Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue Screen trying to start the computer in safe mode

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Blue Screen trying to start the computer in safe mode

Unread postby sh770p » August 8th, 2013, 1:01 pm

Normal mode
Windows are no problem
But I'm afraid that the virus
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sh770 at 19:43:44.93 on Thu 08/08/2013
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1037.18.2039.836 [GMT 3:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *Disabled*
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\sh770\שולחן העבודה\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe"
mRun: [look] Rundll32.exe User32.dll,LockWorkStation
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
StartupFolder: c:\docume~1\sh770\94ae~1\d9f0~1\76ef~1\dropbox.lnk - c:\documents and settings\sh770\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\sh770\94ae~1\d9f0~1\76ef~1\mozill~1.lnk - c:\program files\mozilla firefox\firefox.exe
mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
IE: הוסף לאנטי באנר - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/wind ... 3952319953
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 2371633937
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: {E40AD9AC-0131-41E5-8124-6F69F2089729} = 8.8.8.8,8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sh770\applic~1\mozilla\firefox\profiles\j07ullke.default\
FF - prefs.js: browser.search.selectedEngine - ׳’׳•׳’׳œ ג€¢ ׳—׳™׳₪׳•׳© ׳ž׳•׳¦׳₪׳Ÿ
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?btnI=I%27 ... e=UTF-8&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9150
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\sh770\application data\mozilla\firefox\profiles\j07ullke.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\sh770\application data\mozilla\firefox\profiles\j07ullke.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2_x64.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2009-5-28 3712]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2012-10-24 71152]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-3-10 61464]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2012-9-24 9600]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-12-19 475736]
R1 KProcessHacker2;KProcessHacker2;c:\program files\process hacker 2\kprocesshacker.sys [2011-2-2 26624]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\processguard\DCSUserProt.exe [2010-3-15 31744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2010-3-15 26688]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]
R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2012-5-2 259584]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2011-6-26 28256]
R3 IPSecVPN;IPSecVPN Miniport;c:\windows\system32\drivers\IPSecVPN.sys [2013-5-5 13654]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257416]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\sh770\locals~1\temp\alsysio.sys --> c:\docume~1\sh770\locals~1\temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-2 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2011-6-26 28256]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 117584]
S3 cpuz130;cpuz130;\??\c:\docume~1\sh770\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\sh770\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\temp\cpuz136\cpuz136_x32.sys --> c:\windows\temp\cpuz136\cpuz136_x32.sys [?]
S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [2013-4-15 105344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-1 22856]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-3-7 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-3-7 11088]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-6-24 27064]
S3 rt2870;TP-LINK Wireless USB Adapter;c:\windows\system32\drivers\rt2870.sys [2012-1-30 827488]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2012-2-19 907496]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2013-7-8 159208]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\a-ff find and mount\slicedisk.sys --> c:\program files\a-ff find and mount\slicedisk.sys [?]
S3 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-8-7 4153184]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys --> c:\windows\system32\drivers\ulink.sys [?]
S3 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2009-11-20 1035576]
S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048]
S3 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2013-2-26 13242960]
S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\vnic.sys --> c:\windows\system32\drivers\VNic.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2009-5-24 390379]
.
=============== Created Last 30 ================
.
2842-08-08 20:26:41 -------- d-----w- c:\program files\open-in-default-browser
2013-08-07 13:49:32 -------- d-----w- c:\program files\TeamViewer
2013-08-05 21:37:40 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-05 13:06:03 -------- d-----w- c:\program files\CDex
2013-08-05 06:42:33 -------- d-----w- c:\program files\CDex_150
2013-08-05 03:26:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\AMMYY
2013-08-04 22:35:13 -------- d-----w- c:\program files\Exact Audio Copy
2013-08-04 19:49:02 -------- d-----w- c:\docume~1\sh770\locals~1\applic~1\Remove Toolbar Buddy
2013-08-04 19:48:39 587768 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48:39 509944 ----a-w- c:\windows\system32\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48:39 1140728 ----a-w- c:\windows\system32\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48:38 833528 ----a-w- c:\windows\system32\Codejock.DockingPane.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48:38 2717688 ----a-w- c:\windows\system32\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48:38 218432 ----a-w- c:\windows\system32\richtx32.Ocx
2013-08-04 19:48:38 1906680 ----a-w- c:\windows\system32\Codejock.Controls.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48:38 -------- d-----w- c:\program files\Scorpio Software
2013-08-04 19:48:38 -------- d-----w- c:\program files\common files\Scorpio Software
2013-07-30 19:20:01 216064 ----a-w- c:\windows\system32\gcapi_dll.dll
2013-07-29 12:43:40 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-07-29 12:43:38 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-07-29 12:43:38 -------- d-----w- c:\program files\PDFCreator
2013-07-29 12:02:18 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-07-29 12:01:30 -------- d-----w- c:\program files\Soluto
2013-07-29 11:58:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Soluto
2013-07-24 20:59:05 -------- d-sh--w- c:\documents and settings\sh770\UserData
2013-07-21 18:24:07 -------- d-----w- c:\windows\system32\MRT
2013-07-18 21:16:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-18 11:11:28 -------- d-----w- c:\docume~1\sh770\locals~1\applic~1\Kaluach3
2013-07-18 11:03:34 -------- d-----w- c:\docume~1\sh770\applic~1\pdfforge
2013-07-17 10:25:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Microsoft Toolkit
.
==================== Find3M ====================
.
2013-07-18 21:16:12 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-18 21:16:12 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-18 21:16:12 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-18 05:14:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-18 05:14:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 00:41:23 17617288 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-08 00:24:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:53:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:53:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-07 18:25:59 385024 ----a-w- c:\windows\system32\html.iec
2013-06-05 09:08:23 1876608 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22:54 563200 ----a-w- c:\windows\system32\qedit.dll
2013-05-19 10:54:27 97176 ----a-w- c:\windows\system32\ElbyCDIO.dll
2012-06-24 13:47:32 6221896 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 19:44:58.51 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02/06/2009 03:20:15
System Uptime: 08/08/2013 17:42:08 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | LGA 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 12.458 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 3.683 GiB free.
E: is FIXED (NTFS) - 33 GiB total, 1.955 GiB free.
F: is FIXED (NTFS) - 44 GiB total, 19.855 GiB free.
G: is FIXED (NTFS) - 6 GiB total, 5.261 GiB free.
H: is CDROM ()
W: is FIXED (NTFS) - 932 GiB total, 10.144 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 08/08/2013 00:53:29 - נקודת ביקורת של המערכת
.
==== Installed Programs ======================
.
ערכת שפה של Microsoft .NET Framework 3.5 SP1 - heb
עדכון עבור Windows Internet Explorer 8 (KB2362765)‎
עדכון עבור Windows Internet Explorer 8 (KB2447568)‎
עדכון עבור Windows Internet Explorer 8 (KB2598845)‎
עדכון עבור Windows Internet Explorer 8 (KB2632503)‎
עדכון עבור Windows Internet Explorer 8 (KB976662)‎
עדכון עבור Windows Internet Explorer 8 (KB978506)‎
עדכון עבור Windows Internet Explorer 8 (KB980182)‎
עדכון עבור Windows Internet Explorer 8 (KB980302)‎
עדכון עבור Windows Internet Explorer 8 (KB982632)‎
עדכון עבור Windows Internet Explorer 8 (KB982664)‎
עדכון עבור Windows XP (KB2808679)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2183461)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2360131)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2416400)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2482017)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2497640)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2510531)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2530548)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2544521)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2559049)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2586448)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2618444)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2647516)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2675157)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2699988)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2722913)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2744842)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2761465)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2792100)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2797052)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2799329)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2809289)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2817183)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2838727)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB2846071)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB978207)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB981332)‎
עדכון אבטחה עבור Windows Internet Explorer 8 (KB982381)‎
עדכון אבטחה עבור Windows Media Player‏ (KB2834904)
עדכון אבטחה עבור Windows XP (KB2820197)‎
עדכון אבטחה עבור Windows XP (KB2829361)‎
עדכון אבטחה עבור Windows XP (KB2834886)‎
עדכון אבטחה עבור Windows XP (KB2839229)‎
עדכון אבטחה עבור Windows XP (KB2845187)‎
עדכון אבטחה עבור Windows XP (KB2850851)‎
עדכון אבטחה עבור Windows XP (KB923789)‎
µTorrent
תיקון חם עבור Windows XP (KB932716-v2)‎
תוספת שמירה בשם כ- PDF או XPS של Microsoft עבור תוכניות Microsoft Office 2007
תורת אמת - 346
תורת אמת - 347
AC3Filter 2.2a
Acronis Backup & Recovery 11.5 Bootable Media Builder
Acronis Disk Director Suite
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Default Language CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe InDesign CS4
Adobe Output Module
Adobe Setup
Adobe Shockwave Player 12.0
Advanced SystemCare 6
AM-DeadLink 4.5
AnalogX DXMan
AnyDVD
Atheros Communications Inc.(R) L2 Fast Ethernet Driver
Atheros Ethernet Utility
Audacity 2.0.3
AuthoringTool 1.0.7
BurnInTest v7.0 Pro
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20
Core Temp 1.0 RC4
CPUID CPU-Z 1.63.0
Data Access Objects (DAO) 3.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
DiamondCS ProcessGuard v3.500
Dream Aquarium 1.2415
Dropbox
DVDSmith Movie Backup 1.0.8
E-GOV.IL Sign&Verify Software - AGForm toolbar
Easy Video Splitter 1.28
EasyBCD 2.2
eMule
Exact Audio Copy 1.0beta3
FFmpeg v0.6.2 for Audacity
FLAC 1.2.1b (remove only)
FlashBoot 2.1m
FlashFXP
Foxit PDF Editor
Foxit PDF IFilter
Foxit Reader
HijackThis 2.0.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Icons from File 3.4
Image Resizer Powertoy Clone for Windows
InfraRecorder
InstEd 1.5.12.21
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
ISODisk 1.1
Java 7 Update 25
Java Auto Updater
JDownloader 0.9
Kaluach3
Kaspersky Internet Security 2011
KeyTweak - Keyboard Remapper (remove only)
LAME v3.98.3 for Audacity
LAME v3.99.3 (for Windows)
LastPass (uninstall only)
Malwarebytes Anti-Malware גירסה 1.75.0.1300
MFC RunTime files
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack SP1 - heb
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile HEB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended HEB Language Pack
Microsoft Application Error Reporting
Microsoft Office Access MUI (Hebrew) 2010
Microsoft Office Excel MUI (Hebrew) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Hebrew) 2010
Microsoft Office InfoPath MUI (Hebrew) 2010
Microsoft Office OneNote MUI (Hebrew) 2010
Microsoft Office Outlook MUI (Hebrew) 2010
Microsoft Office PowerPoint MUI (Hebrew) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Hebrew) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proofing (Hebrew) 2010
Microsoft Office Publisher MUI (Hebrew) 2010
Microsoft Office Shared MUI (Hebrew) 2010
Microsoft Office Word MUI (Hebrew) 2010
Microsoft RichCopy 4.0
Microsoft Silverlight
Microsoft Software Update for Web Folders (Hebrew) 14
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Miranda IM 0.10.11
Mozilla Firefox 22.0 (x86 he)
Mozilla Firefox 23.0 (x86 he)
Mp3 Knife 3.2
mp3splt-gtk
Mp3tag v2.55a
MPC-HC 1.6.8
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
NirSoft BlueScreenView
NirSoft VideoCacheView
NirSoft WebVideoCap
NirSoft WirelessNetView
nLite 1.4.9.1
Notepad++
OpenSSL 0.9.8k Light (32-bit)
Opera 12.16
Panda USB Vaccine 1.0.1.4
PDFCreator
PDFTK Builder 3.5.3
Poedit
Process Hacker 2.31 (r5355)
Realtek High Definition Audio Driver
Recuva
Registry Workshop
RegRun Reanimator
Remove Toolbar Buddy 6.1
Replay Media Catcher 4 (4.4.3)
Replay Media Catcher 5 (5.0.0.99)
Responsa CD19
Revo Uninstaller Pro 3.0.5
RMPrepUSB
Roll
Sandboxie 4.04 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile HEB Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SecurityKISS Tunnel v0.3.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.1
Splash PRO EX
Subtitle Workshop 2.51
Sudoku Solver V 1.3
swMSM
SysTracer v2.6
TeamViewer 8
TeraCopy 2.3 beta 2
The KMPlayer
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Total Commander (Remove or Repair)
TrueCrypt
Tweak UI
UBCD4Win 3.60
Ubuntu
UltraEdit
UltraISO Premium V9.52
UnHackMe 5.99 release
Universal Extractor 1.6.1
Unlocker 1.9.2
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
USB Safely Remove 5.2
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VistaBootPRO 3.3
VLC media player 2.0.7
VMware Workstation
Winamp
Windows 7 USB/DVD Download Tool
Windows Installer Clean Up
Windows Media Player Firefox Plugin
Windows Resource Kit Tools - SubInAcl.exe
Windows Support Tools
Windows Unattended CD Creator 1.0.2 Beta 10
Windows Update Remover
WinHex
WinImage
WinPcap 4.1.2
WinRAR 5.00 ביתא 5 (32-סיביות)
WinSCP 5.1.5
WinUHA 2.0 RC1 (2005.02.27)
חבילת תאימות עבור מהדורת 2007 של מערכת Office
.
==== Event Viewer Messages From Past Week ========
.
08/08/2013 17:44:11, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
08/08/2013 09:41:20, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
07/08/2013 18:27:48, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
07/08/2013 16:33:25, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus Service service to connect.
07/08/2013 16:33:25, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
07/08/2013 16:33:25, error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: ‏‏השירות לא הגיב לבקשת ההפעלה או לבקשת השליטה בזמן.
07/08/2013 10:04:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cfadisk
07/08/2013 10:04:08, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
05/08/2013 10:30:10, error: Service Control Manager [7028] - The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
05/08/2013 10:09:11, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
05/08/2013 09:51:00, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
05/08/2013 08:52:41, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
05/08/2013 06:10:53, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
05/08/2013 02:33:40, error: Service Control Manager [7022] - The Kaspersky Anti-Virus Service service hung on starting.
05/08/2013 02:33:16, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
05/08/2013 02:15:49, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
05/08/2013 02:04:45, error: PlugPlayManager [11] - ‏‏ההתקן Root\LEGACY_UNLOCKERDRIVER5\0000 נעלם מהמערכת מבלי שעבר תחילה הכנה לצורך הסרה.
04/08/2013 11:40:02, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
03/08/2013 21:11:20, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
02/08/2013 10:36:59, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
01/08/2013 13:58:31, error: Dhcp [1002] - The IP address lease 46.120.170.18 for the Network Card with network address 001E8C124CC3 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
01/08/2013 12:44:38, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
01/08/2013 05:19:06, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
01/08/2013 01:13:37, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: ‏‏הגישה נדחתה.
01/08/2013 01:13:23, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: ‏‏הגישה נדחתה.
.
==== End Of File ===========================

sh770p
Regular Member
 
Posts: 15
Joined: August 8th, 2013, 12:08 pm
Advertisement
Register to Remove

Re: Blue Screen trying to start the computer in safe mode

Unread postby wannabeageek » August 8th, 2013, 6:11 pm

Hello sh770p, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start




Since parts of the log are in Hebrew, I will need a little more time than normal to respond.
מאז חלקים של היומן הם בעברית, אני נצטרך קצת יותר זמן מהרגיל להגיב.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Blue Screen trying to start the computer in safe mode

Unread postby wannabeageek » August 8th, 2013, 11:58 pm

Greetings sh770p,

P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
P2P Program Name

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following program:
    µTorrent
    eMule
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Add/Remove Programs. Close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk!

Keep in mind that this practice may be the source of your current malware infestation.

Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Blue Screen trying to start the computer in safe mode

Unread postby sh770p » August 9th, 2013, 7:43 am

I removed
sh770p
Regular Member
 
Posts: 15
Joined: August 8th, 2013, 12:08 pm

Re: Blue Screen trying to start the computer in safe mode

Unread postby wannabeageek » August 10th, 2013, 1:11 am

Hi sh770p,

Please run the following:

TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Blue Screen trying to start the computer in safe mode

Unread postby sh770p » August 10th, 2013, 3:07 pm

21:47:24.0437 1268 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:47:25.0296 1268 ============================================================
21:47:25.0296 1268 Current date / time: 2013/08/10 21:47:25.0296
21:47:25.0296 1268 SystemInfo:
21:47:25.0296 1268
21:47:25.0296 1268 OS Version: 5.1.2600 ServicePack: 3.0
21:47:25.0296 1268 Product type: Workstation
21:47:25.0296 1268 ComputerName: CHABADGAT
21:47:25.0296 1268 UserName: sh770
21:47:25.0296 1268 Windows directory: C:\WINDOWS
21:47:25.0296 1268 System windows directory: C:\WINDOWS
21:47:25.0296 1268 Processor architecture: Intel x86
21:47:25.0296 1268 Number of processors: 2
21:47:25.0296 1268 Page size: 0x1000
21:47:25.0296 1268 Boot type: Normal boot
21:47:25.0296 1268 ============================================================
21:47:27.0234 1268 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:47:27.0234 1268 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:47:27.0250 1268 ============================================================
21:47:27.0250 1268 \Device\Harddisk0\DR0:
21:47:27.0265 1268 MBR partitions:
21:47:27.0265 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x63FFA80
21:47:27.0281 1268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x63FFAFE, BlocksNum 0xC803400
21:47:27.0312 1268 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x12C02F3D, BlocksNum 0x41BDCC4
21:47:27.0312 1268 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x16DC0C40, BlocksNum 0x5885FD3
21:47:27.0328 1268 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x1C646C52, BlocksNum 0xB7D92F
21:47:27.0328 1268 \Device\Harddisk1\DR1:
21:47:27.0328 1268 MBR partitions:
21:47:27.0328 1268 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
21:47:27.0328 1268 ============================================================
21:47:27.0375 1268 C: <-> \Device\Harddisk0\DR0\Partition1
21:47:27.0390 1268 D: <-> \Device\Harddisk0\DR0\Partition2
21:47:27.0421 1268 G: <-> \Device\Harddisk0\DR0\Partition5
21:47:27.0421 1268 W: <-> \Device\Harddisk1\DR1\Partition1
21:47:27.0437 1268 E: <-> \Device\Harddisk0\DR0\Partition3
21:47:27.0484 1268 F: <-> \Device\Harddisk0\DR0\Partition4
21:47:27.0484 1268 ============================================================
21:47:27.0484 1268 Initialize success
21:47:27.0484 1268 ============================================================
22:05:13.0843 2076 ============================================================
22:05:13.0843 2076 Scan started
22:05:13.0843 2076 Mode: Manual;
22:05:13.0843 2076 ============================================================
22:05:14.0296 2076 ================ Scan system memory ========================
22:05:14.0296 2076 System memory - ok
22:05:14.0296 2076 ================ Scan services =============================
22:05:14.0406 2076 Abiosdsk - ok
22:05:14.0421 2076 abp480n5 - ok
22:05:14.0453 2076 [ 26A773E6C500277C5A817FAB68CD0BB9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:05:14.0453 2076 ACPI - ok
22:05:14.0484 2076 [ EA755AA1A97ED90D446E1A43AE3FB619 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:05:14.0484 2076 ACPIEC - ok
22:05:14.0531 2076 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:05:14.0531 2076 AdobeFlashPlayerUpdateSvc - ok
22:05:14.0546 2076 adpu160m - ok
22:05:14.0593 2076 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:05:14.0593 2076 aec - ok
22:05:14.0625 2076 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:05:14.0625 2076 AFD - ok
22:05:14.0640 2076 Aha154x - ok
22:05:14.0640 2076 aic78u2 - ok
22:05:14.0656 2076 aic78xx - ok
22:05:14.0703 2076 [ 730E9D3BB324FB1899005AEA63C6782D ] aksfridge C:\WINDOWS\system32\drivers\aksfridge.sys
22:05:14.0703 2076 aksfridge - ok
22:05:14.0750 2076 [ 66BBA71D7A3590DE33FE211CCFCCA10C ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:05:14.0750 2076 Alerter - ok
22:05:14.0750 2076 [ 20923FF57F894CE9217C683A7EFCBE77 ] ALG C:\WINDOWS\System32\alg.exe
22:05:14.0750 2076 ALG - ok
22:05:14.0765 2076 AliIde - ok
22:05:14.0875 2076 ALSysIO - ok
22:05:14.0937 2076 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:05:14.0968 2076 Ambfilt - ok
22:05:14.0968 2076 amsint - ok
22:05:15.0000 2076 [ BCF37763868AB5ED70B392D3F101D44D ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
22:05:15.0000 2076 AnyDVD - ok
22:05:15.0046 2076 [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliand C:\WINDOWS\system32\DRIVERS\appliand.sys
22:05:15.0046 2076 appliand - ok
22:05:15.0046 2076 [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliandMP C:\WINDOWS\system32\DRIVERS\appliand.sys
22:05:15.0046 2076 appliandMP - ok
22:05:15.0078 2076 [ A92E8B7EBA548071D4CFA38E363E367F ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:05:15.0078 2076 AppMgmt - ok
22:05:15.0093 2076 asc - ok
22:05:15.0093 2076 asc3350p - ok
22:05:15.0109 2076 asc3550 - ok
22:05:15.0125 2076 [ 663F2FB92608073824EE3106886120F3 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
22:05:15.0140 2076 AsIO - ok
22:05:15.0250 2076 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:05:15.0250 2076 aspnet_state - ok
22:05:15.0265 2076 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:05:15.0281 2076 AsyncMac - ok
22:05:15.0296 2076 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:05:15.0296 2076 atapi - ok
22:05:15.0328 2076 [ CBA10ED5A5981FE6122B6E7460DF939B ] AtcL002 C:\WINDOWS\system32\DRIVERS\l251x86.sys
22:05:15.0328 2076 AtcL002 - ok
22:05:15.0343 2076 Atdisk - ok
22:05:15.0359 2076 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:05:15.0359 2076 Atmarpc - ok
22:05:15.0390 2076 [ C7AB88BA43DEF89BD353811169AB4FE3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:05:15.0390 2076 AudioSrv - ok
22:05:15.0421 2076 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:05:15.0421 2076 audstub - ok
22:05:15.0515 2076 [ B2B3FCBA37671C853879DF7DDE8A839A ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
22:05:15.0515 2076 AVP - ok
22:05:15.0562 2076 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
22:05:15.0562 2076 AxAutoMntSrv - ok
22:05:15.0593 2076 [ A2ECECE11639FEA1CCB66D853451F7E2 ] BazisVirtualCDBus C:\WINDOWS\system32\DRIVERS\BazisVirtualCDBus.sys
22:05:15.0593 2076 BazisVirtualCDBus - ok
22:05:15.0625 2076 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:05:15.0625 2076 Beep - ok
22:05:15.0656 2076 [ E8367773660B9BEA240A124C1D7F3484 ] BITS C:\WINDOWS\system32\qmgr.dll
22:05:15.0687 2076 BITS - ok
22:05:15.0703 2076 [ EDCABA18D43D2762D61BB1EE8D664B72 ] Browser C:\WINDOWS\System32\browser.dll
22:05:15.0718 2076 Browser - ok
22:05:15.0718 2076 catchme - ok
22:05:15.0750 2076 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:05:15.0750 2076 cbidf2k - ok
22:05:15.0781 2076 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:05:15.0781 2076 CCDECODE - ok
22:05:15.0781 2076 cd20xrnt - ok
22:05:15.0812 2076 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:05:15.0812 2076 Cdaudio - ok
22:05:15.0828 2076 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:05:15.0828 2076 Cdfs - ok
22:05:15.0875 2076 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:05:15.0875 2076 Cdrom - ok
22:05:15.0890 2076 [ B9F8223F5EDBDCB089969AEC5406D95A ] cfadisk C:\WINDOWS\system32\DRIVERS\cfadisk.sys
22:05:15.0890 2076 cfadisk - ok
22:05:15.0921 2076 [ BDF639BEE30F63E13202CC502E6B2C8A ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:05:15.0921 2076 CiSvc - ok
22:05:15.0937 2076 [ 70EEEA0B82B162D20C38D80869284A5A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:05:15.0937 2076 ClipSrv - ok
22:05:15.0984 2076 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:05:15.0984 2076 clr_optimization_v2.0.50727_32 - ok
22:05:16.0015 2076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:05:16.0015 2076 clr_optimization_v4.0.30319_32 - ok
22:05:16.0046 2076 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:05:16.0046 2076 CmBatt - ok
22:05:16.0046 2076 CmdIde - ok
22:05:16.0062 2076 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:05:16.0062 2076 Compbatt - ok
22:05:16.0062 2076 COMSysApp - ok
22:05:16.0078 2076 Cpqarray - ok
22:05:16.0093 2076 cpuz130 - ok
22:05:16.0125 2076 cpuz136 - ok
22:05:16.0171 2076 [ EF329F898FE62AB647F62A94EA89964E ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:05:16.0171 2076 CryptSvc - ok
22:05:16.0171 2076 dac2w2k - ok
22:05:16.0187 2076 dac960nt - ok
22:05:16.0218 2076 [ F283F02F93266F3F8F61F0CDE2F1CB20 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:05:16.0234 2076 DcomLaunch - ok
22:05:16.0281 2076 [ 8D8BC91B40CB413BF54B5154CB1F52DA ] DCSPGSRV C:\Program Files\ProcessGuard\dcsuserprot.exe
22:05:16.0312 2076 DCSPGSRV - ok
22:05:16.0343 2076 [ 9B1ABA1F15F97AFAAD54597B8801C3C5 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:05:16.0343 2076 Dhcp - ok
22:05:16.0359 2076 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:05:16.0359 2076 Disk - ok
22:05:16.0375 2076 dmadmin - ok
22:05:16.0406 2076 [ 759A1336055E6B614B2462D0F45D6278 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:05:16.0421 2076 dmboot - ok
22:05:16.0453 2076 [ 8CA1A6932D84B2C23D5D488D23D3B01D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:05:16.0453 2076 dmio - ok
22:05:16.0468 2076 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:05:16.0468 2076 dmload - ok
22:05:16.0484 2076 [ 5583A600AB718485E91B0A503157141E ] dmserver C:\WINDOWS\System32\dmserver.dll
22:05:16.0484 2076 dmserver - ok
22:05:16.0500 2076 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:05:16.0500 2076 DMusic - ok
22:05:16.0546 2076 [ 515C0419254D9C037AA967FC5AB429D5 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:05:16.0546 2076 Dnscache - ok
22:05:16.0562 2076 [ CFBDAA2546E9E828B370014191311CDB ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:05:16.0562 2076 Dot3svc - ok
22:05:16.0562 2076 dpti2o - ok
22:05:16.0578 2076 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:05:16.0578 2076 drmkaud - ok
22:05:16.0593 2076 [ 19898FF0D88EECCCDF56F2F49557E457 ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:05:16.0593 2076 EapHost - ok
22:05:16.0625 2076 [ B83BDCCBACB65BAA9E20888DD0083A16 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:05:16.0640 2076 ElbyCDIO - ok
22:05:16.0671 2076 [ 16EBD8BF1D5090923694CC972C7CE1B4 ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
22:05:16.0671 2076 ENTECH - ok
22:05:16.0687 2076 [ CD69DB1378EBCA466A06FF63FE611165 ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:05:16.0687 2076 ERSvc - ok
22:05:16.0718 2076 [ D45A62D065043DB325A301ABD88ECC95 ] Eventlog C:\WINDOWS\system32\services.exe
22:05:16.0734 2076 Eventlog - ok
22:05:16.0781 2076 [ 51BACCDDDFC6D6C6DF18C6A1C23E3D36 ] EventSystem C:\WINDOWS\system32\es.dll
22:05:16.0781 2076 EventSystem - ok
22:05:16.0812 2076 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:05:16.0812 2076 Fastfat - ok
22:05:16.0859 2076 [ DA5DEAB0AA202EEBC14BDDECB39F624B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:05:16.0859 2076 FastUserSwitchingCompatibility - ok
22:05:16.0890 2076 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:05:16.0890 2076 Fdc - ok
22:05:16.0921 2076 [ 093913A016845FE257ED9B7FC8E28ED8 ] FileDisk C:\WINDOWS\system32\drivers\FileDisk.sys
22:05:16.0921 2076 FileDisk - ok
22:05:16.0937 2076 [ 11BB3067883475F2ECBB77C01181E2D5 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:05:16.0937 2076 Fips - ok
22:05:16.0984 2076 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:05:16.0984 2076 Flpydisk - ok
22:05:17.0000 2076 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:05:17.0000 2076 FltMgr - ok
22:05:17.0062 2076 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:05:17.0062 2076 FontCache3.0.0.0 - ok
22:05:17.0093 2076 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:05:17.0093 2076 Fs_Rec - ok
22:05:17.0109 2076 [ EDF3126968525A17DE8B382AEC99CDCC ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:05:17.0125 2076 Ftdisk - ok
22:05:17.0125 2076 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:05:17.0125 2076 Gpc - ok
22:05:17.0171 2076 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
22:05:17.0187 2076 Hardlock - ok
22:05:17.0187 2076 hasplms - ok
22:05:17.0234 2076 [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
22:05:17.0234 2076 Haspnt - ok
22:05:17.0265 2076 [ B6F5AC88A1A1FDD802CB689721D640FE ] hcmon C:\WINDOWS\system32\drivers\hcmon.sys
22:05:17.0265 2076 hcmon - ok
22:05:17.0281 2076 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:05:17.0281 2076 HDAudBus - ok
22:05:17.0328 2076 [ F0C533D0A00C4291B324D3E5EDD7BA3B ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:05:17.0328 2076 helpsvc - ok
22:05:17.0343 2076 HidServ - ok
22:05:17.0375 2076 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:05:17.0375 2076 HidUsb - ok
22:05:17.0406 2076 [ 94C17F4C36A06945CC245C8392D060EA ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:05:17.0406 2076 hkmsvc - ok
22:05:17.0406 2076 hpn - ok
22:05:17.0453 2076 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:05:17.0453 2076 HTTP - ok
22:05:17.0500 2076 [ F53C9ED88A7496C96A54F84ED5ED1B64 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:05:17.0500 2076 HTTPFilter - ok
22:05:17.0500 2076 i2omp - ok
22:05:17.0515 2076 [ 97EEF4179F7EC9138254C944BB0E1EF8 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:05:17.0515 2076 i8042prt - ok
22:05:17.0640 2076 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:05:17.0750 2076 ialm - ok
22:05:17.0812 2076 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:05:17.0843 2076 idsvc - ok
22:05:17.0843 2076 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:05:17.0843 2076 Imapi - ok
22:05:17.0875 2076 [ AF6FE1EA2C9C4ADED73DFBCE677B0880 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:05:17.0875 2076 ImapiService - ok
22:05:17.0890 2076 ini910u - ok
22:05:18.0015 2076 [ A7564CC4E170F1E5B84BAE6BB8C5F16E ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:05:18.0093 2076 IntcAzAudAddService - ok
22:05:18.0125 2076 [ CDCF5B204C1BEBA219005C3F34C98DBB ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:05:18.0125 2076 IntelIde - ok
22:05:18.0171 2076 [ F2FCD248738A7F5FB2857341832591A6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:05:18.0171 2076 intelppm - ok
22:05:18.0187 2076 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:05:18.0187 2076 Ip6Fw - ok
22:05:18.0203 2076 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:05:18.0203 2076 IpFilterDriver - ok
22:05:18.0218 2076 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:05:18.0234 2076 IpInIp - ok
22:05:18.0250 2076 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:05:18.0250 2076 IpNat - ok
22:05:18.0281 2076 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:05:18.0281 2076 IPSec - ok
22:05:18.0312 2076 [ 112FD55EEDF9C09E1916F85D4AEA6F4B ] IPSecVPN C:\WINDOWS\system32\DRIVERS\IPSecVPN.sys
22:05:18.0312 2076 IPSecVPN - ok
22:05:18.0343 2076 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:05:18.0359 2076 IRENUM - ok
22:05:18.0375 2076 [ E058A0E262C184F4D47A7677291AC81E ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:05:18.0375 2076 isapnp - ok
22:05:18.0390 2076 [ 96F2F5884D02535E2D4DFC849836F4A6 ] ISODisk C:\WINDOWS\system32\drivers\ISODisk.sys
22:05:18.0390 2076 ISODisk - ok
22:05:18.0421 2076 [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
22:05:18.0421 2076 ISODrive - ok
22:05:18.0484 2076 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:05:18.0484 2076 JavaQuickStarterService - ok
22:05:18.0515 2076 [ 119AB8740BACB9F1108F4DD02294569D ] jrdusbser C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
22:05:18.0515 2076 jrdusbser - ok
22:05:18.0546 2076 [ E05FD8A6F54F4FD6F628B48C0CCEE2A4 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:05:18.0546 2076 Kbdclass - ok
22:05:18.0578 2076 [ 94D67D49BD9503BB1D838405D80F2058 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
22:05:18.0578 2076 KL1 - ok
22:05:18.0593 2076 [ 713576569667AC9E0F8556076004A96B ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
22:05:18.0593 2076 kl2 - ok
22:05:18.0625 2076 [ 44EC6B3DBE167C7FA818F9918D2CBF22 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
22:05:18.0640 2076 KLIF - ok
22:05:18.0671 2076 [ 8D6E11BFA9927978D25B1B8029554F07 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
22:05:18.0671 2076 klim5 - ok
22:05:18.0671 2076 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
22:05:18.0671 2076 klmouflt - ok
22:05:18.0703 2076 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:05:18.0718 2076 kmixer - ok
22:05:18.0750 2076 [ 17CCD0462B5B8B6B8460AC40607A63AA ] KProcessHacker2 C:\Program Files\Process Hacker 2\kprocesshacker.sys
22:05:18.0750 2076 KProcessHacker2 - ok
22:05:18.0781 2076 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:05:18.0781 2076 KSecDD - ok
22:05:18.0796 2076 [ 611865D1AEE0E9BF7AF0F8B3F005E3F3 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:05:18.0796 2076 LanmanServer - ok
22:05:18.0828 2076 [ A8CD80347977C24CB09000D465D415AE ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:05:18.0843 2076 LanmanWorkstation - ok
22:05:18.0859 2076 [ B04F7B1F2E84D8C58250600A7F2426DE ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:05:18.0875 2076 LmHosts - ok
22:05:18.0906 2076 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:05:18.0906 2076 MBAMProtector - ok
22:05:18.0953 2076 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:05:18.0968 2076 MDM - ok
22:05:19.0000 2076 [ 51A8673170676956EB445503AF5E6F39 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:05:19.0000 2076 Messenger - ok
22:05:19.0031 2076 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:05:19.0031 2076 mnmdd - ok
22:05:19.0062 2076 [ 524357459B21A4ACB6F192F9C2C6A5BF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:05:19.0078 2076 mnmsrvc - ok
22:05:19.0093 2076 [ C8088F5CEAE5784A8B4ADDD9355EF247 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:05:19.0093 2076 Modem - ok
22:05:19.0156 2076 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:05:19.0187 2076 Monfilt - ok
22:05:19.0203 2076 [ 57C0574C8B9A26092EC301F88861919C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:05:19.0218 2076 Mouclass - ok
22:05:19.0234 2076 [ 67D4FCCCF487A1D4277AB31151E33D42 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:05:19.0234 2076 mouhid - ok
22:05:19.0265 2076 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:05:19.0265 2076 MountMgr - ok
22:05:19.0265 2076 mraid35x - ok
22:05:19.0312 2076 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:05:19.0312 2076 MRxDAV - ok
22:05:19.0328 2076 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:05:19.0328 2076 MRxSmb - ok
22:05:19.0359 2076 [ D39EABF2D29FB80DD1F477F358218E5D ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:05:19.0359 2076 MSDTC - ok
22:05:19.0390 2076 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:05:19.0390 2076 Msfs - ok
22:05:19.0390 2076 MSIServer - ok
22:05:19.0421 2076 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:05:19.0421 2076 MSKSSRV - ok
22:05:19.0453 2076 [ 64E8B7C65EB4796939C0F64F8170821B ] msloop C:\WINDOWS\system32\DRIVERS\loop.sys
22:05:19.0453 2076 msloop - ok
22:05:19.0484 2076 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:05:19.0484 2076 MSPCLOCK - ok
22:05:19.0500 2076 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:05:19.0500 2076 MSPQM - ok
22:05:19.0531 2076 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:05:19.0531 2076 mssmbios - ok
22:05:19.0546 2076 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:05:19.0546 2076 MSTEE - ok
22:05:19.0578 2076 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:05:19.0578 2076 MTsensor - ok
22:05:19.0609 2076 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:05:19.0609 2076 Mup - ok
22:05:19.0625 2076 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:05:19.0640 2076 NABTSFEC - ok
22:05:19.0656 2076 [ 92FF1A7CF55EBF74D389AA6EFDC122FA ] napagent C:\WINDOWS\System32\qagentrt.dll
22:05:19.0671 2076 napagent - ok
22:05:19.0703 2076 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:05:19.0703 2076 NDIS - ok
22:05:19.0750 2076 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:05:19.0750 2076 NdisIP - ok
22:05:19.0781 2076 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:05:19.0781 2076 NdisTapi - ok
22:05:19.0812 2076 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:05:19.0812 2076 Ndisuio - ok
22:05:19.0828 2076 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:05:19.0828 2076 NdisWan - ok
22:05:19.0859 2076 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:05:19.0859 2076 NDProxy - ok
22:05:19.0890 2076 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:05:19.0890 2076 NetBIOS - ok
22:05:19.0921 2076 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:05:19.0921 2076 NetBT - ok
22:05:19.0953 2076 [ D649FF470800BD2A34C6AAC051514211 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:05:19.0953 2076 NetDDE - ok
22:05:19.0953 2076 [ D649FF470800BD2A34C6AAC051514211 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:05:19.0968 2076 NetDDEdsdm - ok
22:05:20.0000 2076 [ 673640E09DD7B7125ED82210B7DC311A ] Netlogon C:\WINDOWS\system32\lsass.exe
22:05:20.0000 2076 Netlogon - ok
22:05:20.0031 2076 [ 0BFA2A7D8200F5638AB8091FE12F54D6 ] Netman C:\WINDOWS\System32\netman.dll
22:05:20.0031 2076 Netman - ok
22:05:20.0062 2076 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:05:20.0062 2076 NetTcpPortSharing - ok
22:05:20.0093 2076 [ 6AE8FF2BC640943DF7897F5734C04F27 ] Nla C:\WINDOWS\System32\mswsock.dll
22:05:20.0093 2076 Nla - ok
22:05:20.0140 2076 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
22:05:20.0140 2076 NPF - ok
22:05:20.0171 2076 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:05:20.0171 2076 Npfs - ok
22:05:20.0171 2076 NSNDIS5 - ok
22:05:20.0218 2076 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:05:20.0234 2076 Ntfs - ok
22:05:20.0234 2076 [ 673640E09DD7B7125ED82210B7DC311A ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:05:20.0234 2076 NtLmSsp - ok
22:05:20.0250 2076 [ 98FE9C7F4E219606AC0171E0A3477DDF ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:05:20.0281 2076 NtmsSvc - ok
22:05:20.0312 2076 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:05:20.0312 2076 Null - ok
22:05:20.0343 2076 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:05:20.0343 2076 NwlnkFlt - ok
22:05:20.0359 2076 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:05:20.0359 2076 NwlnkFwd - ok
22:05:20.0406 2076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:05:20.0406 2076 ose - ok
22:05:20.0515 2076 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:05:20.0640 2076 osppsvc - ok
22:05:20.0687 2076 [ BD549622B39DA6EF5BA31CB01B2179D3 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:05:20.0687 2076 Parport - ok
22:05:20.0703 2076 Partizan - ok
22:05:20.0734 2076 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:05:20.0734 2076 PartMgr - ok
22:05:20.0734 2076 [ AD8F8E81709E222076678A501BD6D1E1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:05:20.0750 2076 ParVdm - ok
22:05:20.0765 2076 [ 40F8158057494D56D22038E4536C5395 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:05:20.0765 2076 PCI - ok
22:05:20.0765 2076 PCIDump - ok
22:05:20.0796 2076 [ 6683C158D30DED5DBFD5733CE066BE9A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:05:20.0796 2076 PCIIde - ok
22:05:20.0812 2076 [ 5F8C49E11D221E6A9C7F016758BD9C92 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:05:20.0812 2076 Pcmcia - ok
22:05:20.0843 2076 [ 7BC8027D56FAB153A987C56AE9835664 ] PCnet C:\WINDOWS\system32\DRIVERS\pcntpci5.sys
22:05:20.0843 2076 PCnet - ok
22:05:20.0875 2076 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
22:05:20.0890 2076 pcouffin - ok
22:05:20.0890 2076 perc2 - ok
22:05:20.0890 2076 perc2hib - ok
22:05:20.0937 2076 [ D45A62D065043DB325A301ABD88ECC95 ] PlugPlay C:\WINDOWS\system32\services.exe
22:05:20.0937 2076 PlugPlay - ok
22:05:20.0953 2076 [ 673640E09DD7B7125ED82210B7DC311A ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:05:20.0953 2076 PolicyAgent - ok
22:05:20.0953 2076 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:05:20.0968 2076 PptpMiniport - ok
22:05:21.0000 2076 [ 7E92C69C6B7902F3578790769820067E ] procguard C:\WINDOWS\system32\drivers\procguard.sys
22:05:21.0000 2076 procguard - ok
22:05:21.0000 2076 [ 673640E09DD7B7125ED82210B7DC311A ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:05:21.0000 2076 ProtectedStorage - ok
22:05:21.0031 2076 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:05:21.0031 2076 Ptilink - ok
22:05:21.0062 2076 [ 99CF0190F1F346CB0A0BBD1873683425 ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
22:05:21.0062 2076 pwdrvio - ok
22:05:21.0078 2076 [ 57FEBCC5F8C577FAAD55B0FF2D617826 ] pwdspio C:\WINDOWS\system32\pwdspio.sys
22:05:21.0078 2076 pwdspio - ok
22:05:21.0109 2076 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:05:21.0109 2076 PxHelp20 - ok
22:05:21.0109 2076 ql1080 - ok
22:05:21.0125 2076 Ql10wnt - ok
22:05:21.0125 2076 ql12160 - ok
22:05:21.0140 2076 ql1240 - ok
22:05:21.0140 2076 ql1280 - ok
22:05:21.0156 2076 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:05:21.0156 2076 RasAcd - ok
22:05:21.0187 2076 [ EE0FF070C9BE8CE69A0C427B2A998151 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:05:21.0203 2076 RasAuto - ok
22:05:21.0203 2076 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:05:21.0203 2076 Rasl2tp - ok
22:05:21.0234 2076 [ 770F255AEA316CBC06F2A5F10C1D3E19 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:05:21.0234 2076 RasMan - ok
22:05:21.0234 2076 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:05:21.0250 2076 RasPppoe - ok
22:05:21.0265 2076 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:05:21.0265 2076 Raspti - ok
22:05:21.0296 2076 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:05:21.0296 2076 Rdbss - ok
22:05:21.0312 2076 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:05:21.0312 2076 RDPCDD - ok
22:05:21.0343 2076 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:05:21.0343 2076 rdpdr - ok
22:05:21.0390 2076 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:05:21.0390 2076 RDPWD - ok
22:05:21.0406 2076 [ EEA3EB65C6CC7B1932CD1326DD77CF32 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:05:21.0406 2076 RDSessMgr - ok
22:05:21.0437 2076 [ 62D088CFDF90670DC22CDF236424E9AB ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:05:21.0437 2076 redbook - ok
22:05:21.0453 2076 [ 2B0854E8AACF8C70CC288D0A06FFAC39 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:05:21.0453 2076 RemoteAccess - ok
22:05:21.0468 2076 [ 6F2EB2735D6BB1157223A825D3CD073C ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:05:21.0468 2076 RemoteRegistry - ok
22:05:21.0500 2076 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
22:05:21.0500 2076 Revoflt - ok
22:05:21.0531 2076 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
22:05:21.0531 2076 rpcapd - ok
22:05:21.0562 2076 [ 2815AC43F71870138432BE578D1651B2 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:05:21.0562 2076 RpcLocator - ok
22:05:21.0593 2076 [ F283F02F93266F3F8F61F0CDE2F1CB20 ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:05:21.0593 2076 RpcSs - ok
22:05:21.0625 2076 [ A34A16450B67DB5FAEF942E7ED39363F ] RSVP C:\WINDOWS\system32\rsvp.exe
22:05:21.0640 2076 RSVP - ok
22:05:21.0671 2076 [ 487FC03649653349ACE757571EFC3EC9 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
22:05:21.0687 2076 rt2870 - ok
22:05:21.0750 2076 [ A44DC35CCB506F0321CD0976692BC261 ] RTL8192cu C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys
22:05:21.0765 2076 RTL8192cu - ok
22:05:21.0781 2076 [ 673640E09DD7B7125ED82210B7DC311A ] SamSs C:\WINDOWS\system32\lsass.exe
22:05:21.0781 2076 SamSs - ok
22:05:21.0828 2076 [ E265A9F60D6C635054C75D28716FCDCA ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
22:05:21.0843 2076 SbieDrv - ok
22:05:21.0859 2076 [ 75B191596E6C2F149AA8E0228B3E0B3A ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
22:05:21.0859 2076 SbieSvc - ok
22:05:21.0890 2076 [ 3E3DF8DB36A4BE490DECE480292EA21D ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:05:21.0890 2076 SCardSvr - ok
22:05:21.0921 2076 [ AF4A0671D5D99C1FEC74E6DA7A3E8126 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:05:21.0921 2076 Schedule - ok
22:05:21.0937 2076 Scutum50 - ok
22:05:21.0984 2076 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:05:21.0984 2076 Secdrv - ok
22:05:22.0000 2076 [ 4E0528FD3DA357DF77A8F2BBB20E64AE ] seclogon C:\WINDOWS\System32\seclogon.dll
22:05:22.0000 2076 seclogon - ok
22:05:22.0015 2076 [ 744E4A9DC5693884112A755490836927 ] SENS C:\WINDOWS\system32\sens.dll
22:05:22.0031 2076 SENS - ok
22:05:22.0046 2076 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:05:22.0046 2076 serenum - ok
22:05:22.0062 2076 [ C4E811DE8388C98EB5701A6DD2B14B33 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:05:22.0062 2076 Serial - ok
22:05:22.0125 2076 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:05:22.0125 2076 Sfloppy - ok
22:05:22.0140 2076 [ 1837E06FF5D0F553C883A4BE6162D967 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:05:22.0156 2076 SharedAccess - ok
22:05:22.0203 2076 [ DA5DEAB0AA202EEBC14BDDECB39F624B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:05:22.0203 2076 ShellHWDetection - ok
22:05:22.0218 2076 Simbad - ok
22:05:22.0218 2076 SliceDisk5 - ok
22:05:22.0250 2076 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:05:22.0250 2076 SLIP - ok
22:05:22.0281 2076 [ B8A2D4B57799555546F5A72FB82F838B ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
22:05:22.0281 2076 snapman - ok
22:05:22.0296 2076 Sparrow - ok
22:05:22.0328 2076 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:05:22.0328 2076 splitter - ok
22:05:22.0375 2076 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:05:22.0375 2076 Spooler - ok
22:05:22.0390 2076 [ EC70007BAB7C42CCD340A068F87873A6 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:05:22.0390 2076 sr - ok
22:05:22.0421 2076 [ 48E4C5D80462811166B4F3A6476F8F8E ] srservice C:\WINDOWS\system32\srsvc.dll
22:05:22.0421 2076 srservice - ok
22:05:22.0453 2076 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:05:22.0453 2076 Srv - ok
22:05:22.0468 2076 [ 139F0EE0FE18D03C1F5884B5D8985CFD ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:05:22.0468 2076 SSDPSRV - ok
22:05:22.0500 2076 [ 43DF089C841679A1B79BA10DD2592DDA ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:05:22.0531 2076 stisvc - ok
22:05:22.0546 2076 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:05:22.0546 2076 streamip - ok
22:05:22.0578 2076 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:05:22.0578 2076 swenum - ok
22:05:22.0687 2076 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:05:22.0687 2076 swmidi - ok
22:05:22.0703 2076 SwPrv - ok
22:05:22.0859 2076 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:05:22.0859 2076 SymEvent - ok
22:05:22.0890 2076 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:05:22.0906 2076 sysaudio - ok
22:05:22.0968 2076 [ 44CAFBF38C82AE81087C360FED78E5C8 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:05:22.0984 2076 SysmonLog - ok
22:05:23.0015 2076 [ 8348170623EFA63E8E9A8D234B5D350F ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
22:05:23.0015 2076 tap0901 - ok
22:05:23.0046 2076 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
22:05:23.0046 2076 taphss - ok
22:05:23.0078 2076 [ 8C7BAA64774ED2B018A4B6290E1D3F1C ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:05:23.0093 2076 TapiSrv - ok
22:05:23.0125 2076 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:05:23.0140 2076 Tcpip - ok
22:05:23.0156 2076 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:05:23.0171 2076 TDPIPE - ok
22:05:23.0171 2076 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:05:23.0187 2076 TDTCP - ok
22:05:23.0500 2076 [ 402794A75A899E296AB3EDEC4ECCB9A8 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
22:05:23.0796 2076 TeamViewer8 - ok
22:05:23.0828 2076 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:05:23.0828 2076 TermDD - ok
22:05:23.0859 2076 [ C112B5B8C597D3B69665BA2CAAAC2EC2 ] TermService C:\WINDOWS\System32\termsrv.dll
22:05:23.0859 2076 TermService - ok
22:05:23.0890 2076 [ DA5DEAB0AA202EEBC14BDDECB39F624B ] Themes C:\WINDOWS\System32\shsvcs.dll
22:05:23.0890 2076 Themes - ok
22:05:23.0921 2076 [ 3746C7754F1D1545C78CCC818A6A5B80 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:05:23.0921 2076 TlntSvr - ok
22:05:23.0937 2076 [ E5359ABA1CB023238A94658F36E2FC73 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:05:23.0953 2076 TrkWks - ok
22:05:23.0984 2076 [ ED5E4CE36C54F55E7698642E94D32EC7 ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys
22:05:23.0984 2076 truecrypt - ok
22:05:24.0015 2076 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
22:05:24.0031 2076 tunmp - ok
22:05:24.0046 2076 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\System32\Drivers\TVicHW32.sys
22:05:24.0046 2076 TVICHW32 - ok
22:05:24.0062 2076 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:05:24.0078 2076 Udfs - ok
22:05:24.0078 2076 ultra - ok
22:05:24.0125 2076 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:05:24.0140 2076 Update - ok
22:05:24.0171 2076 [ ADAEB2D4C77CC7B5EA50736CC4406116 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:05:24.0171 2076 upnphost - ok
22:05:24.0203 2076 [ 2D89CBD093E49C7BD85C561689CAFFC6 ] UPS C:\WINDOWS\System32\ups.exe
22:05:24.0203 2076 UPS - ok
22:05:24.0234 2076 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:05:24.0234 2076 usbaudio - ok
22:05:24.0250 2076 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:05:24.0265 2076 usbccgp - ok
22:05:24.0296 2076 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:05:24.0296 2076 usbehci - ok
22:05:24.0328 2076 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:05:24.0328 2076 usbhub - ok
22:05:24.0328 2076 Usblink - ok
22:05:24.0421 2076 [ E2464839C7006E57C5B77DB8956E01C4 ] USBSafelyRemoveService C:\Program Files\USB Safely Remove\USBSRService.exe
22:05:24.0437 2076 USBSafelyRemoveService - ok
22:05:24.0500 2076 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:05:24.0500 2076 usbscan - ok
22:05:24.0531 2076 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:05:24.0531 2076 USBSTOR - ok
22:05:24.0562 2076 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:05:24.0562 2076 usbuhci - ok
22:05:24.0593 2076 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:05:24.0593 2076 usbvideo - ok
22:05:24.0609 2076 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:05:24.0625 2076 VgaSave - ok
22:05:24.0625 2076 ViaIde - ok
22:05:24.0687 2076 [ C740CC9D52EB278A86F42075DA96CB19 ] VMAuthdService C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
22:05:24.0687 2076 VMAuthdService - ok
22:05:24.0718 2076 [ 753BD0240B6586ABA0D67A70B3EF44A0 ] vmci C:\WINDOWS\system32\DRIVERS\vmci.sys
22:05:24.0718 2076 vmci - ok
22:05:24.0718 2076 [ 7D509B26A43D5A6A6896C8C9AD944147 ] vmkbd C:\WINDOWS\system32\drivers\VMkbd.sys
22:05:24.0734 2076 vmkbd - ok
22:05:24.0765 2076 [ A267D2321ED281359D301BFEB8202652 ] VMnetAdapter C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
22:05:24.0765 2076 VMnetAdapter - ok
22:05:24.0796 2076 [ 77158E36768775AFCD659D0E6E4D8232 ] VMnetBridge C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
22:05:24.0796 2076 VMnetBridge - ok
22:05:24.0828 2076 [ 8285080A268210D8CE9BA96B210E2013 ] VMnetDHCP C:\WINDOWS\system32\vmnetdhcp.exe
22:05:24.0843 2076 VMnetDHCP - ok
22:05:24.0875 2076 [ 2CB5FFAFEB1BE2CDC5D13EF64583892B ] VMnetuserif C:\WINDOWS\system32\drivers\vmnetuserif.sys
22:05:24.0875 2076 VMnetuserif - ok
22:05:24.0906 2076 [ 0724BFB49D0C93EBDA25785D46622766 ] VMparport C:\WINDOWS\system32\Drivers\VMparport.sys
22:05:24.0906 2076 VMparport - ok
22:05:24.0937 2076 [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb C:\WINDOWS\system32\Drivers\vmusb.sys
22:05:24.0937 2076 vmusb - ok
22:05:25.0015 2076 [ 90B4CC5C515B52796E26F72F3EEAF643 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
22:05:25.0031 2076 VMUSBArbService - ok
22:05:25.0046 2076 [ E3991000CCB56570294236D11A3C19BE ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
22:05:25.0062 2076 VMware NAT Service - ok
22:05:25.0343 2076 [ 4B3FB4EDCD0DC0629871D7EB496252E3 ] VMwareHostd C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
22:05:25.0593 2076 VMwareHostd - ok
22:05:25.0656 2076 [ D0DC0467CCFED1720E90D4476CA85E17 ] vmx86 C:\WINDOWS\system32\Drivers\vmx86.sys
22:05:25.0656 2076 vmx86 - ok
22:05:25.0671 2076 VNic - ok
22:05:25.0703 2076 [ 77C942F961ECA976CA12B12E36F3505A ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:05:25.0703 2076 VolSnap - ok
22:05:25.0703 2076 [ 4B1B677FC0338C85E1C30BD6F1BFD584 ] vsock C:\WINDOWS\system32\drivers\vsock.sys
22:05:25.0703 2076 vsock - ok
22:05:25.0734 2076 [ 2F4E4BD86DD97FF6B9C92FA883E732C5 ] VSS C:\WINDOWS\System32\vssvc.exe
22:05:25.0750 2076 VSS - ok
22:05:25.0781 2076 [ 0DC78E40A4D1303488670B2F289ADD80 ] vstor2-mntapi10-shared C:\WINDOWS\system32\drivers\vstor2-mntapi10-shared.sys
22:05:25.0781 2076 vstor2-mntapi10-shared - ok
22:05:25.0812 2076 [ D9E7E7054A3D90805C527FD84FB5545E ] W32Time C:\WINDOWS\system32\w32time.dll
22:05:25.0812 2076 W32Time - ok
22:05:25.0859 2076 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:05:25.0859 2076 Wanarp - ok
22:05:25.0890 2076 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:05:25.0890 2076 wdmaud - ok
22:05:25.0906 2076 [ 4BEBF8CF9433C0FC87667E8B5899EA7B ] WebClient C:\WINDOWS\System32\webclnt.dll
22:05:25.0921 2076 WebClient - ok
22:05:25.0953 2076 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\WINDOWS\system32\DRIVERS\wimfltr.sys
22:05:25.0953 2076 WimFltr - ok
22:05:26.0015 2076 [ F8A4D63F979D767181F21B360C273AB4 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:05:26.0031 2076 winmgmt - ok
22:05:26.0062 2076 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:05:26.0062 2076 WmdmPmSN - ok
22:05:26.0093 2076 [ D6034E535852EBF4B3246F9FA0B99058 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:05:26.0109 2076 Wmi - ok
22:05:26.0140 2076 [ 3B0AFD6574570759A89BFB593C727F20 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:05:26.0156 2076 WmiApSrv - ok
22:05:26.0171 2076 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:05:26.0171 2076 WpdUsb - ok
22:05:26.0234 2076 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:05:26.0250 2076 WPFFontCache_v0400 - ok
22:05:26.0281 2076 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:05:26.0281 2076 WS2IFSL - ok
22:05:26.0312 2076 [ E56C0F16541332EC8331C49A36BAF88B ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:05:26.0312 2076 wscsvc - ok
22:05:26.0328 2076 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:05:26.0328 2076 WSTCODEC - ok
22:05:26.0359 2076 [ 134D66B32EF1F498F65CBF1468B75F94 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:05:26.0359 2076 wuauserv - ok
22:05:26.0390 2076 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:05:26.0406 2076 WudfPf - ok
22:05:26.0421 2076 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:05:26.0421 2076 WUDFRd - ok
22:05:26.0453 2076 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:05:26.0453 2076 WudfSvc - ok
22:05:26.0484 2076 [ ADE5FED2CD7849B4E7B6FCEC7C2E67A1 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:05:26.0500 2076 WZCSVC - ok
22:05:26.0546 2076 [ E22DF15AF05E35A8263D03E6B375090A ] XHASP c:\windows\system32\drivers\XHASP.sys
22:05:26.0546 2076 XHASP - ok
22:05:26.0578 2076 [ 0B5C34EDC41B523FB013292FA7F82FD3 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:05:26.0593 2076 xmlprov - ok
22:05:26.0640 2076 [ 0AA90BF469A44AE87155F8CED47B23E4 ] ZSMC0305 C:\WINDOWS\system32\Drivers\usbVM305.sys
22:05:26.0656 2076 ZSMC0305 - ok
22:05:26.0671 2076 ================ Scan global ===============================
22:05:26.0703 2076 [ 6289B70602254DA7FC99E636A3DE071F ] C:\WINDOWS\system32\basesrv.dll
22:05:26.0734 2076 [ FED0FDED6D73EADA0EA0F37944F91ACA ] C:\WINDOWS\system32\winsrv.dll
22:05:26.0734 2076 [ FED0FDED6D73EADA0EA0F37944F91ACA ] C:\WINDOWS\system32\winsrv.dll
22:05:26.0765 2076 [ D45A62D065043DB325A301ABD88ECC95 ] C:\WINDOWS\system32\services.exe
22:05:26.0765 2076 [Global] - ok
22:05:26.0765 2076 ================ Scan MBR ==================================
22:05:26.0781 2076 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:05:26.0953 2076 \Device\Harddisk0\DR0 - ok
22:05:26.0953 2076 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:05:26.0968 2076 \Device\Harddisk1\DR1 - ok
22:05:26.0968 2076 ================ Scan VBR ==================================
22:05:26.0968 2076 [ 4730260240CFBA0DC80DA50BCAC81BEC ] \Device\Harddisk0\DR0\Partition1
22:05:26.0968 2076 \Device\Harddisk0\DR0\Partition1 - ok
22:05:27.0000 2076 [ 36F9D24BFA915689F45F2F23BA028327 ] \Device\Harddisk0\DR0\Partition2
22:05:27.0000 2076 \Device\Harddisk0\DR0\Partition2 - ok
22:05:27.0015 2076 [ 783006BE058B21B27E139512A0F1EBDD ] \Device\Harddisk0\DR0\Partition3
22:05:27.0015 2076 \Device\Harddisk0\DR0\Partition3 - ok
22:05:27.0046 2076 [ 0943870D9CC96BB47E34B7D9C1987E0C ] \Device\Harddisk0\DR0\Partition4
22:05:27.0046 2076 \Device\Harddisk0\DR0\Partition4 - ok
22:05:27.0062 2076 [ 43E736339FD51989BB187C30C13EBAB2 ] \Device\Harddisk0\DR0\Partition5
22:05:27.0062 2076 \Device\Harddisk0\DR0\Partition5 - ok
22:05:27.0062 2076 [ 9D1DFB29E8F66A9B5483A3B24568C587 ] \Device\Harddisk1\DR1\Partition1
22:05:27.0062 2076 \Device\Harddisk1\DR1\Partition1 - ok
22:05:27.0078 2076 ============================================================
22:05:27.0078 2076 Scan finished
22:05:27.0078 2076 ============================================================
22:05:27.0078 2676 Detected object count: 0
22:05:27.0078 2676 Actual detected object count: 0
sh770p
Regular Member
 
Posts: 15
Joined: August 8th, 2013, 12:08 pm

Re: Blue Screen trying to start the computer in safe mode

Unread postby sh770p » August 10th, 2013, 3:37 pm

I have another problem with two music conversion software from CD
When I close them I get an error
Despite their own software to work properly
Programs are
Exact Audio Copy
CDex
You do not have the required permissions to view the files attached to this post.
sh770p
Regular Member
 
Posts: 15
Joined: August 8th, 2013, 12:08 pm

Re: Blue Screen trying to start the computer in safe mode

Unread postby wannabeageek » August 10th, 2013, 7:23 pm

Greetings sh770p,

You may have a problem with the kernel of the Operating System.

Please run the following:

RogueKiller
Please download RogueKiller.exe ... by Tigzy and save it to your desktop.
An alternate download can be found here.
Note: If malware prevents execution, you may try executing the program several times. If unsuccessful, rename the program to winlogon.exe.
  1. Close all open windows, quit all running programs.
  2. Double click RogueKiller.exe to run it.
  3. When the pre-scan finishes... press the Scan button.
  4. When the scan is finished, a file named RKreport.txt should appear on your desktop.
  5. Please copy and paste the contents of the RKreport.txt file in your next reply.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Blue Screen trying to start the computer in safe mode

Unread postby sh770p » August 11th, 2013, 12:57 pm

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : sh770 [Admin rights]
Mode : Scan -- Date : 08/11/2013 19:49:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 5 ¤¤¤
[Administrator][SUSP UNIC] Install LastPass IE RunOnce.lnk : C:\Documents and Settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk @C:\Program Files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [-][7][x] -> FOUND
[eMule_Secure][SUSP UNIC] Install LastPass IE RunOnce.lnk : C:\Documents and Settings\eMule_Secure\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk @C:\Program Files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [-][7][x] -> FOUND
[Guest][SUSP UNIC] Install LastPass IE RunOnce.lnk : C:\Documents and Settings\Guest\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk @C:\Program Files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [-][7][x] -> FOUND
[sh770][SUSP UNIC] Dropbox.lnk : C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Dropbox.lnk @C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe [-][7] -> FOUND
[sh770][SUSP UNIC] Mozilla Firefox.lnk : C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Mozilla Firefox.lnk @C:\Program Files\Mozilla Firefox\firefox.exe -p sh [-][7] -> FOUND

¤¤¤ Web browsers : 2 ¤¤¤
[FF][PROXY] yt5kxeg9.default : user_pref("network.proxy.hxxp", "localhost"); -> FOUND
[FF][PROXY] yt5kxeg9.default : user_pref("network.proxy.hxxp_port", 9666); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\sh770\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\sh770\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - F:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-00VTA0 +++++
--- User ---
[MBR] 25df380186d86583e64169f9d7a5927f
[BSP] 3dfe49d4197a50e59798adcbd9859f7a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51199 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 104856316 | Size: 187273 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500AAJS-00VTA0 +++++
--- User ---
[MBR] 4c19bd06850636eb9d96c995fba6725d
[BSP] 74e22e835f7c3a63091ea3cda7b0e701 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08112013_194927.txt >>
sh770p
Regular Member
 
Posts: 15
Joined: August 8th, 2013, 12:08 pm

Re: Blue Screen trying to start the computer in safe mode

Unread postby wannabeageek » August 12th, 2013, 12:07 am

Hi sh770p,

Which partitions are boot partitions?
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 12.458 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 3.683 GiB free.
E: is FIXED (NTFS) - 33 GiB total, 1.955 GiB free.
F: is FIXED (NTFS) - 44 GiB total, 19.855 GiB free.
G: is FIXED (NTFS) - 6 GiB total, 5.261 GiB free.
H: is CDROM ()
W: is FIXED (NTFS) - 932 GiB total, 10.144 GiB free.

Ubuntu is installed. This is another operating system.

Drive F shows characteristics of being a boot drive.

VistaBootPRO 3.3 is installed. This is a multiple boot program for Windows Operating systems.


Step 1.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Double click on OTL.exe to run it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Answer about multiple booting drives.
  2. Contents of OTL.txt log.
  3. Contents of Extras.txt log
  4. Any problem executing the instructions?
Thank you,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Blue Screen trying to start the computer in safe mode

Unread postby sh770p » August 12th, 2013, 11:00 am

System's boot drive is C
I have several operating systems on your PC
Ubuntu and Windows 7 on drive F
The problem is only on XP I use normally

I use Google Translate to meet I hope you understand my response
אני משתמש בגוגל תרגום כדי לענות אני מקווה שזה מובן התשובה שלי


OTL logfile created on: 12/08/2013 17:32:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sh770\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.14% Memory free
4.82 Gb Paging File | 3.43 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): C:\pagefile.sys 2050 2050E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 11.92 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 3.65 Gb Free Space | 3.65% Space Free | Partition Type: NTFS
Drive E: | 32.87 Gb Total Space | 1.95 Gb Free Space | 5.95% Space Free | Partition Type: NTFS
Drive F: | 44.26 Gb Total Space | 19.86 Gb Free Space | 44.86% Space Free | Partition Type: NTFS
Drive G: | 5.75 Gb Total Space | 5.26 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive W: | 931.51 Gb Total Space | 10.14 Gb Free Space | 1.09% Space Free | Partition Type: NTFS

Computer Name: CHABADGAT | User Name: sh770 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/12 17:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
PRC - [2013/08/07 16:46:13 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/24 01:57:42 | 002,251,360 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2013/07/19 00:16:13 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2008/07/25 14:22:52 | 000,031,744 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\DCSUserProt.exe
PRC - [2008/07/25 14:22:50 | 000,267,287 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\procguard.exe
PRC - [2008/07/25 14:11:58 | 000,120,832 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\pgaccount.exe
PRC - [2008/04/14 15:00:00 | 001,202,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/11 20:58:56 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\winamp.lng
MOD - [2013/08/11 20:58:56 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\burnlib.lng
MOD - [2013/08/11 20:58:56 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\dsp_sps.lng
MOD - [2013/08/11 20:58:56 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_aacplus.lng
MOD - [2013/08/11 20:58:56 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_wma.lng
MOD - [2013/08/11 20:58:56 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_lame.lng
MOD - [2013/08/11 20:58:56 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_vorbis.lng
MOD - [2013/08/11 20:58:56 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_flac.lng
MOD - [2013/08/11 20:58:56 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_wav.lng
MOD - [2013/08/11 20:58:55 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\vis_avs.lng
MOD - [2013/08/11 20:58:55 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_pmp.lng
MOD - [2013/08/11 20:58:55 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\out_ds.lng
MOD - [2013/08/11 20:58:55 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_wire.lng
MOD - [2013/08/11 20:58:55 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_playlists.lng
MOD - [2013/08/11 20:58:55 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_usb.lng
MOD - [2013/08/11 20:58:55 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\vis_nsfs.lng
MOD - [2013/08/11 20:58:55 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\out_wave.lng
MOD - [2013/08/11 20:58:55 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_plg.lng
MOD - [2013/08/11 20:58:55 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_transcode.lng
MOD - [2013/08/11 20:58:55 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\tagz.lng
MOD - [2013/08/11 20:58:55 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_ipod.lng
MOD - [2013/08/11 20:58:55 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\out_disk.lng
MOD - [2013/08/11 20:58:55 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_rg.lng
MOD - [2013/08/11 20:58:55 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_p4s.lng
MOD - [2013/08/11 20:58:55 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_activesync.lng
MOD - [2013/08/11 20:58:55 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_njb.lng
MOD - [2013/08/11 20:58:54 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_local.lng
MOD - [2013/08/11 20:58:54 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_disc.lng
MOD - [2013/08/11 20:58:54 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_wm.lng
MOD - [2013/08/11 20:58:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_vorbis.lng
MOD - [2013/08/11 20:58:54 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_autotag.lng
MOD - [2013/08/11 20:58:54 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_history.lng
MOD - [2013/08/11 20:58:54 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_online.lng
MOD - [2013/08/11 20:58:54 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_bookmarks.lng
MOD - [2013/08/11 20:58:54 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_dash.lng
MOD - [2013/08/11 20:58:54 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_wave.lng
MOD - [2013/08/11 20:58:54 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_orb.lng
MOD - [2013/08/11 20:58:54 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_nowplaying.lng
MOD - [2013/08/11 20:58:53 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_mp3.lng
MOD - [2013/08/11 20:58:53 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_midi.lng
MOD - [2013/08/11 20:58:53 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_mod.lng
MOD - [2013/08/11 20:58:53 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_ml.lng
MOD - [2013/08/11 20:58:53 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_nsv.lng
MOD - [2013/08/11 20:58:53 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_cdda.lng
MOD - [2013/08/11 20:58:53 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_hotkeys.lng
MOD - [2013/08/11 20:58:53 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_tray.lng
MOD - [2013/08/11 20:58:53 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_dshow.lng
MOD - [2013/08/11 20:58:53 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_flac.lng
MOD - [2013/08/11 20:58:53 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_mp4.lng
MOD - [2013/08/11 20:58:53 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_linein.lng
MOD - [2013/08/11 20:58:52 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_ff.lng
MOD - [2013/08/11 20:58:52 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_crasher.lng
MOD - [2013/08/07 16:46:12 | 003,534,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/18 08:14:53 | 016,166,280 | ---- | M] () -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/01/15 18:59:46 | 000,106,304 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCComputerMenu.dll
MOD - [2013/01/15 18:47:02 | 000,143,168 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2012/11/21 07:26:34 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2012/06/29 14:53:22 | 000,335,872 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_mixer.dll
MOD - [2012/06/29 14:53:21 | 000,869,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_dropbox.dll
MOD - [2012/01/29 13:54:40 | 000,408,576 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2012/01/20 11:55:04 | 000,427,520 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2010/10/05 21:26:52 | 002,111,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avzkrnl.dll
MOD - [2010/07/05 00:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/07/19 00:16:13 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/18 08:14:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/08 14:28:42 | 000,129,112 | ---- | M] (Sandboxie Holdings, LLC) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2013/07/08 14:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/03/13 23:56:20 | 001,035,576 | ---- | M] (Crystal Rich Ltd) [On_Demand | Stopped] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2013/02/26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 02:54:34 | 013,242,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2013/02/26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/01/05 18:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/06/25 20:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2009/04/21 12:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\system32\hasplms.exe -- (hasplms)
SRV - [2008/07/25 14:22:52 | 000,031,744 | ---- | M] (DiamondCS) [Auto | Running] -- C:\Program Files\ProcessGuard\DCSUserProt.exe -- (DCSPGSRV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VNic.sys -- (VNic)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ulink.sys -- (Usblink)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk.sys -- (SliceDisk5)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Scutum50.sys -- (Scutum50)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sh770\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sh770\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2013/07/08 14:28:40 | 000,159,208 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2013/06/24 19:13:12 | 000,158,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\snapman.sys -- (snapman)
DRV - [2013/05/19 14:04:42 | 000,124,504 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/29 22:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/02/26 03:29:02 | 000,034,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2013/02/26 03:28:26 | 000,024,272 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2013/02/26 03:28:06 | 000,026,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2013/02/26 03:28:04 | 000,062,416 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2013/02/26 03:27:46 | 000,026,064 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2013/02/26 03:27:46 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/12/20 19:11:38 | 000,026,624 | ---- | M] (wj32) [Kernel | System | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV - [2012/12/19 21:04:16 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/12/06 01:55:03 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/24 15:16:58 | 000,061,464 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsock.sys -- (vsock)
DRV - [2012/10/24 15:16:50 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmci.sys -- (vmci)
DRV - [2012/10/11 17:15:36 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/10/11 17:15:06 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2012/08/01 21:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/06/13 16:49:30 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/05/02 17:50:14 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2012/05/02 17:44:38 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/08/08 21:13:10 | 000,117,584 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2011/07/12 10:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2011/06/26 03:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/26 03:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/09/01 16:07:24 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/08/27 16:04:42 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2010/08/06 23:45:28 | 000,907,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010/06/25 20:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/05/21 20:34:12 | 000,827,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/21 21:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/21 21:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/01/16 12:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/10/17 07:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/07/25 14:33:06 | 000,026,688 | ---- | M] (DiamondCS) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\procguard.sys -- (procguard)
DRV - [2008/01/19 00:43:20 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/10/19 03:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/04/26 02:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)
DRV - [2005/11/03 10:46:43 | 000,390,379 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2005/10/16 08:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/04 22:11:40 | 000,013,654 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\IPSecVPN.sys -- (IPSecVPN)
DRV - [2002/12/24 21:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cfadisk.sys -- (cfadisk)
DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\loop.sys -- (msloop)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes,DefaultScope = {A29C6051-83AD-4B4F-ADDE-18FFC2E7AD07}
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes\{A29C6051-83AD-4B4F-ADDE-18FFC2E7AD07}: "URL" = http://www.google.co.il/search?hl=iw&q={searchTerms}
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.context.loadInBackground: true
FF - prefs.js..browser.search.defaultenginename: "׳’׳•׳’׳œ ג€¢ ׳—׳™׳₪׳•׳© ׳ž׳•׳¦׳₪׳Ÿ"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "׳’׳•׳’׳œ ג€¢ ׳—׳™׳₪׳•׳© ׳ž׳•׳¦׳₪׳Ÿ"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2
FF - prefs.js..extensions.enabledAddons: optimizegoogle%40optimizegoogle.com:0.79.1
FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.1pre.130809a
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "https://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9151/"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9150
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: d:\FirefoxPortable ols\App\Firefox\components [2013/07/15 23:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: d:\FirefoxPortable ols\App\Firefox\plugins [2013/07/25 01:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/07 16:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/07 16:46:02 | 000,000,000 | ---D | M]

[2013/07/15 23:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Extensions
[2013/07/03 00:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions
[2013/07/02 18:36:39 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions\ascsurfingprotection@iobit.com
[2012/07/26 18:37:03 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions\support@lastpass.com
[2013/08/10 20:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions
[2013/06/16 20:03:19 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/04/17 12:34:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/11/25 16:28:28 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\mintrayr@tn123.ath.cx
[2013/02/10 22:55:30 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\support@lastpass.com
[2013/07/02 19:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions
[2013/07/02 19:55:04 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions\support@lastpass.com
[2013/07/02 18:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions
[2013/07/02 18:36:40 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\ascsurfingprotection@iobit.com
[2012/07/15 23:18:19 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\ietab@ip.cn
[2013/06/17 18:13:57 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\support@lastpass.com
[2013/07/02 18:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions
[2012/07/14 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/07/14 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/07/14 23:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2013/07/02 18:36:41 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\ascsurfingprotection@iobit.com
[2012/07/14 23:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\mintrayr@tn123.ath.cx
[2012/07/14 23:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\support@lastpass.com
[2013/06/17 19:03:27 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/04 11:37:59 | 000,119,515 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/07/16 00:31:55 | 000,025,781 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012/08/23 21:36:31 | 000,024,018 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\customization@adblockplus.org.xpi
[2012/07/15 20:48:21 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/07/15 17:20:55 | 000,236,088 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\optimizegoogle@optimizegoogle.com.xpi
[2012/10/10 17:22:54 | 000,042,737 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2013/07/31 22:01:48 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/15 17:20:55 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/08/10 20:37:38 | 000,815,640 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/08/04 11:37:59 | 000,275,449 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/06/12 02:13:23 | 000,402,344 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/11/27 18:17:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/15 23:08:35 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\elemhidehelper@adblockplus.org.xpi
[2013/06/17 18:22:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/12 22:43:47 | 000,025,781 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012/07/06 00:12:19 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/04/22 12:53:32 | 000,236,088 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\optimizegoogle@optimizegoogle.com.xpi
[2012/06/22 00:33:29 | 000,061,700 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2012/07/04 09:21:17 | 000,743,290 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/05/20 10:02:17 | 000,697,058 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/07/08 22:29:00 | 000,324,741 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/07/15 22:30:52 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\---.xml
[2013/06/12 06:20:09 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\duckduckgo-tor.xml
[2013/07/12 00:31:38 | 000,010,316 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\duckduckgo.xml
[2013/02/10 01:45:59 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\firefox-add-ons.xml
[2012/11/25 20:05:15 | 000,005,598 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\google-ssl-1.xml
[2012/11/25 20:03:10 | 000,008,215 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\google-ssl.xml
[2013/08/11 20:43:51 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\ixquick-https.xml
[2013/08/11 20:43:51 | 000,005,519 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\startpage-https.xml
[2013/02/10 01:46:43 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\the-pirate-bay.xml
[2013/08/07 16:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/07 16:46:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/08/05 02:31:44 | 000,000,027 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll ()
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\.DEFAULT..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-18..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
O4 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - Startup: C:\Documents and Settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\eMule_Secure\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\Guest\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Dropbox.lnk = C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O8 - Extra context menu item: הוסף לאנטי באנר - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 3952319953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2371633937 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.179.52.100 80.179.55.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E40AD9AC-0131-41E5-8124-6F69F2089729}: DhcpNameServer = 80.179.52.100 80.179.55.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E40AD9AC-0131-41E5-8124-6F69F2089729}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/17 02:01:48 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:01:51 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:01:54 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:02:01 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/07/17 15:15:53 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/07/17 15:15:49 | 000,000,000 | RHSD | M] - W:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2842/08/08 23:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\open-in-default-browser
[2013/08/12 17:29:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
[2013/08/11 19:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\RK_Quarantine
[2013/08/11 16:27:14 | 027,889,069 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\sh770\שולחן העבודה\tor-browser-2.3.25-11_en-US.exe
[2013/08/10 23:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\RMPrepUSB
[2013/08/10 23:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\RMPrepUSB Full v2.1.709
[2013/08/10 22:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\memtest86-iso
[2013/08/10 22:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\memtest86-usb.img
[2013/08/10 22:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\memtest86-usb
[2013/08/10 21:45:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sh770\שולחן העבודה\tdsskiller.exe
[2013/08/09 12:46:47 | 000,000,000 | ---D | C] -- d:\uTorrentPortable
[2013/08/07 17:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Defraggler
[2013/08/07 16:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\TeamViewer 8
[2013/08/07 16:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/08/07 16:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/06 00:37:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/05 16:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\CDex
[2013/08/05 16:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\CDex
[2013/08/05 09:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\CDex
[2013/08/05 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\CDex_150
[2013/08/05 09:41:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/05 09:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\SafeBoot
[2013/08/05 06:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2013/08/05 01:52:31 | 000,000,000 | R--D | C] -- d:\My Videos
[2013/08/05 01:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2013/08/04 22:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Local Settings\Application Data\Remove Toolbar Buddy
[2013/08/04 22:48:39 | 001,140,728 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:39 | 000,587,768 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:39 | 000,509,944 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 002,717,688 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 001,906,680 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.Controls.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.Ocx
[2013/08/04 22:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Scorpio Software
[2013/08/04 22:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scorpio Software
[2013/07/29 15:43:40 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2013/07/29 15:43:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2013/07/29 15:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/07/29 15:02:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/07/29 15:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/07/29 14:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2013/07/27 22:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/07/24 23:59:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\sh770\UserData
[2013/07/21 21:24:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/07/21 14:20:01 | 000,000,000 | ---D | C] -- d:\My Music
[2013/07/19 00:16:31 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/19 00:16:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/19 00:16:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/19 00:16:26 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/18 14:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/18 14:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Local Settings\Application Data\Kaluach3
[2013/07/18 14:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Application Data\pdfforge
[2013/07/17 13:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Toolkit
[2013/07/16 00:06:48 | 000,000,000 | ---D | C] -- d:\FirefoxPortable
[2010/01/12 01:37:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\sh770\Application Data\pcouffin.sys
[2009/09/17 18:26:41 | 006,221,896 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2013/08/12 17:30:18 | 000,126,632 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2013/08/12 17:30:07 | 002,811,520 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2013/08/12 17:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
[2013/08/12 17:27:06 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/11 16:28:49 | 027,889,069 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\sh770\שולחן העבודה\tor-browser-2.3.25-11_en-US.exe
[2013/08/11 16:17:53 | 000,920,576 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\RogueKiller.exe
[2013/08/11 08:40:12 | 000,710,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/11 08:40:12 | 000,587,246 | ---- | M] () -- C:\WINDOWS\System32\perfh00d.dat
[2013/08/11 08:40:12 | 000,132,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/11 08:40:12 | 000,132,250 | ---- | M] () -- C:\WINDOWS\System32\perfc00d.dat
[2013/08/11 08:35:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/11 08:35:40 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/11 01:47:11 | 000,004,783 | ---- | M] () -- C:\menu.lst
[2013/08/11 00:58:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/10 22:27:11 | 000,024,176 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\417.jpg
[2013/08/10 21:45:23 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sh770\שולחן העבודה\tdsskiller.exe
[2013/08/10 20:36:32 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/09 13:32:02 | 000,000,964 | ---- | M] () -- C:\WINDOWS\Kaluach3.INI
[2013/08/08 19:40:18 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\dds.scr
[2013/08/07 18:26:07 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/05 10:25:40 | 000,000,124 | ---- | M] () -- d:\ax_files.xml
[2013/08/05 02:31:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/05 01:53:13 | 000,000,248 | ---- | M] () -- d:\Ammyy_Contact_Book.bin
[2013/08/04 01:35:47 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Dropbox.lnk
[2013/08/01 22:04:52 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013/07/30 19:06:13 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\winscp.rnd
[2013/07/30 12:14:29 | 000,167,274 | ---- | M] () -- C:\WinVBlock.IMG.gz
[2013/07/29 13:26:12 | 000,125,270 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\רוטשילד.png
[2013/07/28 23:03:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Microsoft\Internet Explorer\Quick Launch\Process Hacker 2.lnk
[2013/07/21 11:50:11 | 000,082,021 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\3.5-5 מהלך שנת הלימודים במגזר היהודי בשנת הלימודים התשע_ד (לוח החופשות, החגים והימים המיוחדים).pdf
[2013/07/21 11:50:05 | 000,078,168 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\3.5-9 לוח החופשות בחינוך החרדי בשנה_ל התשע_ד.pdf
[2013/07/19 00:16:14 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/19 00:16:12 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/19 00:16:12 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/19 00:16:12 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/19 00:16:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/19 00:16:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/19 00:16:12 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/18 08:14:53 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/18 08:14:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/17 17:17:29 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/14 00:59:16 | 000,002,930 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/07/13 23:25:02 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\Xnet - עוגיות קוואקר בלי מרגרינה (אבל עם המון זיכרונות).URL
[2013/07/13 23:24:50 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\Xnet - עוגיות שוקולד צ'יפס ללא מרגרינה.URL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2013/08/11 16:17:37 | 000,920,576 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\RogueKiller.exe
[2013/08/10 22:27:10 | 000,024,176 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\417.jpg
[2013/08/08 19:40:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\dds.scr
[2013/08/07 10:02:39 | 2138,296,320 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/01 22:04:51 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2013/08/01 22:03:20 | 000,000,025 | ---- | C] () -- d:\popcinfot.dat
[2013/07/30 22:20:01 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\gcapi_dll.dll
[2013/07/30 12:14:27 | 000,167,274 | ---- | C] () -- C:\WinVBlock.IMG.gz
[2013/07/29 16:16:11 | 000,175,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/29 13:26:11 | 000,125,270 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\רוטשילד.png
[2013/07/21 19:36:50 | 000,000,124 | ---- | C] () -- d:\ax_files.xml
[2013/07/21 11:50:10 | 000,082,021 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\3.5-5 מהלך שנת הלימודים במגזר היהודי בשנת הלימודים התשע_ד (לוח החופשות, החגים והימים המיוחדים).pdf
[2013/07/21 11:49:56 | 000,078,168 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\3.5-9 לוח החופשות בחינוך החרדי בשנה_ל התשע_ד.pdf
[2013/07/13 23:25:02 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\Xnet - עוגיות קוואקר בלי מרגרינה (אבל עם המון זיכרונות).URL
[2013/07/13 23:24:50 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\Xnet - עוגיות שוקולד צ'יפס ללא מרגרינה.URL
[2013/06/13 17:06:06 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\sh770\.rnd
[2013/05/09 19:18:44 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/05 21:38:03 | 000,013,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\IPSecVPN.sys
[2013/04/25 17:10:52 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\sh770\.recently-used.xbel
[2013/02/07 02:04:45 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\sh770\ntuser.pol
[2012/12/27 22:25:00 | 000,302,402 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/19 21:05:51 | 000,116,189 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/12/19 21:05:51 | 000,098,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/09/24 06:17:01 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2012/08/21 18:28:22 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\sh770\SecurityKISSTunnel.config
[2012/07/04 19:57:11 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\sh770\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/02 18:03:11 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Macro.ini
[2012/06/05 18:49:54 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\sh770\.swfinfo
[2012/05/31 14:49:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/02 17:56:21 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\F4273C6D.bin
[2012/05/02 17:50:14 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2012/05/02 17:48:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdsuinst.exe
[2012/05/02 17:44:38 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2012/02/15 21:40:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 22:57:38 | 000,002,930 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/01/30 18:27:29 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/10/05 19:54:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/04/08 01:44:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\winscp.rnd
[2011/03/12 23:44:45 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/11/03 21:50:10 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/16 21:30:29 | 034,516,576 | ---- | C] () -- C:\Documents and Settings\sh770\ff_ppz_1266345016343.ppz
[2010/01/12 01:37:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\pcouffin.cat
[2010/01/12 01:37:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\pcouffin.inf
[2009/08/31 23:30:12 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sh770\PUTTY.RND
[2009/08/28 00:09:47 | 000,000,303 | ---- | C] () -- C:\Documents and Settings\sh770\.jupload.properties
[2009/06/16 22:05:03 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2009/06/02 16:24:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 02:11:17 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:53:33 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 15:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\sh770\שולחן העבודה\תשרי בליובביץ חלק ראשון.mp4:SummaryInformation
@Alternate Data Stream - 108 bytes -> C:\Windows:

< End of report >

OTL Extras logfile created on: 12/08/2013 17:32:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sh770\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.14% Memory free
4.82 Gb Paging File | 3.43 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): C:\pagefile.sys 2050 2050E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 11.92 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 3.65 Gb Free Space | 3.65% Space Free | Partition Type: NTFS
Drive E: | 32.87 Gb Total Space | 1.95 Gb Free Space | 5.95% Space Free | Partition Type: NTFS
Drive F: | 44.26 Gb Total Space | 19.86 Gb Free Space | 44.86% Space Free | Partition Type: NTFS
Drive G: | 5.75 Gb Total Space | 5.26 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive W: | 931.51 Gb Total Space | 10.14 Gb Free Space | 1.09% Space Free | Partition Type: NTFS

Computer Name: CHABADGAT | User Name: sh770 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP פורט 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP פורט 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP פורט 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP פורט 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP פורט 37675
"1947:TCP" = 1947:TCP:*:Disabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Disabled:HASP SRM
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe" = C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe:*:Enabled:Chrome -- (Google Inc.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ammyy Admin\AA_v3.exe" = C:\Program Files\Ammyy Admin\AA_v3.exe:*:Disabled:Ammyy Admin -- ()
"D:\תוכנות ארכיון\eMule0.49c\emule.exe" = D:\תוכנות ארכיון\eMule0.49c\emule.exe:*:Disabled:eMule -- (http://www.emule-project.net)
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\en\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\en\setup.exe:*:Disabled:Kaspersky Internet Security 2011 -- (Kaspersky Lab)
"D:\אתר\אנשי קשר ישן\MailDB chabad\MailDB.exe" = D:\אתר\אנשי קשר ישן\MailDB chabad\MailDB.exe:*:Disabled:MailDB -- (Romkal)
"C:\Windows\system32\mmc.exe" = C:\Windows\system32\mmc.exe:*:Disabled:‎‎Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Disabled:Miranda IM -- ( )
"D:\תוכנות ארכיון\Skype Portable\Skype.exe" = D:\תוכנות ארכיון\Skype Portable\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Miranda IM\SKYPE\Skype.exe" = C:\Program Files\Miranda IM\SKYPE\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Disabled:VMware Authd Service -- (VMware, Inc.)
"C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe:*:Disabled:VMware Workstation Server -- ()
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Applian Technologies\Replay Media Catcher 5\aria2c.exe" = C:\Program Files\Applian Technologies\Replay Media Catcher 5\aria2c.exe:*:Enabled:Replay Media Catcher 5 Torrent Module -- ()
"C:\Program Files\Applian Technologies\Replay Media Catcher 5\qtCopy.exe" = C:\Program Files\Applian Technologies\Replay Media Catcher 5\qtCopy.exe:*:Enabled:Replay Media Catcher 5 QT Module -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe" = C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe:*:Enabled:Chrome -- (Google Inc.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Ammyy Admin\AA_v3.2.exe" = C:\Program Files\Ammyy Admin\AA_v3.2.exe:*:Enabled:Ammyy Admin -- ()
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\sh770\שולחן העבודה\uTorrentPortable\App\uTorrent\uTorrent.exe" = C:\Documents and Settings\sh770\שולחן העבודה\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{049D548B-B724-4E16-B55E-7B78B7A28A37}" = InstEd 1.5.12.21
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.8
"{26583DDE-7506-4046-9C3A-F02852537B8A}" = Splash PRO EX
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{68880887-285F-4260-989B-8B22020D756F}" = E-GOV.IL Sign&Verify Software - AGForm toolbar
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E78471-E122-4101-8744-CEB6C5C027A0}" = Foxit PDF IFilter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{879C4951-5561-324B-B0F5-AA0864C4499E}" = Microsoft .NET Framework 4 Extended HEB Language Pack
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC35EC2-F690-3417-8175-ED16EC771126}" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040D-0000-0000000FF1CE}" = חבילת תאימות עבור מהדורת 2007 של מערכת Office
"{90120000-00B2-040D-0000-0000000FF1CE}" = תוספת שמירה בשם כ- PDF או XPS של Microsoft עבור תוכניות Microsoft Office 2007
"{90140000-0010-040D-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Hebrew) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961688FD-5FD8-3D21-BE82-ACB1800EBEA2}" = Microsoft .NET Framework 3.5 Language Pack SP1 - heb
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B591BD75-2811-4D09-A590-0D06E4762F34}" = Sudoku Solver V 1.3
"{B70F9EB4-1848-4060-973B-9D9952F2D5C9}" = Responsa CD19
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F49C5BB6-77AF-40EA-AD40-C54FDB05803D}" = Adobe Setup
"{F5BF6AF4-DD9C-4A2C-9B66-DED3E8FD746E}" = Acronis Backup & Recovery 11.5 Bootable Media Builder
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 2.2a
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_95e0cc74dbf32662d4445ac1ef67d56" = Adobe InDesign CS4
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"aignesamdeadlink_is1" = AM-DeadLink 4.5
"AnalogX DXMan" = AnalogX DXMan
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 2.0.3
"AuthoringTool " = AuthoringTool 1.0.7
"BurnInTest_is1" = BurnInTest v7.0 Pro
"Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1" = Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Defraggler" = Defraggler
"DiamondCS ProcessGuard_is1" = DiamondCS ProcessGuard v3.500
"Dream Aquarium" = Dream Aquarium 1.2415
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.8
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"EasyBCD" = EasyBCD 2.2
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FLAC" = FLAC 1.2.1b (remove only)
"FlashBoot_is1" = FlashBoot 2.1m
"FlashFXP" = FlashFXP
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader
"Greatis Reanimator_is1" = RegRun Reanimator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.4
"Icons from File_is1" = Icons from File 3.4
"InfraRecorder" = InfraRecorder
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"IrfanView" = IrfanView (remove only)
"Kaluach3" = Kaluach3
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware גירסה 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - heb" = ערכת שפה של Microsoft .NET Framework 3.5 SP1 - heb
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile HEB Language Pack" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended HEB Language Pack" = Microsoft .NET Framework 4 Extended HEB Language Pack
"Miranda IM" = Miranda IM 0.10.11
"Mozilla Firefox 22.0 (x86 he)" = Mozilla Firefox 22.0 (x86 he)
"Mozilla Firefox 23.0 (x86 he)" = Mozilla Firefox 23.0 (x86 he)
"Mp3 Knife_is1" = Mp3 Knife 3.2
"mp3splt-gtk" = mp3splt-gtk
"Mp3tag" = Mp3tag v2.55a
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"NirSoft WebVideoCap" = NirSoft WebVideoCap
"NirSoft WirelessNetView" = NirSoft WirelessNetView
"nLite_is1" = nLite 1.4.9.1
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8k Light (32-bit)
"Opera 12.16.1860" = Opera 12.16
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Process_Hacker2_is1" = Process Hacker 2.31 (r5355)
"Recuva" = Recuva
"Registry Workshop" = Registry Workshop
"Remove Toolbar Buddy_is1" = Remove Toolbar Buddy 6.1
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.3)
"Replay Media Catcher 5" = Replay Media Catcher 5 (5.0.0.99)
"RMPrepUSB" = RMPrepUSB
"RollerCoaster Tycoon Setup" = Roll
"Sandboxie" = Sandboxie 4.04 (32-bit)
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SysTracer" = SysTracer v2.6
"TeamViewer 8" = TeamViewer 8
"TeraCopy_is1" = TeraCopy 2.3 beta 2
"The KMPlayer" = The KMPlayer
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.60
"UltraISO_is1" = UltraISO Premium V9.52
"UnHackMe_is1" = UnHackMe 5.99 release
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Unlocker" = Unlocker 1.9.2
"USB Safely Remove_is1" = USB Safely Remove 5.2
"VLC media player" = VLC media player 2.0.7
"VMware_Workstation" = VMware Workstation
"Winamp" = Winamp
"Windows Unattended CD Creator" = Windows Unattended CD Creator 1.0.2 Beta 10
"Windows Update Remover" = Windows Update Remover
"WinHex" = WinHex
"WinImage" = WinImage
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 5.00 ביתא 5 (32-סיביות)
"winscp3_is1" = WinSCP 5.1.5
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"Wubi" = Ubuntu
"תורת אמת - 346" = תורת אמת - 346
"תורת אמת - 347" = תורת אמת - 347

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2013 23:08:50 | Computer Name = CHABADGAT | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 13/06/2013 01:33:12 | Computer Name = CHABADGAT | Source = nginx | ID = 3299
Description = E:\nginx-1.5.1\nginx.exe: could not open error log file: CreateFile()
"logs/error.log" failed (3: The system cannot find the path specified) .

[ System Events ]
Error - 08/08/2013 02:41:20 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 08/08/2013 10:44:11 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 08/08/2013 13:41:36 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 08/08/2013 13:42:02 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.

Error - 09/08/2013 04:33:54 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 09/08/2013 04:34:07 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.

Error - 10/08/2013 13:38:14 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 10/08/2013 13:38:26 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.

Error - 10/08/2013 18:02:29 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 11/08/2013 01:37:20 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2


< End of report >
sh770p
Regular Member
 
Posts: 15
Joined: August 8th, 2013, 12:08 pm

Re: Blue Screen trying to start the computer in safe mode

Unread postby wannabeageek » August 12th, 2013, 11:22 pm

Greetings sh770p,

Step 1.
IObit
You have a product installed from iObit:
Advanced SystemCare 6
This company has been involved in some dubious activities, as you can seehere.
Please remove the program listed above. We do not support this type of behavior.


Step 2.
OTL - System Scan/Fix
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
  2. Under the Standard Registry box change it to All.
  3. Check/tick the boxes beside LOP Check and Purity Check.
  4. Copy the following text... do not include the quote box title "Quote'
    :Commands
    [CREATERESTOREPOINT]

    :OTL
    MOD - [2013/01/15 18:59:46 | 000,106,304 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCComputerMenu.dll
    MOD - [2013/01/15 18:47:02 | 000,143,168 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
    [2013/07/02 18:36:40 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\ascsurfingprotection@iobit.com
    [2013/07/02 18:36:41 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\ascsurfingprotection@iobit.com
    [2013/02/10 01:46:43 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\the-pirate-bay.xml
    O4 - Startup: C:\Documents and Settings\eMule_Secure\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    [2013/08/09 12:46:47 | 000,000,000 | ---D | C] -- d:\uTorrentPortable
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\sh770\שולחן העבודה\תשרי בליובביץ חלק ראשון.mp4:SummaryInformation
    @Alternate Data Stream - 108 bytes -> C:\Windows:

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "D:\תוכנות ארכיון\eMule0.49c\emule.exe"=-
    "C:\Documents and Settings\sh770\שולחן העבודה\uTorrentPortable\App\uTorrent\uTorrent.exe"=-

    :Commands
    [EMPTYTEMP]
  5. Click under the Custom Scan/Fixes box and paste the copied text.
  6. Click the Run Fix button. If prompted... click OK.
  7. When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  8. Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
  2. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Blue Screen trying to start the computer in safe mode

Unread postby sh770p » August 13th, 2013, 9:31 am

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Folder C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\ascsurfingprotection@iobit.com\ not found.
Folder C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\ascsurfingprotection@iobit.com\ not found.
C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\the-pirate-bay.xml moved successfully.
C:\Documents and Settings\eMule_Secure\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk moved successfully.
C:\Program Files\Common Files\lpuninstall.exe moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
d:\uTorrentPortable\Other\Source folder moved successfully.
d:\uTorrentPortable\Other\Help\Images folder moved successfully.
d:\uTorrentPortable\Other\Help folder moved successfully.
d:\uTorrentPortable\Other folder moved successfully.
d:\uTorrentPortable\Data\torrents folder moved successfully.
d:\uTorrentPortable\Data\settings\share folder moved successfully.
d:\uTorrentPortable\Data\settings\ie folder moved successfully.
d:\uTorrentPortable\Data\settings\dlimagecache folder moved successfully.
d:\uTorrentPortable\Data\settings\Cache folder moved successfully.
d:\uTorrentPortable\Data\settings\apps folder moved successfully.
d:\uTorrentPortable\Data\settings folder moved successfully.
d:\uTorrentPortable\Data\PortableApps.comInstaller folder moved successfully.
d:\uTorrentPortable\Data\downloads folder moved successfully.
d:\uTorrentPortable\Data folder moved successfully.
d:\uTorrentPortable\App\uTorrent\updates folder moved successfully.
d:\uTorrentPortable\App\uTorrent\share folder moved successfully.
d:\uTorrentPortable\App\uTorrent folder moved successfully.
d:\uTorrentPortable\App\DefaultData\torrents folder moved successfully.
d:\uTorrentPortable\App\DefaultData\settings folder moved successfully.
d:\uTorrentPortable\App\DefaultData\downloads folder moved successfully.
d:\uTorrentPortable\App\DefaultData folder moved successfully.
d:\uTorrentPortable\App\AppInfo\Launcher folder moved successfully.
d:\uTorrentPortable\App\AppInfo folder moved successfully.
d:\uTorrentPortable\App folder moved successfully.
d:\uTorrentPortable folder moved successfully.
ADS C:\Documents and Settings\sh770\שולחן העבודה\תשרי בליובביץ חלק ראשון.mp4:SummaryInformation deleted successfully.
Unable to delete ADS C:\Windows: .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\תוכנות ארכיון\eMule0.49c\emule.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\sh770\שולחן העבודה\uTorrentPortable\App\uTorrent\uTorrent.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 611 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: eMule_Secure
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: sh770
->Temp folder emptied: 18061378 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 922700014 bytes
->Opera cache emptied: 1828210 bytes
->Flash cache emptied: 428674 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 73504 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2792080 bytes

Total Files Cleaned = 902.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08132013_162334

Files\Folders moved on Reboot...
C:\WINDOWS\temp\hlktmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
sh770p
Regular Member
 
Posts: 15
Joined: August 8th, 2013, 12:08 pm

Re: Blue Screen trying to start the computer in safe mode

Unread postby wannabeageek » August 13th, 2013, 11:55 pm

Hi sh770p,

System restore did not function correctly.
========== COMMANDS ==========
System Restore Service not available.



Please run the following:
Farbar Service Scanner (FSS)
SCAN Option
Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  1. Double click FSS.exe to run it on the computer with the issue.
  2. Make sure the following options are checked:
    • Internet Services (checked by default)
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  3. Press the "Scan" button.
    When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
  4. Please copy and paste the contents of the FSS.txt log to your reply.
    Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Blue Screen trying to start the computer in safe mode

Unread postby sh770p » August 14th, 2013, 1:03 am

Farbar Service Scanner Version: 04-08-2013
Ran by sh770 (administrator) on 14-08-2013 at 07:59:30
Running from "C:\Documents and Settings\sh770\שולחן העבודה"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-06-02 01:52] - [2008-04-14 15:00] - 0126976 ____A (Microsoft Corporation) 9B1ABA1F15F97AFAAD54597B8801C3C5

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-06-02 01:52] - [2009-04-20 20:18] - 0045568 ____A (Microsoft Corporation) 515C0419254D9C037AA967FC5AB429D5

C:\WINDOWS\system32\ipnathlp.dll
[2009-06-02 01:52] - [2008-04-14 15:00] - 0331264 ____A (Microsoft Corporation) 1837E06FF5D0F553C883A4BE6162D967

C:\WINDOWS\system32\netman.dll
[2009-06-02 01:52] - [2008-04-14 15:00] - 0197632 _____ (Microsoft Corporation) 0BFA2A7D8200F5638AB8091FE12F54D6

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-06-02 03:16] - [2008-04-14 15:00] - 0144896 ____A (Microsoft Corporation) F8A4D63F979D767181F21B360C273AB4

C:\WINDOWS\system32\srsvc.dll
[2009-06-02 03:17] - [2008-04-14 15:00] - 0170496 _____ (Microsoft Corporation) 48E4C5D80462811166B4F3A6476F8F8E

C:\WINDOWS\system32\Drivers\sr.sys
[2009-06-02 03:17] - [2008-04-14 15:00] - 0073344 ____A (Microsoft Corporation) EC70007BAB7C42CCD340A068F87873A6

C:\WINDOWS\system32\wscsvc.dll
[2009-06-02 01:53] - [2008-04-14 15:00] - 0080896 ____A (Microsoft Corporation) E56C0F16541332EC8331C49A36BAF88B

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-06-02 03:16] - [2008-04-14 15:00] - 0144896 ____A (Microsoft Corporation) F8A4D63F979D767181F21B360C273AB4

C:\WINDOWS\system32\wuauserv.dll
[2009-06-02 03:17] - [2008-04-14 15:00] - 0006656 ____A (Microsoft Corporation) 134D66B32EF1F498F65CBF1468B75F94

C:\WINDOWS\system32\qmgr.dll
[2009-06-02 03:17] - [2008-04-14 15:00] - 0409088 _____ (Microsoft Corporation) E8367773660B9BEA240A124C1D7F3484

C:\WINDOWS\system32\es.dll
[2009-06-02 01:52] - [2008-07-07 23:29] - 0253952 _____ (Microsoft Corporation) 51BACCDDDFC6D6C6DF18C6A1C23E3D36

C:\WINDOWS\system32\cryptsvc.dll
[2009-06-02 01:52] - [2008-04-14 15:00] - 0062464 _____ (Microsoft Corporation) EF329F898FE62AB647F62A94EA89964E

C:\WINDOWS\system32\svchost.exe
[2009-06-02 01:53] - [2008-04-14 15:00] - 0014336 _____ (Microsoft Corporation) 87BA1595374FC6A8348F9B8A30B9EE22

C:\WINDOWS\system32\rpcss.dll
[2009-06-02 01:52] - [2009-02-09 13:53] - 0401408 _____ (Microsoft Corporation) F283F02F93266F3F8F61F0CDE2F1CB20

C:\WINDOWS\system32\services.exe
[2009-06-02 01:52] - [2009-02-09 14:25] - 0110592 _____ (Microsoft Corporation) D45A62D065043DB325A301ABD88ECC95


Extra List:
=======
Gpc(3) IPSec(5) IPSecVPN(40) kl2(24) NetBT(6) Tcpip(4) VMnetBridge(41)
0x2B00000005000000180000001600000011000000110000001100000001000000020000000300000004000000130000000D000000060000000700000008000000090000000A0000000B0000000C0000000E0000000F0000001000000012000000140000001500000017000000190000001A0000001B0000001C0000001D0000001E0000001F00000020000000210000002200000023000000240000002500000026000000270000002800000029000000
IpSec Tag value is correct.

**** End of log ****
sh770p
Regular Member
 
Posts: 15
Joined: August 8th, 2013, 12:08 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware