.sys
19:46:28.0875 4844 mv2 - ok
19:46:28.0890 4844 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:46:28.0890 4844 NABTSFEC - ok
19:46:28.0953 4844 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:46:28.0984 4844 napagent - ok
19:46:29.0015 4844 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:46:29.0015 4844 NDIS - ok
19:46:29.0046 4844 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:46:29.0046 4844 NdisIP - ok
19:46:29.0078 4844 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:29.0078 4844 NdisTapi - ok
19:46:29.0125 4844 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:29.0125 4844 Ndisuio - ok
19:46:29.0140 4844 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:29.0140 4844 NdisWan - ok
19:46:29.0187 4844 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:29.0187 4844 NDProxy - ok
19:46:29.0203 4844 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:29.0203 4844 NetBIOS - ok
19:46:29.0234 4844 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:29.0234 4844 NetBT - ok
19:46:29.0296 4844 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:46:29.0296 4844 NetDDE - ok
19:46:29.0312 4844 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:46:29.0328 4844 NetDDEdsdm - ok
19:46:29.0375 4844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:46:29.0375 4844 Netlogon - ok
19:46:29.0437 4844 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:46:29.0453 4844 Netman - ok
19:46:29.0500 4844 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:29.0515 4844 NetTcpPortSharing - ok
19:46:29.0531 4844 NgFilter - ok
19:46:29.0546 4844 NgLog - ok
19:46:29.0562 4844 NgVpn - ok
19:46:29.0578 4844 NgWfp - ok
19:46:29.0640 4844 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:46:29.0656 4844 Nla - ok
19:46:29.0765 4844 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
19:46:29.0765 4844 NMSAccessU - ok
19:46:29.0828 4844 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:46:29.0828 4844 Npfs - ok
19:46:29.0859 4844 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:29.0875 4844 Ntfs - ok
19:46:29.0890 4844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:46:29.0890 4844 NtLmSsp - ok
19:46:29.0937 4844 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:46:29.0953 4844 NtmsSvc - ok
19:46:30.0000 4844 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:46:30.0000 4844 Null - ok
19:46:30.0062 4844 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:30.0062 4844 NwlnkFlt - ok
19:46:30.0078 4844 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:30.0078 4844 NwlnkFwd - ok
19:46:30.0187 4844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:46:30.0187 4844 odserv - ok
19:46:30.0250 4844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:30.0250 4844 ose - ok
19:46:30.0296 4844 [ D2BA7E474940363D9DE386F3E437DE04 ] OxFWLF C:\WINDOWS\system32\drivers\OxFWLF.sys
19:46:30.0328 4844 OxFWLF - ok
19:46:30.0390 4844 [ 90DA9AF8F3DFB8D0EA9DB3F6277A0313 ] OXUDIDRV C:\WINDOWS\system32\Drivers\OXUDIDRV_X32.sys
19:46:30.0437 4844 OXUDIDRV - ok
19:46:30.0500 4844 [ 803CF09C795290825607505D37819135 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
19:46:30.0500 4844 PalmUSBD - ok
19:46:30.0546 4844 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:46:30.0546 4844 Parport - ok
19:46:30.0578 4844 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:30.0593 4844 PartMgr - ok
19:46:30.0640 4844 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:30.0640 4844 ParVdm - ok
19:46:30.0734 4844 [ 3BCC05160EB3E6725B22E19C34989503 ] PAVAGENTE C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
19:46:30.0968 4844 PAVAGENTE - ok
19:46:31.0000 4844 [ 275BCFE022931DAE6A0B99A7EA9EBAA6 ] PavAtScheduler C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
19:46:31.0156 4844 PavAtScheduler - ok
19:46:31.0218 4844 [ DE4660F1337674DB4E4AFFA862C4CEFF ] PavProc C:\WINDOWS\system32\DRIVERS\PavProc.sys
19:46:31.0218 4844 PavProc - ok
19:46:31.0281 4844 [ 26FD012366B933D87D9AC786DC906029 ] PavPrSrv C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
19:46:31.0437 4844 PavPrSrv - ok
19:46:31.0500 4844 [ 509A025A39CB3B64A33A67FAA89ED2B3 ] PavReport C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
19:46:31.0796 4844 PavReport - ok
19:46:31.0828 4844 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:31.0828 4844 PCI - ok
19:46:31.0859 4844 PCIDump - ok
19:46:31.0890 4844 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:46:31.0890 4844 PCIIde - ok
19:46:31.0953 4844 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:46:31.0953 4844 Pcmcia - ok
19:46:32.0015 4844 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
19:46:32.0015 4844 pcouffin - ok
19:46:32.0031 4844 PDCOMP - ok
19:46:32.0046 4844 PDFRAME - ok
19:46:32.0062 4844 PDRELI - ok
19:46:32.0093 4844 PDRFRAME - ok
19:46:32.0109 4844 perc2 - ok
19:46:32.0125 4844 perc2hib - ok
19:46:32.0218 4844 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:46:32.0218 4844 PlugPlay - ok
19:46:32.0328 4844 [ A38B3CE68E7F126190CDE4AA3FDF050F ] Pml Driver HPZ12 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
19:46:32.0343 4844 Pml Driver HPZ12 - ok
19:46:32.0359 4844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:46:32.0359 4844 PolicyAgent - ok
19:46:32.0390 4844 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:32.0421 4844 PptpMiniport - ok
19:46:32.0437 4844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:46:32.0453 4844 ProtectedStorage - ok
19:46:32.0484 4844 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:32.0484 4844 Ptilink - ok
19:46:32.0531 4844 [ C6DD0AC8E371E49AA615CDFF7601D869 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
19:46:32.0578 4844 pwd_2k - ok
19:46:32.0640 4844 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:46:32.0640 4844 PxHelp20 - ok
19:46:32.0671 4844 ql1080 - ok
19:46:32.0687 4844 Ql10wnt - ok
19:46:32.0703 4844 ql12160 - ok
19:46:32.0718 4844 ql1240 - ok
19:46:32.0750 4844 ql1280 - ok
19:46:32.0921 4844 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
19:46:32.0921 4844 RapportCerberus_42020 - ok
19:46:33.0031 4844 [ 224C195B31F19CC67DFCDDA6FFE403AE ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
19:46:33.0031 4844 RapportEI - ok
19:46:33.0140 4844 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
19:46:33.0140 4844 RapportIaso - ok
19:46:33.0187 4844 [ BEF9A6B068C2D0882D88A9B688457726 ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys
19:46:33.0187 4844 RapportKELL - ok
19:46:33.0250 4844 [ B9B6D1593F1CDE5C886C47EFA6867FAB ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
19:46:33.0265 4844 RapportMgmtService - ok
19:46:33.0359 4844 [ C8FD0209314FB599AB305584873F5915 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
19:46:33.0359 4844 RapportPG - ok
19:46:33.0421 4844 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:33.0421 4844 RasAcd - ok
19:46:33.0468 4844 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:46:33.0468 4844 RasAuto - ok
19:46:33.0531 4844 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:33.0531 4844 Rasl2tp - ok
19:46:33.0593 4844 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:46:33.0593 4844 RasMan - ok
19:46:33.0625 4844 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:33.0625 4844 RasPppoe - ok
19:46:33.0640 4844 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:33.0640 4844 Raspti - ok
19:46:33.0687 4844 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:33.0703 4844 Rdbss - ok
19:46:33.0718 4844 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:33.0718 4844 RDPCDD - ok
19:46:33.0765 4844 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:46:33.0765 4844 rdpdr - ok
19:46:33.0859 4844 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:33.0859 4844 RDPWD - ok
19:46:33.0953 4844 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:46:34.0015 4844 RDSessMgr - ok
19:46:34.0062 4844 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:34.0062 4844 redbook - ok
19:46:34.0093 4844 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:46:34.0093 4844 RemoteAccess - ok
19:46:34.0171 4844 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:46:34.0171 4844 RemoteRegistry - ok
19:46:34.0218 4844 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:46:34.0250 4844 RpcLocator - ok
19:46:34.0390 4844 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:46:34.0390 4844 RpcSs - ok
19:46:34.0468 4844 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:46:34.0468 4844 RSVP - ok
19:46:34.0515 4844 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:46:34.0515 4844 SamSs - ok
19:46:34.0578 4844 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:46:34.0593 4844 SCardSvr - ok
19:46:34.0640 4844 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:46:34.0656 4844 Schedule - ok
19:46:34.0718 4844 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:34.0734 4844 Secdrv - ok
19:46:34.0781 4844 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:46:34.0781 4844 seclogon - ok
19:46:34.0859 4844 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
19:46:34.0859 4844 senfilt - ok
19:46:34.0921 4844 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
19:46:34.0937 4844 SenFiltService - ok
19:46:34.0984 4844 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:46:34.0984 4844 SENS - ok
19:46:35.0000 4844 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:46:35.0000 4844 serenum - ok
19:46:35.0015 4844 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:46:35.0015 4844 Serial - ok
19:46:35.0078 4844 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:35.0078 4844 Sfloppy - ok
19:46:35.0109 4844 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:46:35.0125 4844 ShellHWDetection - ok
19:46:35.0140 4844 [ 00DEBA8B42EEB9658AC59BDCA025607F ] ShldDrv C:\WINDOWS\system32\drivers\ShldDrv.sys
19:46:35.0218 4844 ShldDrv - ok
19:46:35.0234 4844 Simbad - ok
19:46:35.0296 4844 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:46:35.0296 4844 SkypeUpdate - ok
19:46:35.0359 4844 [ B945AB840441AA298503983417DED190 ] SLClient C:\WINDOWS\system32\slClient.exe
19:46:35.0578 4844 SLClient - ok
19:46:35.0593 4844 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:46:35.0593 4844 SLIP - ok
19:46:35.0671 4844 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:46:35.0671 4844 smwdm - ok
19:46:35.0687 4844 Sparrow - ok
19:46:35.0750 4844 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:46:35.0750 4844 splitter - ok
19:46:35.0812 4844 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:46:35.0812 4844 Spooler - ok
19:46:35.0843 4844 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:35.0843 4844 sr - ok
19:46:35.0875 4844 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:46:35.0875 4844 srservice - ok
19:46:35.0953 4844 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:35.0953 4844 Srv - ok
19:46:36.0000 4844 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:46:36.0000 4844 SSDPSRV - ok
19:46:36.0046 4844 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
19:46:36.0046 4844 StarOpen - ok
19:46:36.0078 4844 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:46:36.0078 4844 stisvc - ok
19:46:36.0109 4844 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:46:36.0109 4844 streamip - ok
19:46:36.0140 4844 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:36.0140 4844 swenum - ok
19:46:36.0156 4844 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:46:36.0156 4844 swmidi - ok
19:46:36.0171 4844 SwPrv - ok
19:46:36.0187 4844 symc810 - ok
19:46:36.0203 4844 symc8xx - ok
19:46:36.0218 4844 sym_hi - ok
19:46:36.0234 4844 sym_u3 - ok
19:46:36.0281 4844 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:36.0296 4844 sysaudio - ok
19:46:36.0328 4844 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:46:36.0328 4844 SysmonLog - ok
19:46:36.0359 4844 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:46:36.0359 4844 TapiSrv - ok
19:46:36.0421 4844 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:36.0421 4844 Tcpip - ok
19:46:36.0468 4844 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:36.0468 4844 TDPIPE - ok
19:46:36.0515 4844 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:36.0515 4844 TDTCP - ok
19:46:36.0562 4844 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:36.0578 4844 TermDD - ok
19:46:36.0625 4844 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:46:36.0625 4844 TermService - ok
19:46:36.0687 4844 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:46:36.0687 4844 Themes - ok
19:46:36.0750 4844 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:46:36.0765 4844 TlntSvr - ok
19:46:36.0812 4844 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
19:46:36.0812 4844 tmcomm - ok
19:46:36.0828 4844 TosIde - ok
19:46:36.0843 4844 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:46:36.0859 4844 TrkWks - ok
19:46:36.0953 4844 [ 679D19FB2D9683FB906DA15E02A91139 ] UDFReadr C:\WINDOWS\system32\drivers\UDFReadr.sys
19:46:37.0015 4844 UDFReadr - ok
19:46:37.0062 4844 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:46:37.0062 4844 Udfs - ok
19:46:37.0109 4844 ultra - ok
19:46:37.0187 4844 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:46:37.0187 4844 Update - ok
19:46:37.0218 4844 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:46:37.0234 4844 upnphost - ok
19:46:37.0265 4844 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:46:37.0265 4844 UPS - ok
19:46:37.0281 4844 USBAAPL - ok
19:46:37.0328 4844 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:46:37.0328 4844 usbaudio - ok
19:46:37.0390 4844 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:37.0390 4844 usbccgp - ok
19:46:37.0421 4844 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:46:37.0421 4844 usbehci - ok
19:46:37.0484 4844 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:37.0500 4844 usbhub - ok
19:46:37.0546 4844 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:46:37.0578 4844 usbscan - ok
19:46:37.0640 4844 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:37.0640 4844 USBSTOR - ok
19:46:37.0656 4844 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:46:37.0656 4844 usbuhci - ok
19:46:37.0687 4844 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:46:37.0687 4844 VgaSave - ok
19:46:37.0734 4844 [ F62C0BEC4E99C4E26291AA11C788285C ] vhdbus C:\WINDOWS\system32\DRIVERS\vhdbus.sys
19:46:37.0734 4844 vhdbus - ok
19:46:37.0750 4844 ViaIde - ok
19:46:38.0406 4844 [ AB623B051669EA0358B6D068D646EE4A ] Virtual Server C:\Program Files\Microsoft Virtual Server\vssrvc.exe
19:46:38.0437 4844 Virtual Server - ok
19:46:38.0515 4844 [ 0F44899FB8D117DAD00BDEE115E49078 ] vmh C:\Program Files\Microsoft Virtual Server\vmh.exe
19:46:38.0515 4844 vmh - ok
19:46:38.0578 4844 [ 817DA66B1B889FAD1DBF669E0E2F3228 ] vmm C:\WINDOWS\system32\Drivers\vmm.sys
19:46:38.0578 4844 vmm - ok
19:46:38.0625 4844 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:38.0625 4844 VolSnap - ok
19:46:38.0671 4844 [ F75AAF3E202E73F7BC43627A358FDFA2 ] VPCNetS2 C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
19:46:38.0671 4844 VPCNetS2 - ok
19:46:38.0765 4844 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:46:38.0781 4844 VSS - ok
19:46:38.0921 4844 [ E26744E5DD71A16E80D4DD5A286B8423 ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
19:46:38.0937 4844 VX3000 - ok
19:46:39.0031 4844 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:46:39.0031 4844 W32Time - ok
19:46:39.0062 4844 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
19:46:39.0062 4844 W3SVC - ok
19:46:39.0109 4844 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:39.0109 4844 Wanarp - ok
19:46:39.0171 4844 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:46:39.0171 4844 Wdf01000 - ok
19:46:39.0187 4844 WDICA - ok
19:46:39.0250 4844 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:39.0250 4844 wdmaud - ok
19:46:39.0281 4844 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:46:39.0296 4844 WebClient - ok
19:46:39.0421 4844 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:46:39.0421 4844 winmgmt - ok
19:46:39.0515 4844 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:46:39.0578 4844 WinRM - ok
19:46:39.0687 4844 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:46:39.0687 4844 WmdmPmSN - ok
19:46:39.0765 4844 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:46:39.0781 4844 Wmi - ok
19:46:39.0843 4844 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:46:39.0843 4844 WmiApSrv - ok
19:46:39.0937 4844 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:46:39.0953 4844 WMPNetworkSvc - ok
19:46:40.0203 4844 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:46:40.0218 4844 WPFFontCache_v0400 - ok
19:46:40.0328 4844 WSearch - ok
19:46:40.0421 4844 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:46:40.0437 4844 WSTCODEC - ok
19:46:40.0500 4844 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:46:40.0500 4844 WudfPf - ok
19:46:40.0531 4844 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:46:40.0531 4844 WudfRd - ok
19:46:40.0562 4844 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:46:40.0562 4844 WudfSvc - ok
19:46:40.0671 4844 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:46:40.0687 4844 WZCSVC - ok
19:46:40.0734 4844 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:46:40.0750 4844 xmlprov - ok
19:46:40.0796 4844 ================ Scan global ===============================
19:46:40.0828 4844 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:46:40.0890 4844 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:46:40.0921 4844 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:46:40.0953 4844 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:46:40.0953 4844 [Global] - ok
19:46:40.0953 4844 ================ Scan MBR ==================================
19:46:40.0984 4844 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:46:41.0156 4844 \Device\Harddisk0\DR0 - ok
19:46:41.0187 4844 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:46:41.0296 4844 \Device\Harddisk1\DR1 - ok
19:46:41.0312 4844 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR4
19:46:41.0328 4844 \Device\Harddisk2\DR4 - ok
19:46:41.0328 4844 ================ Scan VBR ==================================
19:46:41.0328 4844 [ B3FE4A852006CE1201E94B44D1B45420 ] \Device\Harddisk0\DR0\Partition1
19:46:41.0328 4844 \Device\Harddisk0\DR0\Partition1 - ok
19:46:41.0343 4844 [ D04263AA6705F5EFFFBB3C01143EA1D3 ] \Device\Harddisk1\DR1\Partition1
19:46:41.0343 4844 \Device\Harddisk1\DR1\Partition1 - ok
19:46:41.0359 4844 [ C28A5BC42A42F651ED20F7ABA7342078 ] \Device\Harddisk2\DR4\Partition1
19:46:41.0359 4844 \Device\Harddisk2\DR4\Partition1 - ok
19:46:41.0359 4844 ============================================================
19:46:41.0359 4844 Scan finished
19:46:41.0359 4844 ============================================================
19:46:41.0390 5824 Detected object count: 0
19:46:41.0390 5824 Actual detected object count: 0
19:56:41.0062 5156 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-25 19:50:15
-----------------------------
19:50:15.312 OS Version: Windows 5.1.2600 Service Pack 3
19:50:15.312 Number of processors: 2 586 0x409
19:50:15.312 ComputerName: GX620-3 UserName:
19:50:17.546 Initialize success
19:58:15.015 AVAST engine defs: 12092501
19:58:30.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
19:58:30.437 Disk 0 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
19:58:30.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
19:58:30.437 Disk 1 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
19:58:30.437 Disk 0 MBR read successfully
19:58:30.437 Disk 0 MBR scan
19:58:30.484 Disk 0 Windows XP default MBR code
19:58:30.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
19:58:30.515 Disk 0 scanning sectors +976768065
19:58:30.562 Disk 0 scanning C:\WINDOWS\system32\drivers
19:58:56.328 Service scanning
19:59:11.625 Service MpKsl3363b7ea C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E26E782A-2891-42CF-8D26-2FD4DD0C8C97}\MpKsl3363b7ea.sys **LOCKED** 32
19:59:23.734 Service ShldDrv C:\WINDOWS\C:\WINDOWS\system32\DRIVERS\ShldDrv.sys **LOCKED** 123
19:59:33.625 Modules scanning
19:59:34.000 Module: C:\WINDOWS\system32\drivers\DasBootD.SYS **SUSPICIOUS**
19:59:39.000 Disk 0 trace - called modules:
19:59:39.000 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS DasBootS.SYS >>UNKNOWN [0x8ae4b151]<<
19:59:39.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae7a030]
19:59:39.000 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-f[0x8a79e890]
19:59:39.718 AVAST engine scan C:\WINDOWS
20:00:08.078 AVAST engine scan C:\WINDOWS\system32
20:06:52.921 AVAST engine scan C:\WINDOWS\system32\drivers
20:07:40.312 AVAST engine scan C:\Documents and Settings\Administrator
20:29:26.078 AVAST engine scan C:\Documents and Settings\All Users
20:33:27.250 Scan finished successfully
20:38:28.031 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
20:38:28.046 The log file has been saved successfully to "C:\aswMBR.txt"

ESET Online Scanner
C:\Documents and Settings\Administrator\Local Settings\Temp\ICReinstall\cnet2_free_xill_mov_avi_to_flv_flash_wmv_exe[1].exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Administrator\Local Settings\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats
C:\WINDOWS\system32\DBBK\C886CD2B88056B33BEE23DA3649D4143 a variant of Win32/InstallCore.D application
C:\WINDOWS\system32\DBBK\CC471724307616F30C5EB05CC10DDFE3 multiple threats
C:\WINDOWS\system32\DBBK\F700D7BB2BDF5AFE852FF0A187C702B0 a variant of Win32/InstallCore.D application
E:\_download\Hash Checker\cnet2_MD5SHA1DC_zip.exe a variant of Win32/InstallCore.D application
H:\Administrator_Backup_HD\Memeo\Administrator_Backup_HD\E_\_download\Hash Checker\cnet2_MD5SHA1DC_zip.exe a variant of Win32/InstallCore.D application

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:47 AM

Posted 26 September 2012 - 06:45 AM

Please remove the infections detected by ESET scanner

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#5 PressSoft

PressSoft
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 26 September 2012 - 10:45 PM

I am in the process of going through your second set of instruction. I noticed my c:\ drive is filling fast by files located inside c:\Windows\System32\DBBK. It is now at 258 GB. Is it ok to delete the dbbk folder?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:47 AM

Posted 27 September 2012 - 01:08 AM

Remove the folder

#7 PressSoft

PressSoft
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 27 September 2012 - 11:16 PM

Hi narenxp,

Thanks for taking the time to assist me. I ran MalwareBytes twice; once for C:\ and the second time for E:\ and H:\. I aborted the second time as H:\ is almost 1 TB.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GX620-3 [administrator]

9/27/2012 4:26:43 AM
mbam-log-2012-09-27 (04-26-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318767
Time elapsed: 7 hour(s), 4 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GX620-3 [administrator]

9/27/2012 1:08:46 PM
mbam-log-2012-09-27 (13-08-46).txt

Scan type: Full scan (E:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 101185
Time elapsed: 6 hour(s), 30 minute(s), 42 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 27-09-2012 at 19:43:28
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 10483 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : GX620-3 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-13-72-84-F8-86 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.109 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.2 DHCP Server . . . . . . . . . . . : 192.168.1.2 DNS Servers . . . . . . . . . . . : 172.27.35.1 Lease Obtained. . . . . . . . . . : Thursday, September 27, 2012 7:37:28 PM Lease Expires . . . . . . . . . . : Friday, September 28, 2012 7:37:28 PMServer: UnKnown
Address: 172.27.35.1

Name: google.com
Addresses: 74.125.224.201, 74.125.224.206, 74.125.224.192, 74.125.224.193
74.125.224.194, 74.125.224.195, 74.125.224.196, 74.125.224.197, 74.125.224.198
74.125.224.199, 74.125.224.200

Pinging google.com [74.125.224.200] with 32 bytes of data:Reply from 74.125.224.200: bytes=32 time=17ms TTL=53Reply from 74.125.224.200: bytes=32 time=17ms TTL=53Ping statistics for 74.125.224.200: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 17ms, Maximum = 17ms, Average = 17msServer: UnKnown
Address: 172.27.35.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=124ms TTL=51Reply from 72.30.38.140: bytes=32 time=238ms TTL=51Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 124ms, Maximum = 238ms, Average = 181msServer: UnKnown
Address: 172.27.35.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 72 84 f8 86 ...... Broadcom NetXtreme 57xx Gigabit Controller - Virtual Machine Network Services Driver
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.109 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.109 192.168.1.109 20
192.168.1.0 255.255.255.0 192.168.1.109 192.168.1.109 20
192.168.1.109 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.109 192.168.1.109 20
224.0.0.0 240.0.0.0 192.168.1.109 192.168.1.109 20
255.255.255.255 255.255.255.255 192.168.1.109 192.168.1.109 1
Default Gateway: 192.168.1.2
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/27/2012 04:12:49 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070652, P2 mpupdateengine, P3 am fe, P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/27/2012 04:10:03 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.1.522.00x80070424morrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (09/27/2012 04:09:58 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/27/2012 03:43:20 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/27/2012 03:22:17 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/27/2012 03:21:27 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/26/2012 11:12:46 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (09/26/2012 11:05:20 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (09/26/2012 11:02:17 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (09/26/2012 10:58:54 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL


System errors:
=============
Error: (09/27/2012 04:12:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.137.568.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/27/2012 04:12:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.137.568.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/27/2012 04:12:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.137.568.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/27/2012 04:12:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: %NT AUTHORITY15

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/27/2012 04:11:00 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/27/2012 04:10:42 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/27/2012 03:56:59 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
%%1058

Error: (09/27/2012 03:56:59 AM) (Source: DCOM) (User: GX620-3)
Description: DCOM got error "%%1068" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/27/2012 03:51:59 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
%%1058

Error: (09/27/2012 03:51:59 AM) (Source: DCOM) (User: GX620-3)
Description: DCOM got error "%%1068" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (05/26/2012 00:59:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22444 seconds with 6240 seconds of active time. This session ended with a crash.

Error: (08/01/2010 10:31:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/14/2010 00:15:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11283 seconds with 5820 seconds of active time. This session ended with a crash.

Error: (05/11/2009 07:27:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6127 seconds with 1560 seconds of active time. This session ended with a crash.

Error: (04/20/2009 10:32:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1919 seconds with 540 seconds of active time. This session ended with a crash.

Error: (03/31/2009 10:14:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 280 seconds with 120 seconds of active time. This session ended with a crash.

Error: (11/18/2008 10:26:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 2646 seconds with 720 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Acrobat 8 Professional (Version: 8.3.1)
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional (Version: 8.3.1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11 (Version: 11)
ArcSoft MediaImpression 2 (Version: 2.0.14.672)
ArcSoft Scan-n-Stitch Deluxe (Version: 1.1.2.50)
Bonjour (Version: 2.0.4.0)
BUFFALO HD-WIU2/R1 RAID Setup Utility
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.7)
Canon EOS 5D WIA Driver (Version: 5.7)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.2.0.10)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.3 (Version: 3.3.1.1)
Canon Utilities EOS Utility (Version: 2.3.1.3)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities Original Data Security Tools (Version: 1.3.0.0)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.2.0.1)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CDBurnerXP (Version: 4.2.7.1893)
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
Dropbox (Version: 1.4.7)
DVDFab 8.1.2.5 (29/09/2011) Qt
Epson Copy Utility 3.5 (Version: 3.5.0.0)
Epson Event Manager (Version: 2.40.0001)
EPSON Perfection V33/V330 Photo Scanner Driver Update
EPSON Scan
ESET Online Scanner v3
Fast DVD Ripper 1.1
FastStone Photo Resizer 3.1 (Version: 3.1)
FreeUndelete
Garmin c320 City Navigator North America NT v8 (Version: 8.0.2.0)
Garmin City Navigator North America NT 2010.10 Update (Version: 13.0.0.0)
Garmin USB Drivers (Version: 1.0.0.0)
getPlus®_ocx
Google Chrome (Version: 21.0.1180.89)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 3.7.1.9330)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.123)
HandBrake 0.9.6 (Version: 0.9.6)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
hp photosmart 7600 series
HP PrecisionScan LTX
Ideal DVD Copy V4.1.2
Intel® Graphics Media Accelerator Driver
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
K-Lite Codec Pack 4.0.0 (Full) (Version: 4.0.0)
Lexmark Software Uninstall
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Memeo Backup
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Money 2003 (Version: 11.0.80)
Microsoft Money 2003 System Pack (Version: 11.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft RichCopy 4.0 (Version: 4.0.216)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual Server 2005 R2 SP1 (Version: 1.1.603.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
neoDVDstandard (Version: 4)
neoDVDstandard4 (Version: 4)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Palm Desktop (Version: 4.1.0300)
PowerDVD 5.7
Rapport (Version: 3.5.1205.11)
Roxio Easy Media Creator 7 (Version: 7.1.1.189)
Shadow Copy Client (Version: 5.2.01)
Skype™ 5.10 (Version: 5.10.116)
SnagIt 7 (Version: 7.2.5)
SoundMAX (Version: 5.10.01.4542)
Total Video Converter 3.50
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB968220) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Storage Adapter FX (SM1)
Visual CertExam Suite 1.9 (Version: 1.9.815)
VLC media player 0.9.9 (Version: 0.9.9)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus 2.9.8

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3062.07 MB
Available physical RAM: 1955.37 MB
Total Pagefile: 4430.35 MB
Available Pagefile: 3361.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.09 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:388.99 GB) NTFS
4 Drive e: (DATA) (Fixed) (Total:465.7 GB) (Free:297.08 GB) NTFS
5 Drive h: (Backup) (Fixed) (Total:931.52 GB) (Free:169.41 GB) NTFS

========================= Users: ========================================

User accounts for \\GX620-3

Administrator ASPNET Guest
HelpAssistant IUSR_GX620-3 IWAM_GX620-3
rich SUPPORT_388945a0

========================= Restore Points ==================================


**** End of log ****

Farbar Service Scanner Version: 19-09-2012
Ran by Administrator (administrator) on 27-09-2012 at 19:49:01
Running from "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LF6ITSUO"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) Tcpip(4) VPCNetS2(8)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 19:51:12
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - GX620-3
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WMJ6E464\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\Software\OpenCandy

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\afzvccfn.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\afzvccfn.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1558 octets] - [27/09/2012 19:51:12]

########## EOF - C:\AdwCleaner[S1].txt - [1618 octets] ##########

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.1 (09.27.2012)
OS: Microsoft Windows XP x86
Ran by Administrator on Thu 09/27/2012 at 20:59:19.56
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY]

hkey_current_user\software\microsoft\internet

explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY]

hkey_local_machine\software\microsoft\internet

explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY]

hkey_current_user\software\microsoft\windows\currentversion\ex

t\stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa}



*** Files: 0 Detections



*** Folders: 0 Detections



*** Ask Toolbar: - Remnants removed



*** FireFox detected and repaired:

The below lines were deleted from [FF prefs.js]

=============================

=============================



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Thu 09/27/2012 at 21:01:06.07
End of Report

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:47 AM

Posted 28 September 2012 - 03:53 AM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 PressSoft

PressSoft
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 28 September 2012 - 09:25 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Administrator (administrator) on 28-09-2012 at 19:13:09
Running from "C:\Documents and Settings\Administrator\Local

Settings\Temporary Internet Files\Content.IE5\G9R0342W"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
**************************************************************

**

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service

configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default

start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) Tcpip(4) VPCNetS2(8)
0x080000000500000001000000020000000300000004000000060000000700

000008000000
IpSec Tag value is correct.

**** End of log ****


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/28/2012 07:16:57 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows

Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS

file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com

20 out of 10503 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 09/28/2012 07:17:52 PM
Execution time: 0 hours(s), 0 minute(s), and 54 seconds(s)


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat\acrotray.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "ArcSoft Connection Service" "ArcSoft Connect Daemon" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe"
+ "DVDLauncher" "CyberLink PowerCinema Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\dvdlauncher.exe"
+ "DWPersistentQueuedReporting" "Watson Subscriber for SENS Network Notifications" "Microsoft Corporation" "c:\program files\common files\microsoft shared\dw\dwtrig20.exe"
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files\epson software\event manager\eeventmanager.exe"
+ "HPDJ Taskbar Utility" "" "HP" "c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe"
+ "igfxhkcmd" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "igfxpers" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "igfxtray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "LifeCam" "LifeExp.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\lifeexp.exe"
+ "Memeo Backup" "Memeo Backup Launcher" "Memeo Inc." "c:\program files\memeo\autobackup\memeolauncher2.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "RoxioDragToDisc" "Drag To Disc Application" "Roxio" "c:\program files\roxio\easy media creator 7\drag to disc\drgtodsc.exe"
+ "SM1BG" "Cypress USB Mass Storage Driver Background Application" "Cypress Semiconductor" "c:\windows\sm1bg.exe"
+ "SoundMAXPnP" "SMax4PNP MFC Application" "Analog Devices, Inc." "c:\program files\analog devices\core\smax4pnp.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Adobe Gamma Loader.exe.lnk" "Adobe Gamma Loader" "Adobe Systems, Inc." "c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
+ "Windows Search.lnk" "Windows Search System Tray" "Microsoft Corporation" "c:\program files\windows desktop search\windowssearch.exe"
"C:\Documents and Settings\Administrator\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropbox.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe"
+ "msnmsgr" "" "" "File not found: C:\Program Files\Windows Live\Messenger\msnmsgr.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Microsoft AntiMalware ShellExecuteHook" "Shell Execution Monitor" "Microsoft Corporation" "c:\program files\windows defender\mpshhook.dll"
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll"
+ "DVDFAB32" "DVDFab Shell Extension - x86" "Fengtao Software Inc." "c:\program files\dvdfab 8 qt\dvdfabshellex.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SnagItMainShellExt" "SnagIt Shell Extension DLL" "TechSmith Corporation" "c:\program files\techsmith\snagit 7\snagitshellext.dll"
+ "Sprint.ExplorerIntegration" "ABBYY Sprint Integration" "ABBYY" "c:\program files\common files\abbyy\finereadersprint\9.00\integration\sprintintegration.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SnagItMainShellExt" "SnagIt Shell Extension DLL" "TechSmith Corporation" "c:\program files\techsmith\snagit 7\snagitshellext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\easy media creator 7\drag to disc\shellex.dll"
+ "TargetFinderShlExt" "TargetFinder Module" "" "c:\program files\roxio\easy media creator 7\creator classic\targetfinder.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\easy media creator 7\drag to disc\shellex.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "TargetFinderShlExt" "TargetFinder Module" "" "c:\program files\roxio\easy media creator 7\creator classic\targetfinder.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "HelperObject Class" "SnagIt Browser Helper Object for Internet Explorer" "TechSmith Corporation" "c:\program files\techsmith\snagit 7\snagitbho.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "{243B17DE-77C7-46BF-B94B-0B5F309A0E64}" "MoneySide Controls" "Microsoft Corporation" "c:\program files\microsoft money\system\mnyside.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "SnagIt" "SnagIt Add-in for Internet Explorer" "TechSmith Corporation" "c:\program files\techsmith\snagit 7\snagitieaddin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "MoneySide" "MoneySide Controls" "Microsoft Corporation" "c:\program files\microsoft money\system\mnyside.dll"
+ "Sun Java Console" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2iexp.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-2776096696-3986877989-3220956356-500Core.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-2776096696-3986877989-3220956356-500UA.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ABBYY.Licensing.FineReader.Sprint.9.0" "This service is required for the operation of the ABBYY FineReader 9.0 Express Edition licensing mechanism." "ABBYY" "c:\program files\common files\abbyy\finereadersprint\9.00\licensing\networklicenseserver.exe"
+ "ACDaemon" "ArcSoft Connect Service" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acservice.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CCALib8" "Canon Camera Access Library 8" "Canon Inc." "c:\program files\canon\cal\calmain.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MemeoBackgroundService" "Manages background tasks for Memeo applications." "Memeo" "c:\program files\memeo\autobackup\memeobackgroundservice.exe"
+ "MSCamSvc" "MsCamSvc.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\mscams32.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NMSAccessU" "" "" "c:\program files\cdburnerxp\nmsaccessu.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RapportMgmtService" "Central Rapport Management and Monitoring Service" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportmgmtservice.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "Virtual Server" "Provides a virtual machine facility for running multiple machine instances." "Microsoft Corporation" "c:\program files\microsoft virtual server\vssrvc.exe"
+ "vmh" "Provides services necessary to run virtual machines " "Microsoft Corporation" "c:\program files\microsoft virtual server\vmh.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ADIHdAudAddService" "High Definition Audio Function Driver" "Analog Devices, Inc." "c:\windows\system32\drivers\adihdaud.sys"
+ "Afc" "Arcsoft® ASPI Shell" "Arcsoft, Inc." "c:\windows\system32\drivers\afc.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "Cap7134" "cap7134" "AVerMedia TECHNOLOGIES, Inc." "c:\windows\system32\drivers\cap7134.sys"
+ "Cdr4_xp" "CDR4 CD and DVD Place Holder Driver (see PxHelp)" "Sonic Solutions" "c:\windows\system32\drivers\cdr4_xp.sys"
+ "Cdralw2k" "CDRAL Place Holder Driver (see PxHelp)" "Sonic Solutions" "c:\windows\system32\drivers\cdralw2k.sys"
+ "cdudf_xp" "CD-UDF NT Filesystem Driver" "Roxio" "c:\windows\system32\drivers\cdudf_xp.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DasBoot" "" "" "c:\windows\system32\drivers\dasboot.sys"
+ "DasBootF" "" "" "c:\windows\system32\drivers\dasbootf.sys"
+ "dvd_2K" "DVD-RAM AddOn Driver" "Roxio" "c:\windows\system32\drivers\dvd_2k.sys"
+ "DVDVRRdr_xp" "DVDVR Filesystem Reader Driver" "Windows ® 2000 DDK provider" "c:\windows\system32\drivers\dvdvrrdr_xp.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "grmnusb" "grmnusb.sys" "GARMIN Corp." "c:\windows\system32\drivers\grmnusb.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mmc_2K" "CD-R/RW AddOn MMC Driver (W2K)" "Roxio" "c:\windows\system32\drivers\mmc_2k.sys"
+ "MpKsldcbe96c6" "KSLDriver" "Microsoft Corporation" "c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{23678684-af1e-40ca-a788-3aedb8c0ec63}\mpksldcbe96c6.sys"
+ "mv2" "UltraVnc miniport driver2" "UVNC BVBA" "c:\windows\system32\drivers\mv2.sys"
+ "NgFilter" "" "" "File not found: system32\DRIVERS\ngfilter.sys"
+ "NgLog" "" "" "File not found: system32\DRIVERS\nglog.sys"
+ "NgVpn" "" "" "File not found: system32\DRIVERS\ngvpn.sys"
+ "NgWfp" "" "" "File not found: system32\DRIVERS\ngwfp.sys"
+ "OxFWLF" "1394 Filter Driver" "OEM" "c:\windows\system32\drivers\oxfwlf.sys"
+ "OXUDIDRV" "" "" "c:\windows\system32\drivers\oxudidrv_x32.sys"
+ "PalmUSBD" "USB Driver for Palm OS Handheld Devices" "Palm, Inc." "c:\windows\system32\drivers\palmusbd.sys"
+ "PavProc" "Panda Process Protection driver" "Panda Software" "c:\windows\system32\drivers\pavproc.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "pwd_2k" "Win2000 Framework for Packet Write Driver" "Roxio" "c:\windows\system32\drivers\pwd_2k.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RapportCerberus_42020" "" "" "c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus32_42020.sys"
+ "RapportEI" "RapportEI" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportei.sys"
+ "RapportIaso" "RapportIaso" "Trusteer Ltd." "c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys"
+ "RapportKELL" "RapportKE" "Trusteer Ltd." "c:\windows\system32\drivers\rapportkell.sys"
+ "RapportPG" "RapportPG" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportpg.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "senfilt" "Creative WDM Audio Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\senfilt.sys"
+ "SenFiltService" "Creative WDM Audio Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\senfilt.sys"
+ "ShldDrv" "PandaShield driver" "Panda Software" "c:\windows\system32\drivers\shlddrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "StarOpen" "" "" "c:\windows\system32\drivers\staropen.sys"
+ "tmcomm" "TrendMicro Common Module" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "UDFReadr" "CD-UDF NT Filesystem Reader Driver" "Roxio" "c:\windows\system32\drivers\udfreadr.sys"
+ "USBAAPL" "" "" "File not found: System32\Drivers\usbaapl.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YV12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3 Encoder" "AC3Encoder Filter" "ROXIO Inc." "c:\program files\common files\roxio shared\sharedcom\roxioac3enc.dll"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "AC3Filter" "ac3filter" "" "c:\program files\k-lite codec pack\filters\ac3filter.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "AE Analyser" "analyse Filter (Sample)" "Roxio" "c:\program files\common files\roxio shared\sharedcom\aeanalyser.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Avi Source" "Avi Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\avisplitter.ax"
+ "Avi Splitter" "Avi Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\avisplitter.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Canon Image Rotation Filter 1.1" "Canon Image Rotation Filter " "Canon Inc." "c:\program files\canon\mdp\canonrotatefilter.dll"
+ "Canon MDP Motion-JPEG Decoder" "Canon MDP Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files\canon\mdp\canonmdpmjpegdecoder.ax"
+ "CoreVorbis Audio Decoder" "CoreVorbis" "-" "c:\program files\k-lite codec pack\filters\corevorbis.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\claud.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\claudiocd.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\clauts.ax"
+ "CyberLink Video/SP Decoder DELL 5.3" "CyberLink Video/SP Filter DELL 5.3" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\clvsd.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivXNetworks, Inc." "c:\windows\system32\divxdec.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files\k-lite codec pack\filters\monkeysource.ax"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV Source Filter" "FLV Source Filter" "SWiSHzone.com Pty Ltd" "c:\program files\total video converter\flv.ax"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV4 Video Decoder" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LVMWriter" "LVMWriter" "Roxio" "c:\program files\common files\roxio shared\sharedcom\lvmwriter.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "MONOGRAM AMR Decoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Encoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Mux" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Splitter" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM Musepack Decoder" "mmmpcdec" "" "c:\program files\k-lite codec pack\filters\mmmpcdec.ax"
+ "MONOGRAM Musepack Splitter" "mmmpcdmx" "" "c:\program files\k-lite codec pack\filters\mmmpcdmx.ax"
+ "MP3 Encoder" "MP3Encoder Filter" "ROXIO Inc." "c:\program files\common files\roxio shared\sharedcom\roxiomp3enc.dll"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Mpeg Source" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "Mpeg Splitter" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPV Decoder Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files\total video converter\mpeg2decfilter.ax"
+ "Partition Filter" "ROXIO Partition Filter" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\partitionfilter.dll"
+ "psWav Dest" "Canon Utilities Support Library" "Canon Inc." "c:\program files\canon\camerawindow\mycamera\pswavdes.ax"
+ "QTSrc" "CLQTSrc" "Cyberlink" "c:\program files\total video converter\quicktime.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\total video converter\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\total video converter\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\total video converter\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\total video converter\realmediasplitter.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ROXIO AlphaSplitter 3.0" "AlphaSplitter Filter (Sample)" "MGI Software" "c:\program files\common files\roxio shared\sharedcom\alphasplitter3.ax"
+ "ROXIO Audio Chunker 3.0" "Chunker Filter (Sample)" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\chunker3.ax"
+ "Roxio Audio Decoder (DVD)" "ROXIO Audio Decoder" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\roxiodvdaudio.dll"
+ "ROXIO Audio Looper 3.0" "Looper Filter (Sample)" "MGI Software" "c:\program files\common files\roxio shared\sharedcom\looper3.ax"
+ "ROXIO Audio Source 3.0" "VW Audio Source" "MGI Software" "c:\program files\common files\roxio shared\sharedcom\audiosrc3.ax"
+ "ROXIO AudioConvert 3.0" "AudioConvert Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\audconv3.ax"
+ "ROXIO AudioGrabber 3.0" "VideoWave Frame Grabber" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\thumbnailgraber3.ax"
+ "ROXIO AudioMixer 3.0" "AudioFlt Filter" "MyCompanyName" "c:\program files\common files\roxio shared\sharedcom\audmf3.ax"
+ "ROXIO AVI File Writer 3.0" "MGI AVI File Writer Filter" "MGI Soft" "c:\program files\common files\roxio shared\sharedcom\mgiaviwriter3.ax"
+ "ROXIO AVSync Filter" "ROXIO AVSync Filter" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\avsyncfilter.dll"
+ "ROXIO ColorSpace Converter 3.0" "ROXIO Color Space Converter" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\colorspconv3.dll"
+ "ROXIO CrossGraph Renderer 3.0" "MGICGFilter.ax" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\mgicgfilter3.ax"
+ "ROXIO CrossGraph Source 3.0" "MGICGFilter.ax" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\mgicgfilter3.ax"
+ "ROXIO CrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Roxio" "c:\program files\common files\roxio shared\sharedcom\crossgraphex3.ax"
+ "ROXIO CrossGraphEx Source 3.0" "CrossGraphEx.ax" "Roxio" "c:\program files\common files\roxio shared\sharedcom\crossgraphex3.ax"
+ "ROXIO Deinterlace 3.0" "Video Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\deinter3.ax"
+ "ROXIO DV Scene Detector Tee 3.0" "DV-Frame-Detector (Sample)" "MyCompanyName" "c:\program files\common files\roxio shared\sharedcom\dvscenecdtee3.ax"
+ "Roxio DVD MPEG2 Decoder" "ROXIO Video Codec" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\roxiodvddecoder.dll"
+ "ROXIO DVDCrossGraphEx Renderer 3.0" "DVDCrossGraphEx.ax" "Roxio" "c:\program files\common files\roxio shared\sharedcom\dvdcrossgraphex3.ax"
+ "ROXIO DVDCrossGraphEx Source 3.0" "DVDCrossGraphEx.ax" "Roxio" "c:\program files\common files\roxio shared\sharedcom\dvdcrossgraphex3.ax"
+ "ROXIO DvrSupport 3.0" "DVR support filter" "Roxio" "c:\program files\common files\roxio shared\sharedcom\dvrsupportfilt.ax"
+ "ROXIO Field Combiner 3.0" "FieldCombiner Filter (Sample)" "MyCompanyName" "c:\program files\common files\roxio shared\sharedcom\fieldcombiner3.ax"
+ "ROXIO Field Splitter 3.0" "FieldSplitter Filter (Sample)" "MyCompanyName" "c:\program files\common files\roxio shared\sharedcom\fieldsplitter.ax"
+ "ROXIO Image/Colour Source 3.0" "Colour Frame Source" "MyCompanyName" "c:\program files\common files\roxio shared\sharedcom\imagesource3.ax"
+ "ROXIO Latency 3.0" "Latency Filter (Sample)" "MyCompanyName" "c:\program files\common files\roxio shared\sharedcom\latency3.ax"
+ "ROXIO ListImage Source 3.0" "ListFrameSource" "ROXIO Inc." "c:\program files\common files\roxio shared\sharedcom\listimagesource3.ax"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "ROXIO Inc." "c:\program files\common files\roxio shared\sharedcom\lpcmsyncfilter.dll"
+ "Roxio LVM File Source (Async.)" "LVMAsync" "Roxio" "c:\program files\common files\roxio shared\sharedcom\lvmasync.ax"
+ "ROXIO MediaPlacer 3.0" "VW MediaPlacer Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\mediaplacer3.ax"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "" "c:\program files\common files\roxio shared\sharedcom\roxiompegprop.dll"
+ "Roxio MPEG Splitter" "Roxio MPEG Stream Splitter" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\mpegsplitter.dll"
+ "Roxio MPEG Stream Demuxer" "Roxio MPEG Stream Splitter" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\mpegstreamdemuxer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\roxioaudioenc.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\mpeg1muxer.dll"
+ "Roxio MPEG1 Video Encoder" "ROXIO Video Codec" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\mpeg1vidcodec.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\roxiompegdemuxer.dll"
+ "Roxio MPEG2 Muxer" "ROXIO MPEG MUXER" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\mpeg2muxer.dll"
+ "Roxio MPEG2 Video Decoder" "ROXIO Video Codec" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\mpeg2vidcodec.dll"
+ "Roxio MPEG2 Video Encoder" "ROXIO Video Codec" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\mpeg2vidcodec.dll"
+ "Roxio Navigator" "NavigatorFilter" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\navigatorfilter.dll"
+ "ROXIO Pan Zoom 3.0" "Video Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\panzoom3.ax"
+ "ROXIO peakmeter 3.0" "Peakmeter Filter" "Roxio Inc." "c:\program files\common files\roxio shared\sharedcom\peakmeter.ax"
+ "Roxio Plasma CrossGraph Renderer" "MGICGFilter.ax" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\plasmacgfilter.ax"
+ "Roxio Plasma CrossGraph Source" "MGICGFilter.ax" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\plasmacgfilter.ax"
+ "ROXIO QT Source" "QuickTime Loader" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\qtsource.ax"
+ "ROXIO QuickGrabber 3.0" "VideoWave Frame Grabber" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\thumbnailgraber3.ax"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\mgirawwriter.dll"
+ "Roxio Repack Filter" "Repack Filter" "ROXIO Inc." "c:\program files\common files\roxio shared\sharedcom\repackfilter.dll"
+ "ROXIO Scene Detector 3.0" "Video Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\scenedetector3.ax"
+ "ROXIO Simple Dump 3.0" "Simple Dump Filter" "MyCompanyName" "c:\program files\common files\roxio shared\sharedcom\rxsimpledump3.ax"
+ "Roxio Smart Decoder" "SmartDecoder Module" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\smartdecoder.dll"
+ "Roxio Smart Encoder" "SmartEncoder Module" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\smartencoder.dll"
+ "ROXIO SpyPos 3.0" "Null-In-Place (Sample)" "MyCompanyName" "c:\program files\common files\roxio shared\sharedcom\mginullip3.ax"
+ "ROXIO Subpicture Decoder" "ROXIO DVD Subpicture Decoder" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\subpictdec.dll"
+ "Roxio SVCD MPEG2 Decoder" "ROXIO Video Codec" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\roxiodvddecoder.dll"
+ "Roxio Thumbnail Extractor" "RoxThumb Dynamic Link Library" "" "c:\program files\common files\roxio shared\sharedcom\roxthumbextractor.dll"
+ "ROXIO ThumbnailGrabber 3.0" "VideoWave Frame Grabber" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\thumbnailgraber3.ax"
+ "ROXIO VCD/SVCD Navigator" "ROXIO VCD/SVCD Navigator" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\navigator.dll"
+ "ROXIO Video Effect 3.0" "Video Effect Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\videoeffect3.ax"
+ "ROXIO Video Looper 3.0" "Video Looper Filter (Sample)" "MGI Software" "c:\program files\common files\roxio shared\sharedcom\vlooper3.ax"
+ "ROXIO Video Resampler 3.0" "Video Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\vresamfilt3.ax"
+ "ROXIO VideoCombine 3.0" "Video Effect Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\videocombine3.ax"
+ "ROXIO VideoCutList 3.0" "Video CutList Filter" "MGI Software" "c:\program files\common files\roxio shared\sharedcom\vcutlist3.ax"
+ "Roxio VOB Formatter" "VOBFormatter" "Roxio" "c:\program files\common files\roxio shared\sharedcom\vobformatter.ax"
+ "Roxio Vob Loader" "VOBLoader" "Roxio" "c:\program files\common files\roxio shared\sharedcom\vobloader.ax"
+ "ROXIO WAV Dest 3.0" "MGI Filter" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\wavhead3.ax"
+ "ROXIO Waveform 1.0" "Waveform Filter (Sample)" "Roxio" "c:\program files\common files\roxio shared\sharedcom\waveform.ax"
+ "Sewer" "MVWcDSutil" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\mvwcdsutil3.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Roxio, Inc." "c:\program files\common files\roxio shared\sharedcom\subpictenc.dll"
+ "T" "VP6 Decompression Filter" "On2.com Inc." "c:\program files\total video converter\vp6dec.ax"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "VW Input Selector" "Video Effect Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\inputselector3.ax"
+ "VW Input Selector 2" "Video Effect Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\inputselector3.ax"
+ "VW Video Transition" "VW VInfo Transcoder" "MGI Software Corp." "c:\program files\common files\roxio shared\sharedcom\vwvinfoxcoder3.ax"
+ "VW Video Transition" "Video Effect Filter" "MGI Software Corp" "c:\program files\common files\roxio shared\sharedcom\videotransition3.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port" "Acrobat ® PDF Port" "Adobe Systems Incorporated." "c:\windows\system32\adobepdf.dll"
+ "HP Master Monitor" "Win32 Master Monitor" "Hewlett-Packard" "c:\windows\system32\hpbmmon.dll"
+ "hpzlnt09" "" "HP" "c:\windows\system32\hpzlnt09.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:47 AM

Posted 29 September 2012 - 03:07 AM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 PressSoft

PressSoft
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 29 September 2012 - 09:48 AM

Hi narenxp,

I truly appreciate your assistance. Thanks again!
All blocked services and features are back! My computer is running much better. Almost as good as new!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:47 AM

Posted 29 September 2012 - 09:53 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users