Author Topic: "..." not a valid Win32 application, The application or DLL not valid windows im (Read 30199 times)

diggerjoy · « **on:** March 29, 2012, 09:03:36 AM »

Computer slowed right down yesterday, wasn't working (IE was open), tried reboot, got The application or DLL not valid windows image, then when tried to open apps got that they aren't valid Win32 apps. Tried reboot. Get one chance to open 1 ap--only one that will open (after many tries at others) is IE. Then can only open one window, one tab. I've tried reboots. I used F10 and ran basic test and CPU/memory test (everything passed). I tried a system restore to an earlier point (Mar 9). Nothing helped. Can't open task manager with ctrl-alt-del to see what's going on. Zone alarm seems stuck in scan. I can't run any CCleaner, malwarebytes, nothing. (I was able to right-click spybot in tray and select exit spybot resident, but then couldn't do anything else). Can't do anything from control panel--can open ctrl panel, but can't add/remove programs or anything. Can't open new tabs or windows.
Running Windows XP media edition 2005 on HP Pavilion. I have an HP recovery tools CD and 3 recovery disks. Is there any save here? If not, how do I recover--just go to reboot, F10...?? I don't want to logout of CH until I have some idea of what to do because I may not get back on...will keep open...

SuperDave · « **Reply #1 on:** March 29, 2012, 01:10:53 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
First of all, please try re-booting your computer. Next, please try running this in Safe Mode with NetWorking. If it runs, please try to run it in Normal mode.
Here's how to get into Safe Mode.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

diggerjoy · « **Reply #2 on:** March 29, 2012, 03:04:11 PM »

hi superdave,
YOu helped me once before about 2 years ago. At that time you had directed me to the file on removing malware, and the steps included using CCleaner, Superantispyware, and then MBAM. It also explained about using safe mode, so I took a chance, shutdown and rebooted in safe mode using those instructions, and since things seemed to be working better (I could actually open Word, IE, WE, etc) I started the process--I ran CCleaner, and have SAS in process. It's been running an hour (nothing detected yet) so I figured it was better to keep going with SAS and run MBAM after..Is that OK? I will save the logs. Do you want Hijack This (I have it as sniper on my computer). I am not using my computer right now other than the scans; I am using another computer to check with you.

Question: could zone alarm security suite be causing this problem? That's the only thing I can think of is that maybe ZA ran an update just before things went bad. The only other thing I was doing was reading news reports from Yahoo... It seems when I boot in regular mode, I can open something but then ZA starts a scan and just sticks--keeps on scanning. I did have a problem with it freezing up once before (maybe the same time I got your help last time), so it was something I considered. Just something I wanted to throw out there.

I will finish running SAS and MBAM, and will post the logs. Thank you so much for your help!

diggerjoy · « **Reply #3 on:** March 29, 2012, 06:06:30 PM »

Here are my logs: SAS, MBAM, Hijack this (thank you!)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/29/2012 at 06:14 PM

Application Version : 4.56.1000

Core Rules Database Version : 6257
Trace Rules Database Version: 4069

Scan type : Complete Scan
Total Scan Time : 02:29:20

Memory items scanned : 268
Memory threats detected : 0
Registry items scanned : 7627
Registry threats detected : 0
File items scanned : 129299
File threats detected : 13

Adware.Tracking Cookie
   cdn.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\UU5V5XP8 ]
   crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\UU5V5XP8 ]
   objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\UU5V5XP8 ]
   tag.2bluemedia.hiro.tv [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\UU5V5XP8 ]
   cdn.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]
   cdn2.baronsmedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]
   core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]
   media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]
   media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]
   msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]
   objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]
   tag.2bluemedia.hiro.tv [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X57EAZD4 ]

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
HP_Administrator :: HEATHER [administrator]

Protection: Disabled

3/29/2012 6:40:20 PM
mbam-log-2012-03-29 (18-40-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338353
Time elapsed: 56 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\35\2c6ddfa3-2adaf9c3 (Trojan.Zbot) -> Quarantined and deleted successfully.

(end)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:55 PM, on 3/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = kav.zonealarm.com;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} (IBM Lotus iNotes 8.5 Control) - https://mail.esc.edu/dwa85W.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.esc.edu/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://mail.esc.edu/download/dolcontrol.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - https://mail.esc.edu/dwa85W.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://fowilh.dynalias.com:1258/activex/AMC.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9922 bytes

SuperDave · « **Reply #4 on:** March 29, 2012, 06:57:32 PM »

Quote

could zone alarm security suite be causing this problem? That's the only thing I can think of is that maybe ZA ran an update just before things went bad.

I really doubt it but we'll know more after some more scans.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply.
*********************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

diggerjoy · « **Reply #5 on:** March 30, 2012, 09:27:19 AM »

I ran aswMBR and ComboFix. One problem: I disabled teatimer and thought Zone Alarm wasn't running (it's icon wasn't in the tray). When I was running ComboFix, however, the icon appeared (I think it was in the 40s). I left everything alone, but everything seemed to stall in stage 48, so I took the chance and right clicked on ZA and exited. Everything seemed to progress normally after that. I hope I didn't screw anything up; sorry that I didn't realize it must have been booting or something. If I need to run anything again, I will. Neither program caused a reboot. Here are the logs.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 07:00:37
-----------------------------
07:00:37.343 OS Version: Windows 5.1.2600 Service Pack 3
07:00:37.343 Number of processors: 2 586 0x407
07:00:37.343 ComputerName: HEATHER UserName:
07:02:55.578 Initialize success
07:04:41.968 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 07:00:37
-----------------------------
07:00:37.343 OS Version: Windows 5.1.2600 Service Pack 3
07:00:37.343 Number of processors: 2 586 0x407
07:00:37.343 ComputerName: HEATHER UserName:
07:02:55.578 Initialize success
07:04:41.968 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"
07:16:25.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
07:16:25.890 Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3
07:16:25.906 Device \Driver\atapi -> DriverStartIo 8620d2c6
07:16:25.953 Disk 0 MBR read successfully
07:16:25.968 Disk 0 MBR scan
07:16:26.000 Disk 0 TDL4@MBR code has been found
07:16:26.015 Disk 0 MBR hidden
07:16:26.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229655 MB offset 63
07:16:26.187 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8809 MB offset 470351070
07:16:26.203 Disk 0 MBR [TDL4] **ROOTKIT**
07:16:26.218 Disk 0 trace - called modules:
07:16:26.250 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8620d49f]<<
07:16:26.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8637aab8]
07:16:27.609 3 CLASSPNP.SYS[f75cffd7] -> nt!IofCallDriver -> \Device\0000006e[0x863dfb58]
07:16:27.671 5 ACPI.sys[f7526620] -> nt!IofCallDriver -> [0x8637fd98]
07:16:27.734 \Driver\atapi[0x86275358] -> IRP_MJ_CREATE -> 0x8620d49f
07:16:27.812 Scan finished successfully
07:17:01.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
07:17:02.046 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

ComboFix 12-03-30.06 - HP_Administrator 03/30/2012 9:33.2.2 - x86 NETWORK
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
c:\documents and settings\HP_Administrator\WebVpnRegKey6-lime-esc-edu.dll
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-23 02:27 . 2012-03-23 02:27   --------   d-----w-   c:\program files\Common Files\xing shared
2012-03-23 02:08 . 2012-03-23 02:08   --------   d-----w-   c:\documents and settings\HP_Administrator\Application Data\RealNetworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 12:49 . 2011-05-18 11:55   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-09 21:00   1860096   ----a-w-   c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 21:18   3072   ------w-   c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-09 21:00   139784   ------w-   c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49   176936   ----a-w-   c:\program files\ZoneAlarm_Security\prxtbZon2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-03-01 48128]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-23 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-2-16 209016]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-9 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-9 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 ATMhelpr;ATMhelpr;

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-26 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-07-22 67656]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 497280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 pmxscan;Visioneer USB Kernel;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-26 12872]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MDMXSDK
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-03-30 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2010-09-27 15:25]
.
2012-03-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3569513725-2765621968-4288608965-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-03-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3569513725-2765621968-4288608965-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-03-29 c:\windows\Tasks\User_Feed_Synchronization-{F43CDC39-447B-4420-8864-9FA434243A35}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = kav.zonealarm.com;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail.esc.edu/dwa85W.cab
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://mail.esc.edu/download/dolcontrol.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://fowilh.dynalias.com:1258/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 11:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-60NCB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8620D2C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(484)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(544)
c:\windows\system32\WININET.dll
.
Completion time: 2012-03-30 11:14:55
ComboFix-quarantined-files.txt 2012-03-30 15:14
ComboFix2.txt 2009-12-26 04:54
.
Pre-Run: 153,360,355,328 bytes free
Post-Run: 153,664,700,416 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D6353CFCD5377E4E1949D4F4D3342133

SuperDave · « **Reply #6 on:** March 30, 2012, 11:11:14 AM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Please run aswMBR.exe again and post the log after doing the above.

diggerjoy · « **Reply #7 on:** March 30, 2012, 01:21:31 PM »

Here are the TDSSKiller and aswMBR logs:

14:48:10.0750 2140   TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:48:11.0390 2140   ============================================================
14:48:11.0390 2140   Current date / time: 2012/03/30 14:48:11.0390
14:48:11.0390 2140   SystemInfo:
14:48:11.0390 2140
14:48:11.0390 2140   OS Version: 5.1.2600 ServicePack: 3.0
14:48:11.0390 2140   Product type: Workstation
14:48:11.0390 2140   ComputerName: HEATHER
14:48:11.0390 2140   UserName: HP_Administrator
14:48:11.0390 2140   Windows directory: C:\WINDOWS
14:48:11.0390 2140   System windows directory: C:\WINDOWS
14:48:11.0390 2140   Processor architecture: Intel x86
14:48:11.0390 2140   Number of processors: 2
14:48:11.0390 2140   Page size: 0x1000
14:48:11.0390 2140   Boot type: Safe boot with network
14:48:11.0390 2140   ============================================================
14:48:17.0265 2140   Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:48:17.0281 2140   \Device\Harddisk0\DR0:
14:48:17.0281 2140   MBR used
14:48:17.0281 2140   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C08BDDE
14:48:17.0281 2140   \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C08FCDE, BlocksNum 0x11348A3
14:48:17.0453 2140   Initialize success
14:48:17.0453 2140   ============================================================
14:48:39.0218 2428   ============================================================
14:48:39.0218 2428   Scan started
14:48:39.0218 2428   Mode: Manual;
14:48:39.0218 2428   ============================================================
14:48:43.0078 2428   Abiosdsk - ok
14:48:43.0203 2428   abp480n5 - ok
14:48:43.0484 2428   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:48:43.0500 2428   ACPI - ok
14:48:43.0593 2428   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:48:43.0593 2428   ACPIEC - ok
14:48:43.0656 2428   adpu160m - ok
14:48:43.0765 2428   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:48:43.0796 2428   aec - ok
14:48:43.0875 2428   AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:48:43.0875 2428   AFD - ok
14:48:43.0890 2428   Aha154x - ok
14:48:43.0937 2428   aic78u2 - ok
14:48:43.0968 2428   aic78xx - ok
14:48:44.0046 2428   Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:48:44.0046 2428   Alerter - ok
14:48:44.0093 2428   ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:48:44.0125 2428   ALG - ok
14:48:44.0171 2428   AliIde - ok
14:48:44.0218 2428   amsint - ok
14:48:44.0531 2428   APC UPS Service (9106457d01655d38a9b9f6f822117160) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
14:48:44.0531 2428   APC UPS Service - ok
14:48:44.0625 2428   Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:48:44.0625 2428   Apple Mobile Device - ok
14:48:44.0812 2428   AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:48:44.0828 2428   AppMgmt - ok
14:48:44.0937 2428   aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
14:48:44.0937 2428   aracpi - ok
14:48:45.0015 2428   arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
14:48:45.0031 2428   arhidfltr - ok
14:48:45.0062 2428   arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
14:48:45.0062 2428   arkbcfltr - ok
14:48:45.0109 2428   armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
14:48:45.0109 2428   armoucfltr - ok
14:48:45.0218 2428   Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:48:45.0218 2428   Arp1394 - ok
14:48:45.0296 2428   ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
14:48:45.0296 2428   ARPolicy - ok
14:48:45.0375 2428   ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
14:48:48.0703 2428   ARSVC - ok
14:48:48.0921 2428   asc - ok
14:48:49.0000 2428   asc3350p - ok
14:48:49.0046 2428   asc3550 - ok
14:48:49.0296 2428   aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:48:49.0312 2428   aspnet_state - ok
14:48:49.0390 2428   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:48:49.0390 2428   AsyncMac - ok
14:48:49.0468 2428   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:48:49.0468 2428   atapi - ok
14:48:49.0500 2428   Atdisk - ok
14:48:49.0593 2428   Ati HotKey Poller (5784a06fdc2ac7954225a1a79e1a8f00) C:\WINDOWS\system32\Ati2evxx.exe
14:48:49.0609 2428   Ati HotKey Poller - ok
14:48:49.0765 2428   ati2mtag (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:48:49.0859 2428   ati2mtag - ok
14:48:49.0984 2428   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:48:50.0000 2428   Atmarpc - ok
14:48:50.0093 2428   ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
14:48:50.0093 2428   ATMhelpr - ok
14:48:50.0281 2428   AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:48:50.0281 2428   AudioSrv - ok
14:48:50.0500 2428   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:48:50.0500 2428   audstub - ok
14:48:50.0781 2428   BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
14:48:50.0781 2428   BBSvc - ok
14:48:50.0906 2428   BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
14:48:50.0921 2428   BBUpdate - ok
14:48:50.0984 2428   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:48:50.0984 2428   Beep - ok
14:48:51.0109 2428   BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:48:51.0265 2428   BITS - ok
14:48:51.0375 2428   Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
14:48:51.0390 2428   Bonjour Service - ok
14:48:51.0578 2428   Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:48:51.0593 2428   Browser - ok
14:48:51.0718 2428   BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
14:48:51.0718 2428   BVRPMPR5 - ok
14:48:51.0875 2428   catchme - ok
14:48:51.0937 2428   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:48:51.0937 2428   cbidf2k - ok
14:48:51.0968 2428   cd20xrnt - ok
14:48:52.0031 2428   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:48:52.0031 2428   Cdaudio - ok
14:48:52.0109 2428   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:48:52.0140 2428   Cdfs - ok
14:48:52.0281 2428   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:48:52.0281 2428   Cdrom - ok
14:48:52.0312 2428   Changer - ok
14:48:52.0390 2428   CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:48:52.0390 2428   CiSvc - ok
14:48:52.0500 2428   ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:48:52.0500 2428   ClipSrv - ok
14:48:52.0531 2428   CmdIde - ok
14:48:52.0593 2428   Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:48:52.0593 2428   Compbatt - ok
14:48:52.0625 2428   COMSysApp - ok
14:48:52.0718 2428   Cpqarray - ok
14:48:52.0796 2428   CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:48:52.0796 2428   CryptSvc - ok
14:48:52.0828 2428   dac2w2k - ok
14:48:52.0859 2428   dac960nt - ok
14:48:52.0937 2428   DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:48:53.0015 2428   DcomLaunch - ok
14:48:53.0093 2428   Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:48:53.0109 2428   Dhcp - ok
14:48:53.0296 2428   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:48:53.0296 2428   Disk - ok
14:48:53.0359 2428   dmadmin - ok
14:48:53.0468 2428   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:48:53.0500 2428   dmboot - ok
14:48:53.0593 2428   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:48:53.0593 2428   dmio - ok
14:48:53.0625 2428   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:48:53.0625 2428   dmload - ok
14:48:53.0687 2428   dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:48:53.0687 2428   dmserver - ok
14:48:53.0796 2428   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:48:53.0796 2428   DMusic - ok
14:48:53.0859 2428   Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:48:53.0890 2428   Dnscache - ok
14:48:54.0046 2428   Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:48:54.0046 2428   Dot3svc - ok
14:48:54.0078 2428   dpti2o - ok
14:48:54.0156 2428   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:48:54.0156 2428   drmkaud - ok
14:48:54.0250 2428   EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:48:54.0250 2428   EapHost - ok
14:48:54.0406 2428   ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
14:48:54.0406 2428   ehRecvr - ok
14:48:54.0562 2428   ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
14:48:54.0593 2428   ehSched - ok
14:48:54.0734 2428   ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:48:54.0765 2428   ERSvc - ok
14:48:54.0828 2428   Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:48:54.0859 2428   Eventlog - ok
14:48:54.0937 2428   EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:48:54.0937 2428   EventSystem - ok
14:48:55.0062 2428   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:48:55.0062 2428   Fastfat - ok
14:48:55.0187 2428   FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:48:55.0187 2428   FastUserSwitchingCompatibility - ok
14:48:55.0296 2428   Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
14:48:55.0312 2428   Fax - ok
14:48:55.0406 2428   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:48:55.0406 2428   Fdc - ok
14:48:55.0484 2428   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:48:55.0500 2428   Fips - ok
14:48:55.0562 2428   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:48:55.0562 2428   Flpydisk - ok
14:48:55.0640 2428   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:48:55.0640 2428   FltMgr - ok
14:48:55.0718 2428   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:48:55.0718 2428   Fs_Rec - ok
14:48:55.0890 2428   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:48:55.0906 2428   Ftdisk - ok
14:48:55.0937 2428   ftsata2 - ok
14:48:56.0062 2428   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:48:56.0062 2428   GEARAspiWDM - ok
14:48:56.0171 2428   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:48:56.0171 2428   Gpc - ok
14:48:56.0265 2428   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:48:56.0265 2428   HDAudBus - ok
14:48:56.0406 2428   helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:48:56.0406 2428   helpsvc - ok
14:48:56.0562 2428   HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
14:48:56.0593 2428   HidBatt - ok
14:48:56.0671 2428   HidServ - ok
14:48:56.0937 2428   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:48:56.0937 2428   HidUsb - ok
14:48:57.0046 2428   hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:48:57.0093 2428   hkmsvc - ok
14:48:57.0281 2428   hpn - ok
14:48:57.0437 2428   HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
14:48:57.0453 2428   HSXHWBS2 - ok
14:48:57.0531 2428   HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
14:48:57.0609 2428   HSX_DP - ok
14:48:57.0875 2428   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:48:57.0890 2428   HTTP - ok
14:48:58.0078 2428   HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:48:58.0078 2428   HTTPFilter - ok
14:48:58.0328 2428   i2omgmt - ok
14:48:58.0390 2428   i2omp - ok
14:48:58.0609 2428   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:48:58.0609 2428   i8042prt - ok
14:48:59.0046 2428   IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:48:59.0078 2428   IDriverT - ok
14:48:59.0218 2428   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:48:59.0234 2428   Imapi - ok
14:48:59.0468 2428   ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:48:59.0468 2428   ImapiService - ok
14:48:59.0593 2428   ini910u - ok
14:48:59.0953 2428   IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:49:00.0234 2428   IntcAzAudAddService - ok
14:49:00.0625 2428   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:49:00.0625 2428   IntelIde - ok
14:49:00.0750 2428   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:49:00.0750 2428   intelppm - ok
14:49:00.0828 2428   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:49:00.0859 2428   Ip6Fw - ok
14:49:00.0968 2428   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:49:00.0984 2428   IpFilterDriver - ok
14:49:01.0140 2428   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:49:01.0171 2428   IpInIp - ok
14:49:01.0234 2428   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:49:01.0281 2428   IpNat - ok
14:49:01.0546 2428   iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
14:49:01.0796 2428   iPod Service - ok
14:49:02.0125 2428   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:49:02.0156 2428   IPSec - ok
14:49:02.0468 2428   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:49:02.0500 2428   IRENUM - ok
14:49:02.0734 2428   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:49:02.0750 2428   isapnp - ok
14:49:03.0093 2428   ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
14:49:03.0109 2428   ISWKL - ok
14:49:03.0250 2428   IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
14:49:03.0281 2428   IswSvc - ok
14:49:03.0625 2428   JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
14:49:03.0750 2428   JavaQuickStarterService - ok
14:49:04.0031 2428   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:49:04.0031 2428   Kbdclass - ok
14:49:04.0500 2428   KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
14:49:04.0515 2428   KL1 - ok
14:49:04.0921 2428   kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
14:49:04.0921 2428   kl2 - ok
14:49:06.0781 2428   KLIF (f934de04ac53b08457b92db6e4dee2e5) C:\WINDOWS\system32\DRIVERS\klif.sys
14:49:06.0796 2428   KLIF - ok
14:49:07.0093 2428   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:49:07.0125 2428   kmixer - ok
14:49:07.0250 2428   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:49:07.0250 2428   KSecDD - ok
14:49:07.0437 2428   lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:49:07.0437 2428   lanmanserver - ok
14:49:07.0625 2428   lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:49:07.0640 2428   lanmanworkstation - ok
14:49:07.0781 2428   lbrtfdc - ok
14:49:08.0031 2428   LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:49:08.0046 2428   LightScribeService - ok
14:49:08.0390 2428   LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:49:08.0390 2428   LmHosts - ok
14:49:08.0593 2428   MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
14:49:08.0609 2428   MBAMProtector - ok
14:49:08.0906 2428   MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:49:08.0921 2428   MBAMService - ok
14:49:09.0218 2428   McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
14:49:09.0234 2428   McrdSvc - ok
14:49:09.0531 2428   mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:49:09.0546 2428   mdmxsdk - ok
14:49:09.0937 2428   Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:49:09.0984 2428   Messenger - ok
14:49:10.0250 2428   MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
14:49:10.0281 2428   MHN - ok
14:49:10.0750 2428   MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:49:10.0796 2428   MHNDRV - ok
14:49:11.0953 2428   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:49:12.0046 2428   mnmdd - ok
14:49:12.0875 2428   mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:49:12.0937 2428   mnmsrvc - ok
14:49:15.0109 2428   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:49:15.0109 2428   Modem - ok
14:49:18.0390 2428   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:49:18.0390 2428   Mouclass - ok
14:49:19.0421 2428   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:49:19.0593 2428   MountMgr - ok
14:49:27.0515 2428   mraid35x - ok
14:49:30.0296 2428   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:49:32.0578 2428   MRxDAV - ok
14:49:32.0953 2428   MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:49:33.0093 2428   MRxSmb - ok
14:49:33.0859 2428   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:49:33.0875 2428   Msfs - ok
14:49:34.0171 2428   MSIServer - ok
14:49:36.0109 2428   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:49:36.0265 2428   MSKSSRV - ok
14:49:37.0000 2428   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:49:37.0031 2428   MSPCLOCK - ok
14:49:38.0093 2428   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:49:38.0093 2428   MSPQM - ok
14:49:38.0546 2428   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:49:38.0578 2428   mssmbios - ok
14:49:39.0109 2428   Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:49:39.0281 2428   Mup - ok
14:49:41.0375 2428   napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:49:41.0984 2428   napagent - ok
14:49:46.0109 2428   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:49:46.0234 2428   NDIS - ok
14:49:47.0281 2428   NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:49:47.0359 2428   NdisTapi - ok
14:49:57.0031 2428   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:49:57.0125 2428   Ndisuio - ok
14:50:15.0890 2428   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:50:15.0937 2428   NdisWan - ok
14:50:20.0937 2428   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:50:21.0000 2428   NDProxy - ok
14:50:26.0312 2428   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:50:26.0578 2428   NetBIOS - ok
14:50:31.0078 2428   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:50:34.0296 2428   NetBT - ok
14:50:35.0484 2428   NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:50:36.0078 2428   NetDDE - ok
14:50:36.0187 2428   NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:50:36.0187 2428   NetDDEdsdm - ok
14:50:37.0250 2428   Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:37.0250 2428   Netlogon - ok
14:50:38.0187 2428   Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:50:38.0203 2428   Netman - ok
14:50:39.0031 2428   NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:50:39.0125 2428   NIC1394 - ok
14:50:41.0937 2428   Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:50:42.0671 2428   Nla - ok
14:50:43.0343 2428   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:50:43.0453 2428   Npfs - ok
14:50:45.0734 2428   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:50:46.0531 2428   Ntfs - ok
14:50:47.0671 2428   NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:47.0671 2428   NtLmSsp - ok
14:50:48.0453 2428   NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:50:49.0953 2428   NtmsSvc - ok
14:50:50.0250 2428   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:50:50.0453 2428   Null - ok
14:50:51.0093 2428   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:50:51.0109 2428   NwlnkFlt - ok
14:50:52.0687 2428   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:50:52.0750 2428   NwlnkFwd - ok
14:50:53.0656 2428   ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:50:53.0687 2428   ohci1394 - ok
14:50:53.0828 2428   ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:50:53.0828 2428   ose - ok
14:50:54.0312 2428   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:50:54.0343 2428   Parport - ok
14:50:54.0593 2428   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:50:54.0609 2428   PartMgr - ok
14:50:54.0687 2428   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:50:54.0703 2428   ParVdm - ok
14:50:55.0000 2428   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:50:55.0390 2428   PCI - ok
14:50:57.0265 2428   PCIDump - ok
14:51:00.0234 2428   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:51:00.0453 2428   PCIIde - ok
14:51:05.0765 2428   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:51:06.0593 2428   Pcmcia - ok
14:51:07.0421 2428   PDCOMP - ok
14:51:07.0703 2428   PDFRAME - ok
14:51:08.0062 2428   PDRELI - ok
14:51:08.0171 2428   PDRFRAME - ok
14:51:08.0203 2428   perc2 - ok
14:51:08.0328 2428   perc2hib - ok
14:51:08.0578 2428   PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:51:08.0578 2428   PlugPlay - ok
14:51:09.0296 2428   pmxscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:51:09.0312 2428   pmxscan - ok
14:51:09.0406 2428   Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
14:51:09.0500 2428   Point32 - ok
14:51:09.0703 2428   PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:51:09.0703 2428   PolicyAgent - ok
14:51:09.0968 2428   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:51:09.0984 2428   PptpMiniport - ok
14:51:10.0312 2428   ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:51:10.0312 2428   ProtectedStorage - ok
14:51:10.0546 2428   Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
14:51:10.0593 2428   Ps2 - ok
14:51:11.0171 2428   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:51:14.0281 2428   PSched - ok
14:51:14.0765 2428   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:51:15.0921 2428   Ptilink - ok
14:51:17.0890 2428   PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:51:17.0953 2428   PxHelp20 - ok
14:51:19.0718 2428   ql1080 - ok
14:51:21.0406 2428   Ql10wnt - ok
14:51:22.0296 2428   ql12160 - ok
14:51:24.0156 2428   ql1240 - ok
14:51:25.0734 2428   ql1280 - ok
14:51:28.0000 2428   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:51:28.0000 2428   RasAcd - ok
14:51:31.0062 2428   RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:51:31.0109 2428   RasAuto - ok
14:51:32.0046 2428   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:51:32.0078 2428   Rasl2tp - ok
14:51:33.0968 2428   RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:51:35.0421 2428   RasMan - ok
14:51:36.0187 2428   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:51:36.0187 2428   RasPppoe - ok
14:51:36.0484 2428   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:51:36.0796 2428   Raspti - ok
14:51:37.0515 2428   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:51:37.0734 2428   Rdbss - ok
14:51:37.0984 2428   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:51:38.0000 2428   RDPCDD - ok
14:51:38.0875 2428   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:51:38.0906 2428   rdpdr - ok
14:51:39.0921 2428   RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:51:40.0078 2428   RDPWD - ok
14:51:40.0781 2428   RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:51:40.0828 2428   RDSessMgr - ok
14:51:41.0171 2428   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:51:41.0937 2428   redbook - ok
14:51:42.0375 2428   RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:51:42.0375 2428   RemoteAccess - ok
14:51:43.0000 2428   RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:51:43.0031 2428   RemoteRegistry - ok
14:51:43.0312 2428   RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:51:43.0312 2428   RpcLocator - ok
14:51:43.0421 2428   RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:51:43.0437 2428   RpcSs - ok
14:51:43.0656 2428   RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:51:43.0656 2428   RSVP - ok
14:51:44.0046 2428   RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:51:44.0046 2428   RTL8023xp - ok
14:51:44.0125 2428   rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:51:44.0125 2428   rtl8139 - ok
14:51:44.0984 2428   SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:51:44.0984 2428   SamSs - ok
14:51:45.0265 2428   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:51:45.0296 2428   SASDIFSV - ok
14:51:45.0703 2428   SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:51:45.0781 2428   SASENUM - ok
14:51:46.0062 2428   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:51:46.0234 2428   SASKUTIL - ok
14:51:48.0000 2428   SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:51:48.0078 2428   SCardSvr - ok
14:51:49.0406 2428   Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:51:49.0765 2428   Schedule - ok
14:51:52.0703 2428   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:51:52.0703 2428   Secdrv - ok
14:51:52.0968 2428   seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:51:53.0031 2428   seclogon - ok
14:51:54.0078 2428   SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:51:55.0781 2428   SENS - ok
14:51:56.0562 2428   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:51:56.0687 2428   Serial - ok
14:51:57.0046 2428   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:51:57.0046 2428   Sfloppy - ok
14:51:57.0234 2428   SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:51:57.0265 2428   SharedAccess - ok
14:51:57.0406 2428   ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:51:57.0406 2428   ShellHWDetection - ok
14:51:57.0906 2428   Simbad - ok
14:51:58.0125 2428   Sparrow - ok
14:51:58.0203 2428   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:51:58.0203 2428   splitter - ok
14:51:58.0546 2428   Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:51:58.0593 2428   Spooler - ok
14:51:59.0171 2428   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:51:59.0171 2428   sr - ok
14:52:01.0015 2428   srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:52:01.0296 2428   srservice - ok
14:52:11.0312 2428   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:52:11.0453 2428   Srv - ok
14:52:13.0046 2428   SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:52:13.0187 2428   SSDPSRV - ok
14:52:14.0125 2428   stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:52:14.0140 2428   stisvc - ok
14:52:15.0062 2428   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:52:15.0078 2428   swenum - ok
14:52:15.0515 2428   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:52:15.0687 2428   swmidi - ok
14:52:16.0265 2428   SwPrv - ok
14:52:17.0046 2428   symc810 - ok
14:52:17.0984 2428   symc8xx - ok
14:52:19.0000 2428   sym_hi - ok
14:52:24.0531 2428   sym_u3 - ok
14:52:25.0312 2428   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:52:25.0359 2428   sysaudio - ok
14:52:25.0765 2428   SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:52:25.0859 2428   SysmonLog - ok
14:52:27.0296 2428   TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:52:27.0734 2428   TapiSrv - ok
14:52:32.0000 2428   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:52:32.0500 2428   Tcpip - ok
14:52:32.0968 2428   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:52:33.0000 2428   TDPIPE - ok
14:52:33.0421 2428   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:52:33.0562 2428   TDTCP - ok
14:52:34.0203 2428   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:52:34.0218 2428   TermDD - ok
14:52:34.0734 2428   TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:52:35.0156 2428   TermService - ok
14:52:35.0953 2428   Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:52:35.0953 2428   Themes - ok
14:52:36.0171 2428   TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:52:36.0171 2428   TlntSvr - ok
14:52:36.0968 2428   TosIde - ok
14:52:37.0187 2428   TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:52:37.0187 2428   TrkWks - ok
14:52:37.0796 2428   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:52:37.0890 2428   Udfs - ok
14:52:39.0031 2428   ultra - ok
14:52:39.0421 2428   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:52:39.0859 2428   Update - ok
14:52:40.0968 2428   upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:52:41.0125 2428   upnphost - ok
14:52:42.0062 2428   UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:52:42.0171 2428   UPS - ok
14:52:44.0125 2428   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:52:44.0125 2428   usbehci - ok
14:52:46.0281 2428   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:52:46.0281 2428   usbhub - ok
14:52:48.0187 2428   usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:52:48.0187 2428   usbohci - ok
14:52:51.0812 2428   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:52:51.0812 2428   usbprint - ok
14:52:52.0093 2428   usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:52:52.0140 2428   usbstor - ok
14:52:52.0984 2428   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:52:53.0109 2428   usbuhci - ok
14:52:56.0843 2428   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:52:56.0921 2428   VgaSave - ok
14:52:57.0859 2428   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:52:57.0890 2428   ViaIde - ok
14:52:59.0265 2428   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:52:59.0265 2428   VolSnap - ok
14:53:00.0843 2428   Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
14:53:01.0953 2428   Vsdatant - ok
14:53:02.0234 2428   vsmon - ok
14:53:02.0750 2428   VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:53:02.0828 2428   VSS - ok
14:53:03.0328 2428   W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:53:03.0421 2428   W32Time - ok
14:53:05.0203 2428   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:53:05.0203 2428   Wanarp - ok
14:53:06.0156 2428   WDICA - ok
14:53:07.0125 2428   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:53:07.0140 2428   wdmaud - ok
14:53:08.0296 2428   WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:53:08.0484 2428   WebClient - ok
14:53:12.0140 2428   winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
14:53:12.0234 2428   winachsx - ok
14:53:16.0062 2428   winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:53:16.0562 2428   winmgmt - ok
14:53:21.0109 2428   WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:53:21.0140 2428   WmdmPmSN - ok
14:53:24.0218 2428   Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:53:25.0156 2428   Wmi - ok
14:53:30.0687 2428   WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:53:30.0812 2428   WmiApSrv - ok
14:53:31.0171 2428   WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:53:32.0015 2428   WMPNetworkSvc - ok
14:53:32.0906 2428   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:53:32.0921 2428   WS2IFSL - ok
14:53:33.0203 2428   wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:53:33.0312 2428   wscsvc - ok
14:53:34.0296 2428   wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:53:34.0359 2428   wuauserv - ok
14:53:37.0109 2428   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:53:37.0296 2428   WudfPf - ok
14:53:40.0671 2428   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:53:40.0937 2428   WudfRd - ok
14:53:42.0656 2428   WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:53:42.0671 2428   WudfSvc - ok
14:53:43.0828 2428   WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:53:43.0984 2428   WZCSVC - ok
14:53:44.0281 2428   xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:53:44.0500 2428   xmlprov - ok
14:53:45.0640 2428   YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:53:46.0171 2428   YahooAUService - ok
14:53:46.0453 2428   MBR (0x1B8) (cb3cc5e3bfdf0a25babd81b4d610f0e7) \Device\Harddisk0\DR0
14:53:46.0625 2428   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:53:46.0625 2428   \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:53:46.0875 2428   Boot (0x1200) (a2c137e4c6acac455d5a5029f70b034d) \Device\Harddisk0\DR0\Partition0
14:53:47.0062 2428   \Device\Harddisk0\DR0\Partition0 - ok
14:53:47.0187 2428   Boot (0x1200) (c7eafd29abeaa13e437796e0e2979905) \Device\Harddisk0\DR0\Partition1
14:53:47.0296 2428   \Device\Harddisk0\DR0\Partition1 - ok
14:53:47.0296 2428   ============================================================
14:53:47.0296 2428   Scan finished
14:53:47.0296 2428   ============================================================
14:53:47.0515 2420   Detected object count: 1
14:53:47.0515 2420   Actual detected object count: 1
14:54:39.0968 2420   \Device\Harddisk0\DR0\# - copied to quarantine
14:54:39.0968 2420   \Device\Harddisk0\DR0 - copied to quarantine
14:54:40.0031 2420   \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:54:40.0234 2420   \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:54:40.0281 2420   \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:54:40.0515 2420   \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:54:40.0703 2420   \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:54:41.0250 2420   \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:54:42.0281 2420   \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:54:42.0281 2420   \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:54:42.0296 2420   \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:54:42.0359 2420   \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:54:42.0375 2420   \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:54:42.0390 2420   \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:54:42.0500 2420   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:54:42.0500 2420   \Device\Harddisk0\DR0 - ok
14:54:42.0531 2420   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:55:53.0671 2120   Deinitialize success

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 15:02:44
-----------------------------
15:02:44.093 OS Version: Windows 5.1.2600 Service Pack 3
15:02:44.093 Number of processors: 2 586 0x407
15:02:44.093 ComputerName: HEATHER UserName:
15:02:44.640 Initialize success
15:04:33.609 AVAST engine defs: 12033000
15:04:46.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
15:04:46.140 Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3
15:04:46.187 Disk 0 MBR read successfully
15:04:46.203 Disk 0 MBR scan
15:04:46.250 Disk 0 unknown MBR code
15:04:46.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229655 MB offset 63
15:04:46.296 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8809 MB offset 470351070
15:04:46.312 Disk 0 scanning sectors +488392065
15:04:46.390 Disk 0 scanning C:\WINDOWS\system32\drivers
15:05:00.765 Service scanning
15:05:25.281 Modules scanning
15:05:30.375 Disk 0 trace - called modules:
15:05:30.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:05:30.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86383ab8]
15:05:30.500 3 CLASSPNP.SYS[f75cffd7] -> nt!IofCallDriver -> \Device\00000070[0x8637e0c8]
15:05:30.546 5 ACPI.sys[f7526620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x86300940]
15:05:31.078 AVAST engine scan C:\WINDOWS
15:05:44.593 AVAST engine scan C:\WINDOWS\system32
15:10:52.437 AVAST engine scan C:\WINDOWS\system32\drivers
15:11:18.031 AVAST engine scan C:\Documents and Settings\HP_Administrator
15:18:25.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
15:18:25.968 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

SuperDave · « **Reply #8 on:** March 31, 2012, 12:56:18 PM »

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

diggerjoy · « **Reply #9 on:** March 31, 2012, 01:44:03 PM »

Hi SuperDave,

I just ran the check and will post the report, but before I do, I wanted you to know that this morning I tried logging on in normal mode and still had all the same problems, so then I figured what the heck--I tried logging on in normal mode again, but as soon as the Zone Alarm icon appeared in the tray, I right-clicked and exited. Since then, I have been working in normal mode and so far, no problems. I have been burning all of my music and data to CD's, figured I'd better get started, just in case...still quite a bit more to burn, so I don't want to do anything that might cause me to lose the functionality I have right now, but thought you should know that exiting ZA seemed to make a difference. Don't know if there are still other underlying problems as well...anyway, here's the report:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x00000f1c

Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7A3C000 \WINDOWS\system32\KDCOM.DLL
0xF794C000 \WINDOWS\system32\BOOTVID.dll
0xF740D000 ACPI.sys
0xF7A3E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73FC000 pci.sys
0xF753C000 isapnp.sys
0xF754C000 ohci1394.sys
0xF755C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7950000 compbatt.sys
0xF7954000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B04000 pciide.sys
0xF77BC000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A40000 viaide.sys
0xF7A42000 intelide.sys
0xF756C000 MountMgr.sys
0xF73DD000 ftdisk.sys
0xF7A44000 dmload.sys
0xF73B7000 dmio.sys
0xF77C4000 PartMgr.sys
0xF757C000 VolSnap.sys
0xF739F000 atapi.sys
0xF758C000 disk.sys
0xF759C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF737F000 fltmgr.sys
0xF736D000 sr.sys
0xF75AC000 PxHelp20.sys
0xF7356000 KSecDD.sys
0xF72C9000 Ntfs.sys
0xF729C000 NDIS.sys
0xF7282000 Mup.sys
0xF6D60000 kl1.sys
0xF772C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6270000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF625C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7934000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6238000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF793C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF773C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF774C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF775C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6215000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7944000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF61ED000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77D4000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF61D9000 \SystemRoot\system32\DRIVERS\parport.sys
0xF776C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7814000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF781C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A80000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xF7824000 \SystemRoot\system32\DRIVERS\point32.sys
0xF782C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A82000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xF7834000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xF6194000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xF609D000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xF5FE7000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xF783C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5FD3000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF777C000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6D3C000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xF7BCA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF778C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6D38000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5FBC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF779C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7844000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5FAB000 \SystemRoot\system32\DRIVERS\psched.sys
0xF761C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF784C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7854000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5F7B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF762C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A84000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5F1D000 \SystemRoot\system32\DRIVERS\update.sys
0xF6D1C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF66AA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF667A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A92000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF198B000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF1967000 \SystemRoot\system32\drivers\portcls.sys
0xF664A000 \SystemRoot\system32\drivers\drmk.sys
0xF18D0000 \SystemRoot\system32\DRIVERS\klif.sys
0xF7A9E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B21000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AA0000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7B24000 \SystemRoot\System32\Drivers\ATMhelpr.SYS
0xF786C000 \SystemRoot\System32\drivers\vga.sys
0xF7AA2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AA4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7874000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF787C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A20000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF7884000 \SystemRoot\system32\DRIVERS\kl2.sys
0xF7A30000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF1875000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF181C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF17F4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF1775000 \SystemRoot\System32\vsdatant.sys
0xF174F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF662A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5F19000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF661A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF789C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78A4000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xF764C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF78AC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF78B4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF5F11000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF16DD000 \SystemRoot\System32\drivers\afd.sys
0xF765C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF16BB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF78BC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF1690000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF15F8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF766C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF15D4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF15BC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AD4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF18C8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78CC000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B17000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09A000 \SystemRoot\System32\atikvmag.dll
0xBF0D0000 \SystemRoot\System32\ati3duag.dll
0xBF362000 \SystemRoot\System32\ativvaxx.dll
0xBF4BA000 \SystemRoot\System32\ATMFD.DLL
0xEF3EC000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xEF360000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF1717000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xEEDD7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEED72000 \SystemRoot\system32\drivers\wdmaud.sys
0xF76AC000 \SystemRoot\system32\drivers\sysaudio.sys
0xEEB7B000 \SystemRoot\System32\Drivers\HTTP.sys
0xEEAD3000 \SystemRoot\system32\DRIVERS\srv.sys
0xEEB5B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEE623000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE25B000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xEDDAF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
552 C:\WINDOWS\system32\smss.exe
628 csrss.exe
656 C:\WINDOWS\system32\winlogon.exe
700 C:\WINDOWS\system32\services.exe
712 C:\WINDOWS\system32\lsass.exe
868 C:\WINDOWS\system32\ati2evxx.exe
884 C:\WINDOWS\system32\svchost.exe
956 svchost.exe
996 C:\WINDOWS\system32\svchost.exe
1068 svchost.exe
1100 svchost.exe
1148 C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
1400 C:\WINDOWS\system32\ati2evxx.exe
1492 C:\WINDOWS\explorer.exe
1752 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1856 C:\WINDOWS\system32\spoolsv.exe
1904 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
1996 svchost.exe
2044 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
168 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
232 C:\WINDOWS\arservice.exe
424 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
460 C:\Program Files\Bonjour\mDNSResponder.exe
496 C:\WINDOWS\ehome\ehrecvr.exe
540 C:\WINDOWS\ehome\ehSched.exe
112 C:\Program Files\Java\jre6\bin\jqs.exe
1024 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1252 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1548 svchost.exe
1664 C:\WINDOWS\system32\svchost.exe
2112 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2188 mcrdsvc.exe
2440 C:\WINDOWS\system32\dllhost.exe
2576 alg.exe
3244 C:\WINDOWS\ehome\ehtray.exe
3360 C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
3412 C:\WINDOWS\arpwrmsg.exe
3572 C:\WINDOWS\ehome\ehmsas.exe
3688 C:\Program Files\iTunes\iTunesHelper.exe
3884 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3976 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4036 C:\Program Files\real\realplayer\Update\realsched.exe
164 C:\PROGRA~1\ScanSoft\PAPERP~1\PPWEBCAP.EXE
2700 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
3036 C:\Program Files\iPod\bin\iPodService.exe
3628 C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
1932 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
2012 C:\hp\KBD\kbd.exe
3732 C:\WINDOWS\system\hpsysdrv.exe
780 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
4508 C:\WINDOWS\system32\wuauclt.exe
5900 C:\Program Files\real\realplayer\realplay.exe
4348 C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
5856 <unknown>
588 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`11f9bc00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4A3BF69CA3259413E25A52D6E01242850E3B0E3 A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

SuperDave · « **Reply #10 on:** March 31, 2012, 05:02:40 PM »

Quote

I have been burning all of my music and data to CD's, figured I'd better get started, just in case...still quite a bit more to burn, so I don't want to do anything that might cause me to lose the functionality I have right now,

Good idea to back up all your important data.When you're finished with that please do the following.

Earlier on ComboFix installed the Recovery Console. We're going to use that now.

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)

When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter

Next type FIXMBR

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please run MBRCheck.exe again and post the log.

diggerjoy · « **Reply #11 on:** April 02, 2012, 05:01:38 AM »

Questions: Should I be doing this on a normal boot, or SafeMode? (Does it matter?)

Does it matter that I have Windows XP Media Center version for Recovery console? (When ComboFix installed the recovery console, it only asked if I was running home edition and I said no--and then what it downloaded it seemed to download a home edition. ) Is there a way to check that I have the right recovery console before we do this, or doesn't it matter?

Is this going to do any kind of destructive recovery, or is it just fixing something from MBR? (I realize with computers there's no guarantee that something won't be destructive, but what are we hoping will happen?)

I know this whole process is trial-and-error, looking for a needle in a haystack, but knowing where we stand at this point helps...

Sorry to be so anxious, but I work from home so I can care for my disabled husband, and this computer is vital to me doing that. This is our only income, so it's a little anxiety-producing...(the organization I work for doesn't provide any support--or anything else for that matter, except a job. Their philosophy is f I can't do it, they'll give it to someone else who can.) I feel like we're getting close--I seem to have full functionality right now (I realize that doesn't mean that there still aren't underlying issues). Just want to make sure I don't mess anything up at this point... Sorry for being an old lady about this at this point...Thanks!

SuperDave · « **Reply #12 on:** April 02, 2012, 12:35:59 PM »

Quote

Should I be doing this on a normal boot, or SafeMode

In Normal mode.

Quote

Is there a way to check that I have the right recovery console before we do this, or doesn't it matter?

You should see the Recovery Console when you boot your computer but it's only there for a few seconds.

Quote

Is there a way to check that I have the right recovery console before we do this, or doesn't it matter?

No, just fixing the MBR.

Quote

Just want to make sure I don't mess anything up at this point... Sorry for being an old lady about this at this point...Thanks!

If the RC is installed, it should just fix the MBR.

diggerjoy · « **Reply #13 on:** April 03, 2012, 05:55:57 AM »

OK, I know you said if it asks if I want to write a new MBR to say yes, but I want to make sure it's OK given the warning message I received. When I put in fixMBR, I got the message that "This computer appears to have a non-standard or invalid Master Boot Record. FixMBR may damage your partition tables if you proceed. This could cause all the partitions on the current hard disk to become inaccessible. If you are not having problems acessing your drive, do not continue. Are you sure you want to write a new MBR?"

Just want to make sure the answer is still yes, even with this warning...don't want to mess up now...Thanks!

SuperDave · « **Reply #14 on:** April 03, 2012, 12:51:47 PM »

Quote

When I put in fixMBR, I got the message that "This computer appears to have a non-standard or invalid Master Boot Record. FixMBR may damage your partition tables if you proceed. This could cause all the partitions on the current hard disk to become inaccessible.

Ok. Let's try this to see if you get the same message.

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot (<--- there is a "space" after "bootrec")

exit

Restart computer.

Computer Hope Forum

News:

Author Topic: "..." not a valid Win32 application, The application or DLL not valid windows im (Read 30199 times)

diggerjoy

"..." not a valid Win32 application, The application or DLL not valid windows im

SuperDave

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

diggerjoy

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

diggerjoy

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

SuperDave

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

diggerjoy

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

SuperDave

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

diggerjoy

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

SuperDave

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

diggerjoy

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

SuperDave

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

diggerjoy

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

SuperDave

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

diggerjoy

Re: "..." not a valid Win32 application, The application or DLL not valid windows im

SuperDave

Re: "..." not a valid Win32 application, The application or DLL not valid windows im